RES: [Snort-sigs] W32.Bugbear.B at ...110... Signature

Rodrigo Ramos ramos at ...442...
Fri Jun 6 13:30:11 EDT 2003


Hey Guys,

Does anyone have a signature for POP or SMTP?

Best Regards,
Rodrigo Ramos


-----Mensagem original-----
De: snort-sigs-admin at lists.sourceforge.net
[mailto:snort-sigs-admin at lists.sourceforge.net] Em nome de Tinsley Paul
Enviada em: sexta-feira, 6 de junho de 2003 09:59
Para: 'snort-sigs at lists.sourceforge.net'
Assunto: [Snort-sigs] W32.Bugbear.B at ...110... Signature

Bugbear seems to be a mean one, I ran across this signature on
Symantec's
site.  Figured I would pass this along incase anybody needed it.

alert tcp any any -> any 139 (msg:"BugBear B Network Worm Propagation";
content:"|0B010600002001000010000000E006002001080000F0060000100800000040
0000
100000000200000400000000000000040000000000000000200800001000000000000002
0000
000000100000100000000010000010000000000000100000000000000000000000001008
0064
010000000000000000000000000000000000000000000000000000641108000C|";
content:"|555058300000000000E0060000100000|"; classtype:misc-activity;
sid:900019; rev:1;)

Thanks,
Paul Tinsley
Senior Security Engineer
Security Assurance
2555 Park Plaza, DC-3N
Nashville, TN 37075
Office: (615) 344-6403
Pager: (615) 960-7766 or paul.tinsley at ...1250...
Cell:    (615) 973-5353
mailto:paul.tinsley at ...1515...



-------------------------------------------------------
This SF.net email is sponsored by:  Etnus, makers of TotalView, The best
thread debugger on the planet. Designed with thread debugging features
you've never dreamed of, try TotalView 6 free at www.etnus.com.
_______________________________________________
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs





More information about the Snort-sigs mailing list