[Snort-sigs] Wrm.exe, Backdoor.Wollf.16 (AVP)

Fenstermaker, William bill at ...1630...
Tue Jun 24 08:57:10 EDT 2003

The backdoor program referenced in the subject goes by many names, some
of which are:

Clip (begin) from
LF.16 --
"BackDoor.Wolf.16, BackDoor.Wollf, Backdoor:Win32/Wollf.1_6,
Backdoor.Wollf.D, BackDoor-ABM, Win32/Wollf.16.Trojan, Win32.Wollf.16" 
Clip (end) --

Has anyone seen a signature to detect either: A.) common attack vectors
to deploy the backdoor on a system, or B.) initiated connections to and
from the telnet server application?


** Confidentiality Notice: 
This message is intended for the use of the individual or entity to
which it is addressed, and may contain information that is privileged,
confidential and exempt from disclosure under applicable law. **

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20030624/eb735a54/attachment.html>

More information about the Snort-sigs mailing list