[Snort-users] [Snort-sigs] anyone have a good Swen sig

Brian A Kee bkee at ...5...
Mon Nov 3 14:22:11 EST 2003


This was poseted a few posts before yours:

alert tcp $EXTERNAL_NET any -> any any (msg:"W32.Swen at ...110... - 
SMB";content:"|59 59 85 C0 74 09 6A 01 58 83 4D FC FF EB 15 FF 85 E0 
FE FF FF EB C7 6A 01 58 C3 8B 65 E8 83 4D|"; classtype:misc-
activity;rev:1;)

alert tcp $EXTERNAL_NET any -> any any (msg:"W32.Swen at ...110... - 
MIME";content:"QABohKNAAGShAAAAAFBkiSUAAAAAgewUAQAAU1ZXiWXoM/+JffyJvdz
+//+LdQhW6NORAABZhcB0"; classtype:misc-activity;rev:1;)

For more info, check the archives.

BAK


On Friday 31 October 2003 12:05 pm, Philip Davidson wrote:
> Hey all,
>
> Do any of you have a good working SWEN signature?
> I can't seem to get any of mine to work.
>
> All signatures welcomed.





More information about the Snort-sigs mailing list