[Snort-sigs] Anyone having Netsky.b Signatures??

Nick Hatch nick at ...2287...
Fri Feb 27 11:55:13 EST 2004


Here is the rule we're using, it appears to be working well. It only 
detects the Base64 encoded payload, so it's not comprehensive; however, 
it's a start.

alert tcp any any -> any 25 (msg:"Virus - Netsky.b - Outgoing Mail"; 
content:"QDHSEVMT9POPT7DTBNcs"; sid:1008000; rev:2;)

-Nick

Chintan Gosalia wrote:

> Hi,
>  
> Does anyone have netsky.b signature or payload for it??
>  
> Any help is appreciated.





More information about the Snort-sigs mailing list