[Snort-sigs] Anyone having Netsky.b Signatures??

Nick Hatch nick at ...2287...
Fri Feb 27 11:55:13 EST 2004

Here is the rule we're using, it appears to be working well. It only 
detects the Base64 encoded payload, so it's not comprehensive; however, 
it's a start.

alert tcp any any -> any 25 (msg:"Virus - Netsky.b - Outgoing Mail"; 
content:"QDHSEVMT9POPT7DTBNcs"; sid:1008000; rev:2;)


Chintan Gosalia wrote:

> Hi,
> Does anyone have netsky.b signature or payload for it??
> Any help is appreciated.

More information about the Snort-sigs mailing list