[Snort-sigs] Anyone having Netsky.b Signatures??
nick at ...2287...
Fri Feb 27 11:55:13 EST 2004
Here is the rule we're using, it appears to be working well. It only
detects the Base64 encoded payload, so it's not comprehensive; however,
it's a start.
alert tcp any any -> any 25 (msg:"Virus - Netsky.b - Outgoing Mail";
content:"QDHSEVMT9POPT7DTBNcs"; sid:1008000; rev:2;)
Chintan Gosalia wrote:
> Does anyone have netsky.b signature or payload for it??
> Any help is appreciated.
More information about the Snort-sigs