[Snort-sigs] Maleware Keenvalue

Matthew Jonkman matt at ...2436...
Wed Jul 7 13:41:21 EDT 2004


I've moved this rule from the stable set to the submitted (broken) cvs 
que. It's not specific enough.

Someone has pointed out that there is a woodworking company with that 
name, this hits all over on their website. :)

I added a reference to the rule he provided which leads me to believe 
that the rule needs to be much more specific. It's in the submitted cvs 
area if you'd like to take a crack at extending it.

alert tcp any any -> any any (msg:"BLEEDING-EDGE Malware Keenvalue"; 
reference:url,securityresponse.symantec.com/avcenter/venc/data/adware.keenval.html; 
  content:"Keenvalue";nocase;sid:2000021; rev:2; )

Thanks

Matt





More information about the Snort-sigs mailing list