[Snort-sigs] Sdbot and Spybot Worm sigs?

Raj Wurttemberg rajw at ...2042...
Tue Jul 27 12:28:06 EDT 2004

If I am correct Snort is able to detect these Microsoft Windows

DCOM RPC vulnerability

WEBDAV vulnerability -

LSASS vulnerability -

I have the Spybot and Sdbot worms floating around on a couple of users PC's
and I would like to be able to track it quickly and get the users PC's
patched. I do not see any Snort alerts but I know the worm is out there. Do
I have to reconfigure my snort.conf file (Snort 2.1.3 on Linux) to listen
for the above vulnerabilities?


More information about the Snort-sigs mailing list