[Snort-sigs] Sdbot and Spybot Worm sigs?

Keith W. McCammon mccammon at ...2420...
Wed Jul 28 09:27:10 EDT 2004


Snort does not actively support virus and/or spyware rules.  However,
if you check the archives, you'll see that the folks at
bleedingsnort.com do maintain some malware and other such rules, and
that these are undergoing heavy revision and updating as of late.

Have a look...

On Tue, 27 Jul 2004 15:28:24 -0400, Raj Wurttemberg <rajw at ...2042...> wrote:
> 
> If I am correct Snort is able to detect these Microsoft Windows
> vulnerabilities:
> 
> DCOM RPC vulnerability
> -http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx
> 
> WEBDAV vulnerability -
> http://www.microsoft.com/technet/security/bulletin/MS03-007.mspx
> 
> LSASS vulnerability -
> http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
> 
> I have the Spybot and Sdbot worms floating around on a couple of users PC's
> and I would like to be able to track it quickly and get the users PC's
> patched. I do not see any Snort alerts but I know the worm is out there. Do
> I have to reconfigure my snort.conf file (Snort 2.1.3 on Linux) to listen
> for the above vulnerabilities?
> 
> Thanks,
> /*Raj*/
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by BEA Weblogic Workshop
> FREE Java Enterprise J2EE developer tools!
> Get your free copy of BEA WebLogic Workshop 8.1 today.
> http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>




More information about the Snort-sigs mailing list