[Snort-sigs] W32.Beagle.J Worm Signature?

Jason Haar Jason.Haar at ...651...
Wed Mar 3 16:28:05 EST 2004

On Thu, 2004-03-04 at 10:32, Hugo van der Kooij wrote:
> Unfortunatly I have not seen enough examples to attempt any pattern
> recognition.

...and if you could, then so could *all* the AV players... You will not
be able to match on this sort of one. And I think the next batch will be
even harder to detect.

This nasty piece of work has been predicted for some time. I always
thought it was just an intellectual exercise as "what user would be
stupid enough to open password protected zip file *and* run the contents
*from a complete stranger*?". At the very least I thought sheer laziness
would have stopped this "social engineering" virus from propagating...

Live and learn I suppose...


Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

More information about the Snort-sigs mailing list