[Snort-sigs] Rule for MSWord GinWin.
jstewart at ...5...
Fri May 26 06:03:02 EDT 2006
On Friday 26 May 2006 08:47, Ureleet Ureleet wrote:
> I do not have a pcap for it. This was a preemptive signature based
> off of the virus info. Please not to write me asking for pcap
> anymore. If I had one, it would be given to the people at VRT.
Here's a (sandnet-collected, so the IPs are not real) pcap of the DNS
request and the initial HTTP post to one of the two hosts.
Joe Stewart, GCIH
Senior Security Researcher
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 311 bytes
Desc: not available
More information about the Snort-sigs