[Snort-sigs] Request assistance regarding VRT sig 1:27962 (MALWARE-CNC Win.Trojan.Storm botnet connection reset)

Joel Esler jesler at ...435...
Mon Oct 7 07:14:18 EDT 2013

Actually, no. This rule came out of our sandbox running binaries. 

Sent from my iPhone

> On Oct 6, 2013, at 11:41 PM, Jeff Kell <jeff-kell at ...922...> wrote:
>> On 10/6/2013 11:37 PM, Joel Esler wrote:
>> On Oct 4, 2013, at 11:37 PM, nicenate at ...3844... wrote:
>> In the case of this rule we just have not seen any current discussion for this rule.  We are asking here if anyone knows more about why this rule has been placed back into the VRT snort rule set.
>> Thank you for asking. This wasn't "placed back" into the ruleset, it seems as if we didn't cover this particular piece of the traffic to begin with, so while the references are from 2008, it's still a relevant rule.
> Got to cover those test suites :)  Useless otherwise, but makes the test
> suite results look better :)
> Jeff

More information about the Snort-sigs mailing list