[Snort-users] New virus zotob signature

Jason Brvenik jasonb at ...1935...
Mon Aug 15 17:32:58 EDT 2005

the bleeding rules are ok if you only want to detect this issue. If you actually want to detect real exploit attempts for the vulnerability you should have the VRT rules from snort.org

-- From the road

-----Original Message-----

From:  Banshee <banshee6670 at ...1877...>
Subj:  Re: [Snort-users] New virus zotob signature
Date:  Mon Aug 15, 2005 8:08 pm
Size:  783 bytes
To:  snort-users at lists.sourceforge.net


> Hi all, Does anobody has the signature for the new virus zotob that
> exploits MS05-039?


SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list