[Snort-users] winhe800 trjoan
saintcrusty at ...11827...
Fri Aug 19 06:40:20 EDT 2011
I've just come across a machine which has been repeatedly infected with a
more or less recent Trojan recognisable by the winhe800.exe filename.
Little information exists and is not 100% consistent. Evidence was deleted
by over zealous admin so i cannot simply try and build a custom rule for
Anyone out there having a resource or rule available for usage ? I've found
reference to dropper but no usefull sig in the ruleset(s). Also no usefull
result in threatexpert, virustotal or others.
No specific rule for winhe800.exe etc.
( only works from webcache )
- - -
Security Engineer - Tags: Analyst Systems Security Linux Firewall Network
Web Troubleshooting - If you think I deserve a rant, write me off-list
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users