Snort - the de facto standard for intrusion detection/prevention
Lurene Grenier from our VRT team at Sourcefire does a great job of flushing this "Blackworm" Nymex virus thing down the toilet. Apparently this is the same worm that was released two years ago, and it still just as lame.
In case you haven't heard what I am talking about, all, I am talking about this worm right here (Click)
It's all over the news: Information Week Article and the analysis is running rampant.
I get an IM from my Director of Vulnerability Research, asking me if I can get a copy of the virus. To which, a 1/2 hour later I had a copy and emailed to him. Afterwards, he was working hard. Here is a VRT analysis.
Finally all the pcaps for the virus: Pcaps.
Enjoy.
Subscribe to:
Post Comments (Atom)
-
Without going off the deep-end here and discussing every single Snort rule keyword, I just wanted to touch on a few modifiers that people so... -
Let me start off by saying I'm not bashing the writer of this article, and I'm trying not to be super critical. I don't want to...
-
In my constant state of trying to make things a bit more efficient for myself. (I'm a big believer in automation, ask anyone that has e...
No comments:
Post a Comment