[prev in list] [next in list] [prev in thread] [next in thread] 

List:       dragonidsuser
Subject:    [Dragonidsuser] [+] NIDS Signature Update(7.2/7.3): Fri,
From:       Michael Shirk <mshirk () enterasys ! com>
Date:       2010-05-29 2:42:44
Message-ID: 4C007F24.2040408 () enterasys ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

The following NIDS signature updates are available via liveupdate for
Dragon version 7.2/7.3:

NOTE: This update will delete all of the DC: signatures for Dragon 7.3.
The DC: signatures will remain in the LEGACY classification for Dragon
7.2.x installs.

TROJAN:STORMWORM-SMALLDAM
UPDATE-TYPE: Modified Signature
CLASSIFICATION: BETA
DESCRIPTION: This signature detects a generic downloader trojan that has
been associated with Storm Worm. If an unsuspecting user has clicked on
the executable file, the trojan will install itself and begin to send
UDP packets out to a list of peers. This signature will trigger on the
UDP port 4000 traffic originating from within the network.
REFERENCE: URLREF
http://www.f-secure.com/v-descs/small_dam.shtml




- -- 
Michael Shirk
Security Research Engineer
Enterasys Networks, Inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEAREDAAYFAkwAfx4ACgkQXWThkXZdgOdBgwCffU9RvW0itDSrfcOMNqvwlsSh
9tkAoJH4tjzegHPzmEw2t6NIVl0Sn+SH
=LOYd
-----END PGP SIGNATURE-----
_______________________________________________
Dragonidsuser mailing list
Dragonidsuser@enterasys.com

[prev in list] [next in list] [prev in thread] [next in thread]