Re: New virus zotob signature

["Jason Brvenik" <jasonb () sourcefire com>]

the bleeding rules are ok if you only want to detect this issue. If you actually want to detect real exploit attempts 
for the vulnerability you should have the VRT rules from snort.org

-- From the road

-----Original Message-----

From:  Banshee <banshee6670 () tin it>
Subj:  Re: [Snort-users] New virus zotob signature
Date:  Mon Aug 15, 2005 8:08 pm
Size:  783 bytes
To:  snort-users () lists sourceforge net

Hi

> Hi all, Does anobody has the signature for the new virus zotob that
> exploits MS05-039?


http://www.bleedingsnort.com/







-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users