I would like to catch new virus traffic on Cisco IDS infrastructure (Swisyn.v & sality)

Unanswered Question
Jul 21st, 2010
User Badges:


Does Cisco published any signature for new virus atatcks Swisyn.v & sality. We wanted to catch this virus traffic in our network on IDS. Anybody knows whether cisco can support this new attacks. I appreciate if anybody could let me know how it can be captured on IDS if there is no signature available from Cisco. Fast response would be highly appreciated. Thanks



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Scott Fringer Wed, 07/21/2010 - 04:48
User Badges:
  • Cisco Employee,

There are two good places to keep up with potential signatures for specific threats:

Cisco's IntelliShield site:


  This site provides insight into active security threats as well as research regarding IPS signatures.

Cisco's IPS Threat Defense Bulletin:

http://www.cisco.com/offer/newsletter/123668_4/ [subscription link]

  This email bulletin is released with each new signature update and includes the changes present in the signature update, as well as news regarding updates to IPS software.

  At this time, I am not aware of a signature to detect either Swisyn.v or sality.


lekchandmantri Wed, 07/21/2010 - 05:01
User Badges:

Hi Scott,

Thanks for your reply. I have registered for Cisco IPS Threat Defense Bulletin and our IDs & CS-MARS we ensure and maintain our infrastructure updated at all the times.

I just wanted to know if there is no signature available, how we can catch this malicious atatcks or new virus atatcks in our network? Thanks in advance for your earliest response.



Scott Fringer Wed, 07/21/2010 - 05:18
User Badges:
  • Cisco Employee,


If there is a specific fingerprint for the traffic generated by either

exploit, you could create a custom signature to provide detection. You

can find out more on defining signatures here:


As well as using the signature wizard here:




This Discussion

Related Content