×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Subject : "Flame" (worm, trojan, toolkit) activity

Unanswered Question
May 31st, 2012
User Badges:
  • Cisco Employee,

The Cisco IPS Signature Team is currently researching this threat and will update the forum in the next 24 hours with signature availability.


Additional details of this threat can be found in the following alerts:

http://tools.cisco.com/security/center/viewAlert.x?alertId=26018

http://tools.cisco.com/security/center/viewAlert.x?alertId=26017

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
pradnaga Fri, 06/01/2012 - 10:27
User Badges:
  • Cisco Employee,

We are officially releasing the Flame signature in Tuesday’s ( June 5th ) release.  We are doing further fidelity tests over the weekend, but if you wish to apply this signature early, here is the signature as a custom.


service-http

header-regex  [uU][Ss][Ee][Rr][-][aA][Gg][Ee][Nn][Tt][:]\x20Mozilla\x2f4[.]0\x20[(]compatible[;]\x20MSIE\x206[.]0[;]\x20Windows\x20NT\x205[.]1[;]\x20[.]NET\x20CLR\x201[.]1[.]2150[)]

service-ports #WEBPORTS

Actions

This Discussion