Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Kamasutra Signature

Is the Kamasutra worm signature available? If it is not available yet... is ther any workaround to detect and prevent the worm?

Regards

3 REPLIES
New Member

Re: Kamasutra Signature

Correct me if I am wrong however this looks to be another alias for the blackworm. There was a custom signature provided under the blackworm thread:

In the meantime you can use the following custom signature to catch WORM_GREW.A also known as W32.Blackmal.E@mm, W32/Kapser.A@mm, W32/MyWife, Win32/Blackmal.F:

Engine: String.TCP

Service Port: 25

Regex String :

\x6d\x41\x70\x4d\x6a\x74\x64\x4e\x45\x51\x78\x4a\x7a\x49\x6a\x53\x79\x46\x49\x4f\x44\x30\x4e\x43\x6b\x31\x4b\x57\x6c\x51\x70\x4e

New Member

Re: Kamasutra Signature

I'm new to creating rules. Can you give me the steps needed to create this rule using the IDM Gui interface to a 4255 running 5.0? Things like what engine to use and where to put the Regex string.

Cisco Employee

Re: Kamasutra Signature

Go to

Configuration | Signature Definition | Signature Configuration

Click on the "Add" button.

-> New popup with the signature parameters

Select String TCP as an engine

->New parameters appear

Configure "Regex String" and "Service Ports" as mentionned previously.

Click "OK"

Click "APPLY"

164
Views
0
Helpful
3
Replies
CreatePlease to create content