Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Cisco Employee

Subject : "Flame" (worm, trojan, toolkit) activity

The Cisco IPS Signature Team is currently researching this threat and will update the forum in the next 24 hours with signature availability.

Additional details of this threat can be found in the following alerts:

http://tools.cisco.com/security/center/viewAlert.x?alertId=26018

http://tools.cisco.com/security/center/viewAlert.x?alertId=26017

1 REPLY
Cisco Employee

Subject : "Flame" (worm, trojan, toolkit) activity

We are officially releasing the Flame signature in Tuesday’s ( June 5th ) release.  We are doing further fidelity tests over the weekend, but if you wish to apply this signature early, here is the signature as a custom.

service-http

header-regex  [uU][Ss][Ee][Rr][-][aA][Gg][Ee][Nn][Tt][:]\x20Mozilla\x2f4[.]0\x20[(]compatible[;]\x20MSIE\x206[.]0[;]\x20Windows\x20NT\x205[.]1[;]\x20[.]NET\x20CLR\x201[.]1[.]2150[)]

service-ports #WEBPORTS

573
Views
0
Helpful
1
Replies
CreatePlease to create content