cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
437
Views
6
Helpful
6
Replies

Novarg / Mydoom Virus

mcerha
Level 3
Level 3

Signature update S67 is available on CCO. S67 provides coverage for the Novarg / Mydoom virus.

6 Replies 6

bbenton
Level 1
Level 1

Site says both S67 files are not available. When will they be?

t.harness
Level 1
Level 1

I found it up there, thanks!

darin.marais
Level 4
Level 4

The worm was also programmed to flood the website of the SCO Group Inc, beginning on February 1 with requests in an attempt to crash its.

Can you help me create a custom signature to monitor connections from devices to port tcp_80 attempting to dos www.sco.*

I got the IP address from a host on SCO.com, you can add more as you determine other IP addresses.

Try this (4.1 only):

Engine ATOMIC.TCP

DstPort 80

DstIpAddr 216.250.128.12

DstIpMask 255.255.255.255

TcpFlags =SYN

Mask =SYN

SummaryKey Axxx

I know that i am pushing the edge here, but does any one have one for version 3.1

Yes, you can use the same signature minus the IP and Mask parameters. Then, create signature filters for the IP address in question.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: