Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Bronze

Novarg / Mydoom Virus

Signature update S67 is available on CCO. S67 provides coverage for the Novarg / Mydoom virus.

6 REPLIES
New Member

Re: Novarg / Mydoom Virus

Site says both S67 files are not available. When will they be?

New Member

Re: Novarg / Mydoom Virus

I found it up there, thanks!

New Member

Re: Novarg / Mydoom Virus

The worm was also programmed to flood the website of the SCO Group Inc, beginning on February 1 with requests in an attempt to crash its.

Can you help me create a custom signature to monitor connections from devices to port tcp_80 attempting to dos www.sco.*

New Member

Re: Novarg / Mydoom Virus

I got the IP address from a host on SCO.com, you can add more as you determine other IP addresses.

Try this (4.1 only):

Engine ATOMIC.TCP

DstPort 80

DstIpAddr 216.250.128.12

DstIpMask 255.255.255.255

TcpFlags =SYN

Mask =SYN

SummaryKey Axxx

New Member

Re: Novarg / Mydoom Virus

I know that i am pushing the edge here, but does any one have one for version 3.1

Bronze

Re: Novarg / Mydoom Virus

Yes, you can use the same signature minus the IP and Mask parameters. Then, create signature filters for the IP address in question.

107
Views
6
Helpful
6
Replies
CreatePlease to create content