Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
232
Views
0
Helpful
1
Replies

W32.HLLW.Anig / W32.Dfcsvc.worm

dblairii
Level 1
Level 1

‎01-30-2004 01:18 PM - edited ‎03-09-2019 06:16 AM

The subject worm appeared today on Bugtraq. This appears to be a particularly nasty flavor of worm, complete with keylogging, backdoor, and ICQ functionality. Is there a signature that will pickup this activity? This inquiry is preemptive, I have not seen, nor do I have access to, a packet capture.

Anyone?

Labels:
0 Helpful
1 Reply 1

mcerha
Level 3
Level 3

‎02-04-2004 09:02 AM

We will include signatures for this worm in the S69 signature update due out this week. In the interim, Signature 3320 "SMB: ADMIN$ hidden share access attempt" will catch the worm scanning for open shares across the network.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents