Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

W32.HLLW.Anig / W32.Dfcsvc.worm

The subject worm appeared today on Bugtraq. This appears to be a particularly nasty flavor of worm, complete with keylogging, backdoor, and ICQ functionality. Is there a signature that will pickup this activity? This inquiry is preemptive, I have not seen, nor do I have access to, a packet capture.

Anyone?

1 REPLY
Bronze

Re: W32.HLLW.Anig / W32.Dfcsvc.worm

We will include signatures for this worm in the S69 signature update due out this week. In the interim, Signature 3320 "SMB: ADMIN$ hidden share access attempt" will catch the worm scanning for open shares across the network.

108
Views
0
Helpful
1
Replies
CreatePlease login to create content