Forums: Snort Signatures For Rxbot / Rbot.gl - Forums

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Snort Signatures For Rxbot / Rbot.gl Snort Sig

#1 User is offline   easternerd 

  • Sergeant
  • Icon
  • Group: Members
  • Posts: 226
  • Joined: 23-December 03

Posted 23 August 2004 - 04:06 AM

Snort signatures for rxbot / rbot.gl

For those interested here are a couple of Snort signatures for the aforementioned rxbot / rbto.gl variant. 

alert tcp $HOME_NET any -> any any (msg:"RXBOT / RBOT Exploit Report";
content:"|5D 3A 20|Exploiting|20|IP|3A 20|"; nocase; classtype:
trojan-activity; reference:url,www.nitroguard.com/rxbot.html;
reference:url,www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_
RBOT.GL; sid:1003620; rev: 1;)


alert tcp any any -> $HOME_NET any (msg:"RXBOT / RBOT Vulnerability Scan";
content:"|2E|advscan|20|"; nocase; classtype: trojan-activity;
reference:url,www.nitroguard.com/rxbot.html;
reference:url,www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_
RBOT.GL;reference:url,www.muzzleflash.org/readarticle.php?article_id=5#scanning;
sid:1003621; rev: 1

0
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users

  • Share



Our Sponsors:


SwiftLayer Affiliate Web Hosting