|
Valentines Storm Worm Signature |
|
|
|
|
Written by Matt Jonkman
|
|
Tuesday, 12 February 2008 |
|
In keeping with recent tradition we've got a new signature out for the recent wave of Storm crud. It's simple, but the feedback from the New Years and subsequent signatures has been very positive. Note: Storm doesn't exploit any particular vulnerability to spread. (Unless you consider clicking users a true vulnerability). This signature just detects an HTTP request for /valentine.exe, of which the current wave is taking form. http://doc.emergingthreats.net/bin/view/Main/2007835 We'll drop this in a week or two, likely to be replaced by Easter stuff. My official prediction: /happyeaster.exe... Matt
|
