MyDoom.F deleting work and pr0n – Using Snort to "protect" one's pr0n

Martin McKeay’s Network Security Blog: MyDoom.F

“Oh no! The virus ate all my pr0n! And my my work files too.” Here are a couple of links to the antivirus sites, and the signature I’m using in Snort. By the way, this signature came from the Snort-signatures mail list, but I already deleted the email, so I can’t give proper credit to the author.

Virus Analysis:
Trend Micro
McAffee Antivirus
Symantec Antivirus

Snort MyDoom.F Signature
alert tcp any any -> any any (msg:”Virus – MyDoom.F Worm”;content:”gICAgICAgICAgICAgICAgICAg”;content:”|57 69 6E 64 6F 77 73 2D 31 32 35 32|”;classtype:misc-attack; rev:1;)

I know I probably misused the word “protect” in the title in reference to Snort — please forgive me.


Comments are closed.