There was a pretty good write up in todays handlers diary about Mpack. Has anyone written good Snort sigs for this exploit? So far we've put one in to flag any downloads of o7.php, any other successful sigs? http://isc.sans.org/diary.html http://blogs.pandasoftware.com/blogs/images/PandaLabs/2007/05/11/MPack.pdf