[Dshield] LoveSan worm - I need a copy of it.

Bruyere, Michel mbruyere at ezemcanada.com
Thu Aug 14 12:51:13 GMT 2003


Hi John, 
		I'm member of the snort list too, i saw some posts talking
about the existing RPC DCOM rule that sould work to detect the worm. If you
prefer to get latest sigs, then you can get them on
http://www.algonet.se/~nitzer/oinkmaster/



My 0.02$

M.Bruyere

> -----Original Message-----
> From: John D. [mailto:lists at webcrunchers.com]
> Sent: mercredi 13 août 2003 16:24
> To: list at dshield.org
> Subject: [Dshield] LoveSan worm - I need a copy of it.
> 
> Hi,
> 
> Do you know where I can find a copy of the LoveSan virus (worm) in
binary.?
> I've been asked to analyse it,  so I can write a snort rule for it.
> 
> does it use UDP or TCPIP....  and where can I find info on it,  or results
> of
> earlier analysis of it.
> 
> I'm also looing for a good intel dis-assembler,  one written in C and can
> run on UNIX machines or Mac OS-9, or OS-10.
> 
> I hear they exist,  but initial web searches haven't come up with anything
> yet.
> Figured I would ask here first,  before spending a long time on a
fruitless
> search.
> 
> if someone already wrote a snort rule for it,  I would really like to get
> it installed in our IDS system as soon as possible for some of our
> customers.
> 
> I've already checked the Snort web site,  nothing was there,  unless they
> added it to their library and didn't mention it.
> 
> John
> 
> 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list