[Dshield] LoveSan worm - I need a copy of it.
mbruyere at ezemcanada.com
Thu Aug 14 12:51:13 GMT 2003
I'm member of the snort list too, i saw some posts talking
about the existing RPC DCOM rule that sould work to detect the worm. If you
prefer to get latest sigs, then you can get them on
> -----Original Message-----
> From: John D. [mailto:lists at webcrunchers.com]
> Sent: mercredi 13 août 2003 16:24
> To: list at dshield.org
> Subject: [Dshield] LoveSan worm - I need a copy of it.
> Do you know where I can find a copy of the LoveSan virus (worm) in
> I've been asked to analyse it, so I can write a snort rule for it.
> does it use UDP or TCPIP.... and where can I find info on it, or results
> earlier analysis of it.
> I'm also looing for a good intel dis-assembler, one written in C and can
> run on UNIX machines or Mac OS-9, or OS-10.
> I hear they exist, but initial web searches haven't come up with anything
> Figured I would ask here first, before spending a long time on a
> if someone already wrote a snort rule for it, I would really like to get
> it installed in our IDS system as soon as possible for some of our
> I've already checked the Snort web site, nothing was there, unless they
> added it to their library and didn't mention it.
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
More information about the list