[Dshield] Mydoom, Navarg, Sco what ever

Doug White doug at clickdoug.com
Wed Jan 28 13:12:21 GMT 2004


*******************start file********************

alert tcp any any -> any 80 (msg:"W32_Novarg_SCO_DOS"; content:"GET /
HTTP/1.1|0d0a|Host: www.sco.com|0d0a0d0a|"; offset:0; dsize:37;)

*************EOF*********************


======================================
Stop spam on your domain, Anti-spam solutions
http://www.clickdoug.com/mailfilter.cfm
For hosting solutions http://www.clickdoug.com
======================================
Aspire to Inspire before you Retire or Expire!


----- Original Message ----- 
From: "jayjwa" <jayjwa at atr2.ath.cx>
To: "General DShield Discussion List" <list at dshield.org>
Sent: Wednesday, January 28, 2004 12:53 AM
Subject: RE: [Dshield] Mydoom, Navarg, Sco what ever


:
:
: On Tue, 27 Jan 2004, Bruyere, Michel wrote:
:
: > >BTW: I have it running in a honeypot, and I don't see the SCO.com attack
: > >so far. Has anybody on the list here seen this?
:
: > I've read somewhere that the DDOS will start on feb 1st only.
:
: First thru the 12th, then the virus does nothing. I don't thinks it's
: going to be as big as it could have, most places have removal tools up,
: and it's not a very hard virus to kill even manually.
:
: -- 
:
:
: [jayjwa]RLF#37
:
:
:
: _______________________________________________
: list mailing list
: list at dshield.org
: To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
:
:




More information about the list mailing list