Snort.org Posts BlackWorm Packet Captures

The folks at Sourcefire have done the analyst community a great service by posting traffic captures of CME-24, aka "BlackWorm". Kudos also to the Common Malware Enumeration project for providing an easy way to reference malware! Once OpenPacket.org gets going, I hope to host these sorts of captures there.

Update: Check out this Sourcefire VRT analysis.

Comments

Anonymous said…
I'm confused with her analysis. She says that it's the same as a 2004 virus/worm called MyWife.

Does she mean that this vulnerability (from 2004) isn't patched? I'd be suprised. Why wasn't that commented on further?

I do agree with her about this not being as big of an issue as some have made out.

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics