Snort.org Posts BlackWorm Packet Captures

The folks at Sourcefire have done the analyst community a great service by posting traffic captures of CME-24, aka "BlackWorm". Kudos also to the Common Malware Enumeration project for providing an easy way to reference malware! Once OpenPacket.org gets going, I hope to host these sorts of captures there.

Update: Check out this Sourcefire VRT analysis.

Comments

Anonymous said…
I'm confused with her analysis. She says that it's the same as a 2004 virus/worm called MyWife.

Does she mean that this vulnerability (from 2004) isn't patched? I'd be suprised. Why wasn't that commented on further?

I do agree with her about this not being as big of an issue as some have made out.

Popular posts from this blog

Five Reasons I Want China Running Its Own Software

Cybersecurity Domains Mind Map

A Brief History of the Internet in Northern Virginia