NEW
"SRI Release a Complete Reverse Engineering of the Conficker C P2P Service."
September 2009.
Our Latest Threat Intelligence
The data on this website is supplied as is, without warranty of any kind. You may NOT redistribute this data. Use or reliance on this data is at your own risk. (If you REALLY REALLY must redistribute our stuff or get access to the live backend data, binaries, and traces, then click HERE.)
check
Most Effective Malware-Related Snort Signatures
Fri Nov 20 08:49:53 2009
detects = 30-day signature detection rates based on exposure to 4129 malware infections
| detects | sidrev | author | phase | description |
|---|---|---|---|---|
| 57% | 299913:1 | snort | inbound exploit | shellcode x86 0x90 unicode noop |
| 42% | 5001684:99 | bothunter | egg download | bothunter malware windows executable (p... |
| 42% | 2001683:3 | emerging threats | egg download | bleeding-edge malware windows executabl... |
| 37% | 52123:3 | snort | outbound scan | registered free attack-responses micros... |
| 30% | 3001441:1 | snort | egg download | tftp get .exe from external source |
| 30% | 1444:3 | snort | egg download | tftp get from external source |
| 30% | 2008120:1 | emerging threats | egg download | policy outbound tftp read request |
| 28% | 22466:7 | snort | inbound exploit | netbios smb-ds ipc$ unicode share access |
| 19% | 292000032:99 | bothunter | inbound exploit | bothunter exploit lsa exploit |
| 18% | 22000032:6 | emerging threats | inbound exploit | bleeding-edge exploit lsa exploit |