Jump to content


Snort Signatures for Malware

  • Please log in to reply
1 reply to this topic

#1 jonkman



  • New Member
  • Pip
  • 1 posts

Posted 21 June 2004 - 06:38 PM

I'm looking for a good source of information on the network traffic of the spyware that's being so dilligently discovered here.

I help maintain http://www.bleedingsnort.com. We're trying to expand the set of malware signatures we have for snort IDS.

I've got a few out there, Gator, 2020Search, etc. What we need to expand this is some knowledge of what the software does across the network. They're usually easy to detect if we can write a rule for it.

We'll write the rules. What we need is information, and ideally packet dumps, of identified spyware and malware.

Is this the right place for it? I certainly hope so.


#2 Guest_PH_*

  • Guests

Posted 13 July 2004 - 07:33 PM

If you can write rules to detect the spyware why can't you get a PC, surf the web using some google searches for an hour, have spyware planted on that PC and then analyze it for signatures yourself?
I don't have the skills you have, however it appears to me that if you can write the signature files then you should be able to collect a ton of this stuff for analysis without anyone here giving you packet dumps etc.
I think you have a valid question here and I dont mean any disrespect for the request, it is very valid! You have the skills to start a collection of your own, and all it takes is a pc and an internet connection, the spyware will come to you!


Member of UNITE
Support SpywareInfo Forum - click the button