Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
809
Views
0
Helpful
3
Replies

Kamasutra Signature

facundog
Level 1
Level 1

‎01-31-2006 12:34 PM - edited ‎03-10-2019 01:52 AM

Is the Kamasutra worm signature available? If it is not available yet... is ther any workaround to detect and prevent the worm?

Regards

Labels:
0 Helpful
3 Replies 3

jlimbo
Level 1
Level 1

‎01-31-2006 06:39 PM

Correct me if I am wrong however this looks to be another alias for the blackworm. There was a custom signature provided under the blackworm thread:

In the meantime you can use the following custom signature to catch WORM_GREW.A also known as W32.Blackmal.E@mm, W32/Kapser.A@mm, W32/MyWife, Win32/Blackmal.F:

Engine: String.TCP

Service Port: 25

Regex String :

\x6d\x41\x70\x4d\x6a\x74\x64\x4e\x45\x51\x78\x4a\x7a\x49\x6a\x53\x79\x46\x49\x4f\x44\x30\x4e\x43\x6b\x31\x4b\x57\x6c\x51\x70\x4e

0 Helpful

jarhead354
Level 1
Level 1
In response to jlimbo

‎02-01-2006 10:15 AM

I'm new to creating rules. Can you give me the steps needed to create this rule using the IDM Gui interface to a 4255 running 5.0? Things like what engine to use and where to put the Regex string.

0 Helpful

jdal
Cisco Employee
Cisco Employee
In response to jarhead354

‎02-02-2006 04:25 AM

Go to

Configuration | Signature Definition | Signature Configuration

Click on the "Add" button.

-> New popup with the signature parameters

Select String TCP as an engine

->New parameters appear

Configure "Regex String" and "Service Ports" as mentionned previously.

Click "OK"

Click "APPLY"

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card