Yeah I am assuming your spoofed. One of the things the virus does is use the email addressed stored on the computer so it porbably just used your email address at another computer and sent an email back to you. And the snort rules are designed only to see incoming traffic on port 25 if you copied them directly so its not like your sending anything out.Originally posted here by Tanker135
To: S3cur|ty4ng31
I've created a rules files with your posting and am taking hits from outside my firewall. It would appear that some novarg virus traffic is originating from our mail server, however my mail administrator claims it could not happen, as he's installed Norton's protection software. He does claim that Norton automatically responds to senders of novarg that the're infected. Could the automatic response be the cause of the hits I'm seeing coming from the inside of my network?
Thanks!
Oh I didnt get much feedback at all on my rules so I am just curious if anything got past them. I havent gotten much of the mutated versions but so far its detected every Novarg and every variation. I would like to no if any got by you and if they did could you possibly email me what did.
Reply With Quote