SID 1:6307

Report a false positive

Rule Category

MALWARE-BACKDOOR -- Snort has detected suspicious communication traffic unrelated to commands, such as exfiltration of data from the infected machine, especially larger chunks of data.

Alert Message

MALWARE-BACKDOOR lamespy runtime detection - initial connection - set flowbit

Rule Explanation

This rule does not generate an event. It is used in conjunction with other rules to either reduce the possibility of false positives from occurring or to track the state of a connection. Impact: None. Details: This rule does not generate an event. It is used in conjunction with other rules to either reduce the possibility of false positives from occurring or to track the state of a connection. This rule is used by the sid(s) 6308. Ease of Attack: NA

What To Look For

No information provided

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos

Rule Groups

No rule groups

CVE

None

Additional Links

www.spywareguide.com/product_show.php?id=1586
www3.ca.com/securityadvisor/pest/pest.aspx?id=3370

Rule Vulnerability

No information provided

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.

None