ContributorNewbieNetwork Analysis Enthusiast
Is there any Mydoom virus in your network? Use this filter to capture them
This is an advanced Capsa capture filter to capture only the traffic of the notorious and aged Mydoom virus. By using this filter, all packets matching the filter's conditions will be displayed and you know there is Mydoom virus movements in your network.
Now download the filter and follow the instructions below to load and apply the filter.
Download Mydoom worm virus filter: mydoom-filter.zip
How to use this filter?
- Download the filter file and decompress it
- Run Capsa (if it's not installed, get one free)
- On the Start Page, click Set Capture Filter link on the upper right corner
- Click Import... icon down below the open Filter window
- Select the filter file and click Open
- Click No when see "Do you want to empty the existed packet filter in current list?"
- Then check the Accept checkbox back on the Filter window
- Click OK
- Click Start button to start a capture
What is Mydoom worm?
Defination from Wikipedia: Mydoom, also known as W32.MyDoom@mm, Novarg, Mimail.R and Shimgapi, is a computer worm affecting Microsoft Windows. It was first sighted on 26 January 2004. It became the fastest-spreading e-mail worm ever (as of January 2004), exceeding previous records set by the Sobig worm.
Tags for this Thread