Cluster details: [WORM] part of MS RPC DCOM Blaster (135/TCP, CVE-2003-0352, MS03-026)

Name:	[WORM] part of MS RPC DCOM Blaster (135/TCP, CVE-2003-0352, MS03-026)
Date:	2011-12-11 20:30:29
Classification Level:	Attack
Core:	[WORM] part of MS RPC DCOM Blaster (135/TCP, CVE-2003-0352, MS03-026)
Ports:	135/TCP
Unique Sip:	13
Signature size:	584
Super signature:
alert tcp $EXTERNAL_NET any -> $HOME_NET 135 (msg:"[WORM] part of MS RPC DCOM Blaster (135/TCP, CVE-\ 2003-0352, MS03-026)"; flow:to_server,established; content:"|90 90 90 90 90 90 90 90 90 90 90 90 90 \ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 9\ 0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 eb 10|ZJ3|c9|f|b9|}|01 80|\ 4|0a 99 e2 fa eb 05 e8 eb ff ff ff|p|95 98 99 99 c3 fd|8|a9 99 99 99 12 d9 95 12 e9 85|4|12 d9 91 12\ |A|12 ea a5 12 ed 87 e1 9a|j|12 e7 b9 9a|b|12 d7 8d aa|t|cf ce c8 12 a6 9a|b|12|k|f3 97 c0|j?|ed 91 \ c0 c6 1a|^|9d dc|{p|c0 c6 c7 12|T|12 df bd 9a|ZHx|9a|X|aa|P|ff 12 91 12 df 85 9a|ZXx|9b 9a|X|12 99 9\ a|Z|12|c|12|n|1a|_|97 12|I|f3 9a c0|q|1e 99 99 99 1a|_|94 cb cf|f|ce|e|c3 12|A|f3 9c c0|q|ed 99 99 9\ 9 c9 c9 c9 c9 f3 98 f3 9b|f|ce|u|12|A^|9e 9b 99 88 f5 aa|Y|10 de 9d f3 89 ce ca|f|ce|i|f3 98 ca|f|ce\ |m|c9 c9 ca|f|ce|a|12|I|1a|u|dd 12|m|aa|Y|f3 89 c0 10 9d 17|{b|10 cf a1 10 cf a5 10 cf d9 ff|^|df b5\ 98 98 14 de 89 c9 cf aa|P|c8 c8 c8 f3 98 c8 c8|^|de a5 fa f4 fd 99 14 de a5 c9 c8|f|ce|y|cb|f|ce|e|\ ca|f|ce|e|c9|f|ce|}|aa|Y5|1c|Y|ec|`|c8 cb cf ca|fK|c3 c0|2{w|aa|YZqvgff|de fc ed c9 eb f6 fa d8 fd f\ d eb fc ea ea 99 da eb fc f8 ed fc c9 eb f6 fa fc ea ea d8 99 dc e1 f0 ed cd f1 eb fc f8 fd 99 d5 f6\ f8 fd d5 f0 fb eb f8 eb e0 d8 99 ee ea ab c6 aa ab 99 ce ca d8 ca f6 fa f2 fc ed d8 99 fb f0 f7 fd \ 99 f5 f0 ea ed fc f7 99 f8 fa fa fc e9 ed 99 fa f5 f6 ea fc ea f6 fa f2 fc ed 99 00|\\|00|C|00|$|00|\ \\|00|1|00|2|00|3|00|4|00|5|00|6|00|1|00|1|00|1|00|1|00|1|00|1|00|1|00|1|00|1|00|1|00|1|00|1|00|1|00\ |1|00|1|00|.|00|d|00|o|00|c|00 00 00 01 10 08 00 cc cc cc cc| |00 00 00|0|00|-|00 00 00 00 00 88|*|0\ c 00 02 00 00 00 01 00 00 00|(|8c 0c 00 01 00 00 00 07 00 00 00 00 00 00 00|";)