Rule:

--
Sid:
17810

--
Summary:
This event is generated when activity relating to malware is detected.

--
Impact:
Serious. Possible existance of malware on the target host.

--
Detailed Information:
This activity is indicative of malware activity on a host. In this case the download of server32.exe was detected.

--
Affected Systems:

--
Attack Scenarios:
The malware in question may be one of many types, from a password stealing trojan to a spam emailer. Many forms of malware exist, care should be taken when examining the infected host to correctly determine the extent of the infection and the type of malware in order to correctly determine the best course of action to take in dealing with the problem.

--
Ease of Attack:
Simple. This may be an indication of a malware infestation.

--
False Positives:
None known.

--
False Negatives:
None known.

--
Corrective Action:
Ensure the system is using an up to date version of the software and has had all vendor supplied patches applied.

--
Contributors:
Sourcefire Vulnerability Research Team


--
Additional References:

--
