[***] Results from Oinkmaster started Tue Nov 16 20:00:03 2004 [***]
[///] Modified active rules: [///]
-> Modified active in bleeding-malware.rules (1):
old: alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE
Malware Abox Install Report"; content:"GET /new_install?id="; nocase;
content:"&time="; classtype:trojan-activity; sid:2001441; rev:1;)
new: alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS
(msg:"BLEEDING-EDGE Malware Abox Install Report"; content:"GET
/new_install?id="; offset:25; depth:25; nocase; content:"&time="; nocase;
content:"Host\: 209.58.80.244"; nocase; classtype:trojan-activity; sid:2001441;
rev:2;)
[---] Disabled rules: [---]
-> Disabled in bleeding-malware.rules (1):
#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS
(msg:"BLEEDING-EDGE Malware Bfast.com Spyware";
uricontent:"/bfast/serve?bfmid"; nocase; classtype:policy-violation;
reference:url,www.giantcompany.com/antispyware/research/spyware/spyware-BFast.com.aspx;
sid:2001398; rev:2;)
-> Disabled in bleeding-policy.rules (1):
#alert tcp $HOME_NET any -> $EXTERNAL_NET 80 (msg:"BLEEDING-EDGE Policy
Proxy Connection detected"; flow:established; content:"Proxy-Connection";
classtype:attempted-user; sid:2001449; rev:1;)
[+++] Added non-rule lines: [+++]
-> Added to bleeding-malware.rules (1):
# Disabling this rule, it needs work. It's hitting on legit ad referrals
[*] Added files: [*]
None.
-------------------------------------------------------
This SF.Net email is sponsored by: InterSystems CACHE
FREE OODBMS DOWNLOAD - A multidimensional database that combines
robust object and relational technologies, making it a perfect match
for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
