Network Security: Detailed info on [Snort-sigs] Bleedingsnort.com Daily Update

Subject:	[Snort-sigs] Bleedingsnort.com Daily Update
Date:	Wed, 1 Jun 2005 20:00:04 -0500 (EST)


[***] Results from Oinkmaster started Wed Jun  1 20:00:04 2005 [***]

[///]     Modified active rules:     [///]

 2001269 - BLEEDING-EDGE VIRUS Beagle User Agent Detected (bleeding-virus.rules)
 2001370 - BLEEDING-EDGE IRC Trojan Reporting (Exploit) (bleeding-virus.rules)
 2001371 - BLEEDING-EDGE IRC Trojan Reporting (lsass) (bleeding-virus.rules)
 2001372 - BLEEDING-EDGE IRC Trojan Reporting (Scan) (bleeding-virus.rules)
 2001373 - BLEEDING-EDGE IRC Trojan Reporting (zombie) (bleeding-virus.rules)
 2001556 - BLEEDING-EDGE Virus W32/Bagle.z@MM Requesting 5.php 
(bleeding-virus.rules)
 2001638 - BLEEDING-EDGE VIRUS W32/Bagle.dldr Trojan - download attempt 
(bleeding-virus.rules)


[---]         Removed rules:         [---]

 2001291 - BLEEDING-EDGE VIRUS Possible Atak.mm Worm (bleeding-virus.rules)
 2001629 - BLEEDING-EDGE Virus Rbot DNS Lookup - giuse.ns0.it 
(bleeding-virus.rules)
 2001630 - BLEEDING-EDGE Virus Rbot IRC OUTGOING activity - Trying to join IRC 
(bleeding-virus.rules)
 2001631 - BLEEDING-EDGE Virus Rbot IRC INCOMING activity - Trying to join IRC 
(bleeding-virus.rules)
 2001632 - BLEEDING-EDGE Virus Rbot IRC activity - ReDirectMe hosts 
(bleeding-virus.rules)
 2001797 - BLEEDING-EDGE TROJAN IRC Bot - exploited.lsass.cc DNS look-up 
(bleeding-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (1):
        2001269 || BLEEDING-EDGE VIRUS Beagle User Agent Detected

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (7):
        2001269 || BLEEDING-EDGE VIRUS Bagle Worm
        2001291 || BLEEDING-EDGE VIRUS Possible Atak.mm Worm || 
url,securityresponse.symantec.com/avcenter/venc/data/w32.atak@mm.html
        2001629 || BLEEDING-EDGE Virus Rbot DNS Lookup - giuse.ns0.it || 
url,secunia.com/virus_information/11709/
        2001630 || BLEEDING-EDGE Virus Rbot IRC OUTGOING activity - Trying to 
join IRC || url,secunia.com/virus_information/11709/
        2001631 || BLEEDING-EDGE Virus Rbot IRC INCOMING activity - Trying to 
join IRC || url,secunia.com/virus_information/11709/
        2001632 || BLEEDING-EDGE Virus Rbot IRC activity - ReDirectMe hosts || 
url,secunia.com/virus_information/11709/
        2001797 || BLEEDING-EDGE TROJAN IRC Bot - exploited.lsass.cc DNS 
look-up || url,isc.sans.org/diary.php?date=2005-03-20

     -> Removed from bleeding-virus.rules (2):
        # Added by Frank Knobbe (hastily after reading an ISC diary)
        #Submitted by Mark Scott, 12/27/2004, for robot



-------------------------------------------------------
This SF.Net email is sponsored by Yahoo.
Introducing Yahoo! Search Developer Network - Create apps using Yahoo!
Search APIs Find out how you can build Yahoo! directly into your own
Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

<Prev in Thread]	Current Thread	[Next in Thread>
[Snort-sigs] Bleedingsnort.com Daily Update, bleeding <= [Snort-sigs] Bleedingsnort.com Daily Update, bleeding [Snort-sigs] Bleedingsnort.com Daily Update, bleeding [Snort-sigs] Bleedingsnort.com Daily Update, bleeding [Snort-sigs] Bleedingsnort.com Daily Update, bleeding [Snort-sigs] Bleedingsnort.com Daily Update, bleeding [Snort-sigs] Bleedingsnort.com Daily Update, bleeding [Snort-sigs] Bleedingsnort.com Daily Update, bleeding [Snort-sigs] Bleedingsnort.com Daily Update, bleeding [Snort-sigs] Bleedingsnort.com Daily Update, bleeding [Snort-sigs] Bleedingsnort.com Daily Update, bleeding

Next by Date:	[Snort-sigs] Possible FP for rules 2329, Guillaume Arcas
Next by Thread:	[Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Indexes:	[Date] [Thread] [Top] [All Lists]