Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] Bleedingsnort.com Daily Update

from [bleeding] Network Security [Permanent Link]
Subject: [Snort-sigs] Bleedingsnort.com Daily Update
Date: Thu, 23 Jun 2005 20:00:05 -0500 (EST) 

[***] Results from Oinkmaster started Thu Jun 23 20:00:05 2005 [***]

[///]     Modified active rules:     [///]

 2000014 - BLEEDING-EDGE VIRUS Agobot/Phatbot Infection Successful 
(bleeding-virus.rules)
 2000040 - BLEEDING-EDGE Sasser FTP Traffic (bleeding-virus.rules)
 2000047 - BLEEDING-EDGE Sasser Transfer up.exe (bleeding-virus.rules)
 2000310 - BLEEDING-EDGE VIRUS Probable Zafi Virus Outbound via SMTP 
(bleeding-virus.rules)
 2000343 - BLEEDING-EDGE VIRUS Possible Evaman Worm Outbound 
(bleeding-virus.rules)
 2000345 - BLEEDING-EDGE ATTACK RESPONSE IRC - Nick change on non-std port 
(bleeding-attack_response.rules)
 2000346 - BLEEDING-EDGE ATTACK RESPONSE IRC - Name response on non-std port 
(bleeding-attack_response.rules)
 2000347 - BLEEDING-EDGE ATTACK RESPONSE IRC - Private message on non-std port 
(bleeding-attack_response.rules)
 2000348 - BLEEDING-EDGE ATTACK RESPONSE IRC - Channel JOIN on non-std port 
(bleeding-attack_response.rules)
 2000349 - BLEEDING-EDGE ATTACK RESPONSE IRC - DCC file transfer request on 
non-std port (bleeding-attack_response.rules)
 2000350 - BLEEDING-EDGE ATTACK RESPONSE IRC - DCC chat request on non-std port 
(bleeding-attack_response.rules)
 2000351 - BLEEDING-EDGE ATTACK RESPONSE IRC - channel join on non-std port 
(bleeding-attack_response.rules)
 2000352 - BLEEDING-EDGE ATTACK RESPONSE IRC - dns request on non-std port 
(bleeding-attack_response.rules)
 2000365 - BLEEDING-EDGE VIRUS Psyme Trojan Download (bleeding-virus.rules)
 2000494 - BLEEDING-EDGE VIRUS Possible Atak.mm Worm Outbound 
(bleeding-virus.rules)
 2000499 - BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access COM1 
(bleeding-attack_response.rules)
 2000500 - BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access COM2 
(bleeding-attack_response.rules)
 2000501 - BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access COM3 
(bleeding-attack_response.rules)
 2000502 - BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access COM4 
(bleeding-attack_response.rules)
 2000503 - BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access LPT1 
(bleeding-attack_response.rules)
 2000504 - BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access LPT2 
(bleeding-attack_response.rules)
 2000505 - BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access LPT3 
(bleeding-attack_response.rules)
 2000506 - BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access LPT4 
(bleeding-attack_response.rules)
 2000507 - BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access AUX 
(bleeding-attack_response.rules)
 2000508 - BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access NULL 
(bleeding-attack_response.rules)
 2000561 - BLEEDING-EDGE VIRUS Possible Bagle.AI Worm Outbound 
(bleeding-virus.rules)
 2000562 - BLEEDING-EDGE VIRUS OUTBOUND Suspicious Email Attachment 
(bleeding-virus.rules)
 2001012 - BLEEDING-EDGE Mailto domain search possible MyDoom.M,O 
(bleeding-virus.rules)
 2001045 - BLEEDING-EDGE MyDoom.P Query (bleeding-virus.rules)
 2001046 - BLEEDING-EDGE UPX compressed file download - possible worm 
(bleeding-virus.rules)
 2001047 - BLEEDING-EDGE UPX encrypted file download - possible worm 
(bleeding-virus.rules)
 2001056 - BLEEDING-EDGE W32/Sasser.worm.b [NAI]) (bleeding-virus.rules)
 2001057 - BLEEDING-EDGE W32/Sasser.worm.a [NAI]) (bleeding-virus.rules)
 2001064 - BLEEDING-EDGE VIRUS Bagle Variant Checking In (bleeding-virus.rules)
 2001065 - BLEEDING-EDGE VIRUS Possible Bagle.AQ Worm Outbound 
(bleeding-virus.rules)
 2001066 - BLEEDING-EDGE IE Ilookup Trojan (bleeding-virus.rules)
 2001184 - BLEEDING-EDGE RXBOT / RBOT Vulnerability Scan (bleeding-virus.rules)
 2001196 - BLEEDING-EDGE WORM MyDoom.S Outbound (bleeding-virus.rules)
 2001220 - BLEEDING-EDGE RXBOT / RBOT Exploit Report (bleeding-virus.rules)
 2001233 - BLEEDING-EDGE Possible CIA download/upload attempt 
(bleeding-virus.rules)
 2001234 - BLEEDING-EDGE Win32/Small.AR outbound activity (bleeding-virus.rules)
 2001236 - BLEEDING-EDGE Akak trojan protocol hello (bleeding-virus.rules)
 2001237 - BLEEDING-EDGE Akak trojan protocol response from infected host 
(bleeding-virus.rules)
 2001247 - BLEEDING-EDGE WORM General MSN Worm URL Attempt 
(bleeding-virus.rules)
 2001268 - BLEEDING-EDGE VIRUS SWEN.A Worm detected (bleeding-virus.rules)
 2001269 - BLEEDING-EDGE VIRUS Beagle User Agent Detected (bleeding-virus.rules)
 2001270 - BLEEDING-EDGE VIRUS Bagle Worm (bleeding-virus.rules)
 2001273 - BLEEDING-EDGE VIRUS Outbound W32.Novarg.A worm (bleeding-virus.rules)
 2001274 - BLEEDING-EDGE VIRUS MyDoom/MIMAIL.R Outbound 1 (bleeding-virus.rules)
 2001275 - BLEEDING-EDGE VIRUS MyDoom/MIMAIL.R Outbound 2 (bleeding-virus.rules)
 2001276 - BLEEDING-EDGE VIRUS MyDoom/MIMAIL.R Outbound 3 (bleeding-virus.rules)
 2001277 - BLEEDING-EDGE VIRUS MyDoom/MIMAIL.R Variant Outbound 
(bleeding-virus.rules)
 2001278 - BLEEDING-EDGE VIRUS W32.Novarg.A SCO DOS (bleeding-virus.rules)
 2001279 - BLEEDING-EDGE VIRUS MyDoom.F Worm (bleeding-virus.rules)
 2001280 - BLEEDING-EDGE VIRUS Netsky message.zip HEX port 139 
(bleeding-virus.rules)
 2001281 - BLEEDING-EDGE VIRUS Netsky message.zip HEX port 445 
(bleeding-virus.rules)
 2001282 - BLEEDING-EDGE VIRUS Netsky base64 port 1352 (bleeding-virus.rules)
 2001283 - BLEEDING-EDGE VIRUS Netsky base64 port 25 (bleeding-virus.rules)
 2001284 - BLEEDING-EDGE VIRUS Sober.F Outbound (bleeding-virus.rules)
 2001285 - BLEEDING-EDGE VIRUS Sober.F Outbound (bleeding-virus.rules)
 2001286 - BLEEDING-EDGE VIRUS Sasser/Korgo Worm (bleeding-virus.rules)
 2001287 - BLEEDING-EDGE VIRUS W32/Stdbot.worm.a (bleeding-virus.rules)
 2001288 - BLEEDING-EDGE VIRUS W32/Stdbot.worm.b (bleeding-virus.rules)
 2001290 - BLEEDING-EDGE VIRUS Possible Evaman Worm (bleeding-virus.rules)
 2001292 - BLEEDING-EDGE Virus Possible Bagle.AI Worm (bleeding-virus.rules)
 2001302 - BLEEDING-EDGE VIRUS Nachi/Phatbot Worm (bleeding-virus.rules)
 2001303 - BLEEDING-EDGE Webber/Berbew Trojan keystroke log upload 
(bleeding-virus.rules)
 2001337 - BLEEDING-EDGE Korgo.P offering executable (bleeding-virus.rules)
 2001338 - BLEEDING-EDGE Korgo.P binary upload (bleeding-virus.rules)
 2001390 - BLEEDING-EDGE VIRUS Possible Beagle.AV Worm Outbound 
(bleeding-virus.rules)
 2001406 - BLEEDING-EDGE Possible hidden zip extension .cpl 
(bleeding-policy.rules)
 2001407 - BLEEDING-EDGE Possible hidden zip extension .pif 
(bleeding-policy.rules)
 2001408 - BLEEDING-EDGE Possible hidden zip extension .scr 
(bleeding-policy.rules)
 2001428 - BLEEDING-EDGE WORM MyDoom.AH Victim Accessing Infected Page 
(bleeding-virus.rules)
 2001430 - BLEEDING-EDGE WORM Bofra Victim Accessing Reactor Page 
(bleeding-virus.rules)
 2001432 - BLEEDING-EDGE WORM Potential MyDoom.AH Email Outbound 
(bleeding-virus.rules)
 2001434 - BLEEDING-EDGE WORM Potential MyDoom.AH Email Outbound 
(bleeding-virus.rules)
 2001436 - BLEEDING-EDGE WORM Potential MyDoom.AH Email Outbound 
(bleeding-virus.rules)
 2001438 - BLEEDING-EDGE WORM Potential MyDoom.AI Email Outbound 
(bleeding-virus.rules)
 2001545 - BLEEDING-EDGE ATTACK RESPONSE Potential root shell connection 
detected! (bleeding-attack_response.rules)
 2001547 - BLEEDING-EDGE VIRUS Sobig.E-F Trojan Site Download Request 
(bleeding-virus.rules)
 2001548 - BLEEDING-EDGE Sasser FTP exploit attempt (bleeding-virus.rules)
 2001554 - BLEEDING-EDGE Worm Rbot.Gen Infection Attempt (bleeding-virus.rules)
 2001556 - BLEEDING-EDGE Virus W32/Bagle.z@MM Requesting 5.php 
(bleeding-virus.rules)
 2001566 - BLEEDING-EDGE Virus Netsky.P Worm detected (bleeding-virus.rules)
 2001567 - BLEEDING-EDGE Virus Bagel - outbound (bleeding-virus.rules)
 2001573 - BLEEDING-EDGE Virus Zafi Worm outgoing detected 
(bleeding-virus.rules)
 2001578 - BLEEDING-EDGE VIRUS Sober.I - outbound (bleeding-virus.rules)
 2001584 - BLEEDING-EDGE Virus Bot Reporting Scan/Exploit (bleeding-virus.rules)
 2001591 - BLEEDING-EDGE Virus NetSky.C Worm - outgoing detected 
(bleeding-virus.rules)
 2001592 - BLEEDING-EDGE Virus Zafi.d P2P Infection Attempt 
(bleeding-virus.rules)
 2001593 - BLEEDING-EDGE Virus Zafi.d P2P Infection Attempt 
(bleeding-virus.rules)
 2001594 - BLEEDING-EDGE Virus Zafi.d a.exe file upload (bleeding-virus.rules)
 2001599 - BLEEDING-EDGE Virus Zafi.D Worm [.zip] - outgoing detected 
(bleeding-virus.rules)
 2001601 - BLEEDING-EDGE Virus Zafi.D Worm [.cmd, .com, .pif or .bat] - 
outgoing detected (bleeding-virus.rules)
 2001603 - BLEEDING-EDGE Virus Netsky.Z Worm - outgoing detected 
(bleeding-virus.rules)
 2001607 - BLEEDING-EDGE Virus Possible santy.A Worm Defaced Page 
(bleeding-virus.rules)
 2001614 - BLEEDING-EDGE Virus PHPInclude.Worm Inbound Attack 
(bleeding-virus.rules)
 2001615 - BLEEDING-EDGE Virus PHPInclude.Worm Outbound Attack --LOCAL 
INFECTION-- (bleeding-virus.rules)
 2001616 - BLEEDING-EDGE ATTACK RESPONSE Zone-H.org defacement notification 
(bleeding-attack_response.rules)
 2001617 - BLEEDING-EDGE Virus Santy.B worm variants searching for targets 
(bleeding-virus.rules)
 2001618 - BLEEDING-EDGE Virus Santy.B worm variants searching for targets 
(bleeding-virus.rules)
 2001619 - BLEEDING-EDGE Virus Santy.B worm variants serarching for targets 
(yahoo) (bleeding-virus.rules)
 2001620 - BLEEDING-EDGE ATTACK RESPONSE Likely Botnet Activity 
(bleeding-attack_response.rules)
 2001628 - BLEEDING-EDGE ATTACK RESPONSE Outbound PHP Connection 
(bleeding-attack_response.rules)
 2001638 - BLEEDING-EDGE VIRUS W32/Bagle.dldr Trojan - download attempt 
(bleeding-virus.rules)
 2001672 - BLEEDING-EDGE Virus MyDoom.I worm - outbound (bleeding-virus.rules)
 2001676 - BLEEDING-EDGE Virus Bot Reporting/Commencing DDoS 
(bleeding-virus.rules)
 2001681 - BLEEDING-EDGE Virus VBSun.A Tsunami Scam Worm OUTBOUND 
(bleeding-virus.rules)
 2001688 - BLEEDING-EDGE MySQL bot DNS lookup (bleeding-virus.rules)
 2001689 - BLEEDING-EDGE Potential MySQL bot scanning for SQL server 
(bleeding-virus.rules)
 2001690 - BLEEDING-EDGE Potential MySQL bot connecting to IRC server 
(bleeding-virus.rules)
 2001691 - BLEEDING-EDGE Virus Bagle.BJ [alias .AY, .BC] worm [.com, exe 
extensions] - outbound (bleeding-virus.rules)
 2001693 - BLEEDING-EDGE VIRUS Bagle.BJ [alias .AY, .BC] worm [.cpl extension] 
- outbound (bleeding-virus.rules)
 2001695 - BLEEDING-EDGE Virus Bagle.BJ [alias .AY, .BC] - download attempt 
(bleeding-virus.rules)
 2001715 - BLEEDING-EDGE Virus Bropia.F Worm Propagation (bleeding-virus.rules)
 2001726 - BLEEDING-EDGE Virus Trojan-Spy.Win32.Bancos Download 
(bleeding-virus.rules)
 2001739 - BLEEDING-EDGE Virus Dipnet infected host response 
(bleeding-virus.rules)
 2001740 - BLEEDING-EDGE Virus Dipnet infected host response 
(bleeding-virus.rules)
 2001743 - BLEEDING-EDGE Trojan HackerDefender Root Kit Remote Connection 
Attempt Detected (bleeding-virus.rules)
 2001750 - BLEEDING-EDGE VIRUS Sober.K Worm - outgoing (bleeding-virus.rules)
 2001752 - BLEEDING-EDGE Virus Bagle.BE Download attempt (bleeding-virus.rules)
 2001757 - BLEEDING_EDGE VIRUS BagleDl-M SMTP Outbound (bleeding-virus.rules)
 2001759 - BLEEDING-EDGE Virus Beagle.BK - outbound (bleeding-virus.rules)
 2001763 - BLEEDING-EDGE VIRUS - W32.Opaserv Worm Infection 
(bleeding-virus.rules)
 2001764 - BLEEDING-EDGE VIRUS - Bugbear@MM virus in SMTP (bleeding-virus.rules)
 2001765 - BLEEDING-EDGE VIRUS - BugBear@MM virus in Network share 
(bleeding-virus.rules)
 2001766 - BLEEDING-EDGE VIRUS - BugBear@MM Worm Copied to Startup Folder 
(bleeding-virus.rules)
 2001799 - BLEEDING-EDGE Unknown Yahoo Messenger Worm DNS lookup 
(bleeding-virus.rules)
 2001800 - BLEEDING-EDGE Unknown Yahoo Messenger Worm URL access 
(bleeding-virus.rules)
 2001878 - BLEEDING-EDGE WORM General MSN Worm URL Outbound 
(bleeding-virus.rules)
 2001879 - BLEEDING-EDGE VIRUS Sober-style Ehlo - noalert (bleeding-virus.rules)
 2001880 - BLEEDING-EDGE VIRUS Sober-style Ehlo followed by SMTP AUTH - noalert 
(bleeding-virus.rules)
 2001881 - BLEEDING-EDGE VIRUS Possible Sober virus attachment Outbound 
(bleeding-virus.rules)
 2001899 - BLEEDING-EDGE Botnet HTTP Botnet reg (bleeding-virus.rules)
 2001900 - BLEEDING-EDGE BwB Botnet Checkin (bleeding-virus.rules)
 2001901 - BLEEDING-EDGE TROJAN Possible Bobax trojan infection 
(bleeding-virus.rules)
 2001902 - BLEEDING-EDGE WORM Sober.O Attachment Outbound (bleeding-virus.rules)
 2001905 - BLEEDING-EDGE VIRUS AIM Bot im.exe Activity (bleeding-virus.rules)
 2001910 - BLEEDING-EDGE VIRUS AIM Bot Outbound Control Channel Open and Login 
(bleeding-virus.rules)
 2001911 - BLEEDING-EDGE VIRUS Beaconing DREMN Trojan (bleeding-virus.rules)
 2001912 - BLEEDING-EDGE VIRUS Answering DREMN Trojan (bleeding-virus.rules)
 2001913 - BLEEDING-EDGE VIRUS Possible Sober.P Outbound (bleeding-virus.rules)
 2001919 - BLEEDING-EDGE VIRUS - Greeting card gif.exe email incoming SMTP 
(bleeding-virus.rules)
 2001920 - BLEEDING-EDGE VIRUS - Greeting card gif.exe email incoming POP3/IMAP 
(bleeding-virus.rules)
 2001921 - BLEEDING-EDGE VIRUS - Greeting card gif.exe email incoming HTTP 
(bleeding-virus.rules)
 2001922 - BLEEDING-EDGE VIRUS Mytob.ED email attachment 1 Outbound 
(bleeding-virus.rules)
 2001923 - BLEEDING-EDGE VIRUS Mytob.ED email attachment 2 Outbound 
(bleeding-virus.rules)
 2001924 - BLEEDING-EDGE VIRUS Mytob.ED email attachment 3 Outbound 
(bleeding-virus.rules)
 2001930 - BLEEDING-EDGE Virus Maslan.C - outbound (bleeding-virus.rules)
 2001933 - BLEEDING-EDGE VIRUS PWS Banker Trojan Sending Report of Infection 
(bleeding-virus.rules)
 2001952 - BLEEDING-EDGE VIRUS Bagle.BO or variant - OUTBOUND 
(bleeding-virus.rules)
 2001955 - BLEEDING-EDGE VIRUS Win32.Mytob.CU Worm Infection / DNS lookup 
(bleeding-virus.rules)
 2001956 - BLEEDING-EDGE VIRUS Win32.Mytob.CU Worm Infection 
(bleeding-virus.rules)
 2001959 - BLEEDING-EDGE VIRUS Hotword Trojan in Transit (bleeding-virus.rules)
 2001960 - BLEEDING-EDGE VIRUS Hotword Trojan inbound via http 
(bleeding-virus.rules)
 2001961 - BLEEDING-EDGE VIRUS Hotword Trojan -- Possible File Upload CHJO 
(bleeding-virus.rules)
 2001962 - BLEEDING-EDGE VIRUS Hotword Trojan -- Possible File Upload CFXP 
(bleeding-virus.rules)
 2001963 - BLEEDING-EDGE VIRUS Hotword Trojan -- Possible FTP File Request 
pspv.exe (bleeding-virus.rules)
 2001964 - BLEEDING-EDGE VIRUS Hotword Trojan -- Possible FTP File Request .tea 
(bleeding-virus.rules)
 2001965 - BLEEDING-EDGE VIRUS Hotword Trojan -- Possible FTP File Status 
Upload ___ (bleeding-virus.rules)
 2001966 - BLEEDING-EDGE VIRUS Hotword Trojan -- Possible FTP File Status Check 
___ (bleeding-virus.rules)
 2001967 - BLEEDING-EDGE VIRUS Fireby proxy trojan port report 
(bleeding-virus.rules)
 2001979 - BLEEDING-EDGE POLICY SSH Server Banner Detected on Unusual Port 
(bleeding-policy.rules)
 2001980 - BLEEDING-EDGE POLICY SSH Client Banner Detected on Unusual Port 
(bleeding-policy.rules)
 2001981 - BLEEDING-EDGE POLICY SSHv2 Server KEX Detected on Unusual Port 
(bleeding-policy.rules)
 2001982 - BLEEDING-EDGE POLICY SSHv2 Client KEX Detected on Unusual Port 
(bleeding-policy.rules)
 2001983 - BLEEDING-EDGE POLICY SSHv2 Client New Keys Detected on Unusual Port 
(bleeding-policy.rules)
 2001984 - BLEEDING-EDGE POLICY SSH session in progress on Unusual Port 
(bleeding-policy.rules)
 2001985 - BLEEDING-EDGE VIRUS HTTP Challenge/Response Authentication 
(bleeding-virus.rules)
 2001986 - Mytob.DI - outbound (bleeding-virus.rules)
 2002023 - BLEEDING-EDGE TROJAN IRC USER command (bleeding-virus.rules)
 2002024 - BLEEDING-EDGE TROJAN IRC NICK command (bleeding-virus.rules)
 2002025 - BLEEDING-EDGE TROJAN IRC JOIN command (bleeding-virus.rules)
 2002026 - BLEEDING-EDGE TROJAN IRC PRIVMSG command (bleeding-virus.rules)
 2002027 - BLEEDING-EDGE TROJAN IRC PING command (bleeding-virus.rules)
 2002028 - BLEEDING-EDGE TROJAN IRC PONG response (bleeding-virus.rules)
 2002029 - BLEEDING-EDGE TROJAN BOT - channel topic scan/exploit command 
(bleeding-virus.rules)
 2002030 - BLEEDING-EDGE TROJAN BOT - potential scan/exploit command 
(bleeding-virus.rules)
 2002031 - BLEEDING-EDGE TROJAN BOT - potential update/download 
(bleeding-virus.rules)
 2002032 - BLEEDING-EDGE TROJAN BOT - potential DDoS command 
(bleeding-virus.rules)
 2002033 - BLEEDING-EDGE TROJAN BOT - potential response (bleeding-virus.rules)
 2002034 - BLEEDING-EDGE ATTACK RESPONSE Possible /etc/passwd via HTTP 
(bleeding-attack_response.rules)
 2002049 - Mytob.GC - outbound (bleeding-virus.rules)


[///]    Modified inactive rules:    [///]

 2001332 - BLEEDING-EDGE GDI Exploit - Worm 1 Successful Execution 
(bleeding-virus.rules)
 2001367 - BLEEDING-EDGE WORM RBOT inbound Bestfriends.scr 
(bleeding-virus.rules)
 2001370 - BLEEDING-EDGE IRC Trojan Reporting (Exploit) (bleeding-virus.rules)
 2001371 - BLEEDING-EDGE IRC Trojan Reporting (lsass) (bleeding-virus.rules)
 2001372 - BLEEDING-EDGE IRC Trojan Reporting (Scan) (bleeding-virus.rules)
 2001373 - BLEEDING-EDGE IRC Trojan Reporting (zombie) (bleeding-virus.rules)
 2001391 - BLEEDING-EDGE VIRUS Possible Beagle.AV Worm Inbound 
(bleeding-virus.rules)
 2001431 - BLEEDING-EDGE WORM Potential MyDoom.AH Email Inbound 
(bleeding-virus.rules)
 2001433 - BLEEDING-EDGE WORM Potential MyDoom.AH Email Inbound 
(bleeding-virus.rules)
 2001435 - BLEEDING-EDGE WORM Potential MyDoom.AH Email Inbound 
(bleeding-virus.rules)
 2001437 - BLEEDING-EDGE WORM Potential MyDoom.AI Email Inbound 
(bleeding-virus.rules)
 2001542 - BLEEDING-EDGE VIRUS Possible Sober.j - outbound 
(bleeding-virus.rules)
 2001565 - BLEEDING-EDGE Virus Netsky.P Worm - incoming (bleeding-virus.rules)
 2001568 - BLEEDING-EDGE Virus Bagel - incoming (bleeding-virus.rules)
 2001572 - BLEEDING-EDGE Virus Zafi Worm - incoming (bleeding-virus.rules)
 2001577 - BLEEDING-EDGE VIRUS Sober.I - incoming (bleeding-virus.rules)
 2001590 - BLEEDING-EDGE Virus NetSky.C Worm - incoming (bleeding-virus.rules)
 2001598 - BLEEDING-EDGE Virus Zafi.D Worm [.zip] - incoming detected 
(bleeding-virus.rules)
 2001600 - BLEEDING-EDGE Virus Zafi.D Worm [.cmd, .com, .pif or .bat] - 
incoming detected (bleeding-virus.rules)
 2001602 - BLEEDING-EDGE Virus Netsky.Z Worm - incoming detected 
(bleeding-virus.rules)
 2001673 - BLEEDING-EDGE Virus MyDoom.I worm - inbound (bleeding-virus.rules)
 2001680 - BLEEDING-EDGE Virus VBSun.A Tsunami Scam Worm INCOMING 
(bleeding-virus.rules)
 2001687 - BLEEDING-EDGE MySQL bot DNS lookup (bleeding-virus.rules)
 2001692 - BLEEDING-EDGE Virus Bagle.BJ [alias .AY, .BC] worm [.com, .exe 
extensions] - incoming (bleeding-virus.rules)
 2001694 - BLEEDING-EDGE Virus Bagle.BJ [alias .AY, .BC] worm [.cpl extension] 
- incoming (bleeding-virus.rules)
 2001717 - BLEEDING-EDGE ATTACK RESPONSE Successful user connection AFTER Brute 
Force Attack (bleeding-attack_response.rules)
 2001749 - BLEEDING-EDGE VIRUS Sober.K Worm - incoming (bleeding-virus.rules)
 2001758 - BLEEDING-EDGE VIRUS BagleDl-M SMTP Inbound (bleeding-virus.rules)
 2001760 - BLEEDING-EDGE Virus Beagle.BK - incoming (bleeding-virus.rules)
 2001786 - BLEEDING-EDGE TROJAN potential update/download IRC Bot command 
(bleeding-virus.rules)
 2001787 - BLEEDING-EDGE TROJAN IRC Bot scan/exploit command 
(bleeding-virus.rules)
 2001788 - BLEEDING-EDGE TROJAN IRC Bot DDoS command (bleeding-virus.rules)
 2001789 - BLEEDING-EDGE TROJAN Suspicious IRC Bot response 
(bleeding-virus.rules)
 2001903 - BLEEDING-EDGE WORM Sober.O Attachment Inbound (bleeding-virus.rules)
 2001914 - BLEEDING-EDGE VIRUS Possible Sober.P Inbound (bleeding-virus.rules)
 2001925 - BLEEDING-EDGE VIRUS Mytob.ED email attachment 1 Inbound 
(bleeding-virus.rules)
 2001926 - BLEEDING-EDGE VIRUS Mytob.ED email attachment 2 Inbound 
(bleeding-virus.rules)
 2001927 - BLEEDING-EDGE VIRUS Mytob.ED email attachment 3 Inbound 
(bleeding-virus.rules)
 2001931 - BLEEDING-EDGE Virus Maslan.C - inbound (bleeding-virus.rules)
 2001953 - BLEEDING-EDGE VIRUS Bagle.BO or variant - INBOUND 
(bleeding-virus.rules)
 2001973 - BLEEDING-EDGE POLICY SSH Server Banner Detected on Expected Port 
(bleeding-policy.rules)
 2001974 - BLEEDING-EDGE POLICY SSH Client Banner Detected on Expected Port 
(bleeding-policy.rules)
 2001975 - BLEEDING-EDGE POLICY SSHv2 Server KEX Detected on Expected Port 
(bleeding-policy.rules)
 2001976 - BLEEDING-EDGE POLICY SSHv2 Client KEX Detected on Expected Port 
(bleeding-policy.rules)
 2001977 - BLEEDING-EDGE POLICY SSHv2 Client New Keys detected on Expected Port 
(bleeding-policy.rules)
 2001978 - BLEEDING-EDGE POLICY SSH session in progress on Expected Port 
(bleeding-policy.rules)
 2001987 - Mytob.DI - incoming (bleeding-virus.rules)
 2002050 - Mytob.GC - incoming (bleeding-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (4):
        2001598 || BLEEDING-EDGE Virus Zafi.D Worm [.zip] - incoming detected 
|| url,secunia.com/virus_information/13874/
        2001599 || BLEEDING-EDGE Virus Zafi.D Worm [.zip] - outgoing detected 
|| url,secunia.com/virus_information/13874/
        2001600 || BLEEDING-EDGE Virus Zafi.D Worm [.cmd, .com, .pif or .bat] - 
incoming detected || url,secunia.com/virus_information/13874/
        2001601 || BLEEDING-EDGE Virus Zafi.D Worm [.cmd, .com, .pif or .bat] - 
outgoing detected || url,secunia.com/virus_information/13874/

     -> Added to bleeding-virus.rules (51):
        # BugBear
        # Agobot/Phatbot
        # Sober
        # Sobig
        # Spy.Win32.Bancos Trojan
        # Webber/Berbew
        # Zafi Virus
        # Akak Trojan
        # Bofra Worm
        # Dipnet
        # Hacker Defender Root Kit
        # IE Ilookup Trojan
        # IRC Trojan Reporting
        ### Client login process. flowbits needs an OR.
        ### Client needs to tell the server who they are, join
        ### join a group, and someone needs to say something to
        ### someone else.
        ### Alternate path to is_proto_irc, Catch PING/PONG.
        # Bot potty
        # Psyme Trojan
        # Atak Worm
        # Bagle variants
        #Submitted by Mark Scott for generic Bagle (this seems to trip on most 
Bagles)
        # Bropia Worm
        # CIA
        # Evaman Worm
        # GDI Exploit
        # Korgo Worm
        # Maslan
        # MyDoom variants
        # MySQL Worm
        # Mytob
        # Mytob.DI
        # Mytob.GC
        # Nachi/Phatbot Worm
        # Netsky Worm
        # Novarg Worm
        # OpaServ Worm
        # PHPInclude Worm
        # Rbot trojan
        # Santy Worm
        #Submitted Erik Fichtner for Santy.B
        # Sasser Worm
        # Small Trojan
        # Stdbot
        # Suspicious Extensions
        # ade, adp, asd, asf, asx, bat, bas, chm, cli, cmd, com, crt, cpl, cpp, 
diz, dll, ebs, emf, eml, exe, fol, folder, hlp, hsq, hta, ini, inf, ins,
        # isp, js, jse, lnk, mda, mdb, mde, mdw, mdz, mht, mhtm, msi, msc, msg, 
msp, mst, nws, ocx, pcd, pif, pl, pls, plc,plx, pm, pot, rar,
        # reg, scr, sct, shs, swf, sys, url, vb, vbe, vbs, vxd, wmd, wmf, wms, 
wmz, wpm, wps, wpz, wsc, wsf, wsh, xlt, xlw, zip
        # Swen Worm
        # VBSun Worm

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (4):
        2001598 || BLEEDING-EDGE Virus Zafi.D Worm [.zip] - incoming detected  
|| url,secunia.com/virus_information/13874/
        2001599 || BLEEDING-EDGE Virus Zafi.D Worm [.zip] - outgoing detected  
|| url,secunia.com/virus_information/13874/
        2001600 || BLEEDING-EDGE Virus Zafi.D Worm [.cmd, .com, .pif or .bat] - 
incoming detected  || url,secunia.com/virus_information/13874/
        2001601 || BLEEDING-EDGE Virus Zafi.D Worm [.cmd, .com, .pif or .bat] - 
outgoing detected  || url,secunia.com/virus_information/13874/

     -> Removed from bleeding-virus.rules (51):
        #       BugBear
        #       Agobot/Phatbot
        #       Sober
        #       Sobig
        #       Spy.Win32.Bancos Trojan
        #       Webber/Berbew
        #       Zafi Virus
        #       Akak Trojan
        #       Bofra Worm
        #       Dipnet
        #       Hacker Defender Root Kit
        #       IE Ilookup Trojan
        #       IRC Trojan Reporting
        ###  Client login process.  flowbits needs an OR.
        ###  Client needs to tell the server who they are, join
        ###  join a group, and someone needs to say something to
        ###  someone else.
        ###  Alternate path to is_proto_irc, Catch PING/PONG.
        #  Bot potty
        #       Psyme Trojan
        #       Atak Worm
        #       Bagle variants
        #Submitted by Mark Scott for  generic Bagle (this seems to trip on most 
Bagles)
        #       Bropia Worm
        #       CIA
        #       Evaman Worm
        #       GDI Exploit
        #       Korgo Worm
        #       Maslan
        #       MyDoom variants
        #       MySQL Worm
        #       Mytob
        #       Mytob.DI
        #       Mytob.GC
        #       Nachi/Phatbot Worm
        #       Netsky Worm
        #       Novarg Worm
        #       OpaServ Worm
        #       PHPInclude Worm
        #       Rbot trojan
        #       Santy Worm
        #Submitted  Erik Fichtner for Santy.B
        #       Sasser Worm
        #       Small Trojan
        #       Stdbot
        #       Suspicious Extensions
        #   ade, adp, asd, asf, asx, bat, bas, chm, cli, cmd, com, crt, cpl, 
cpp, diz, dll, ebs, emf, eml, exe, fol, folder, hlp, hsq, hta, ini, inf, ins,
        #   isp, js, jse, lnk, mda, mdb, mde, mdw, mdz, mht, mhtm, msi, msc, 
msg, msp, mst, nws, ocx, pcd, pif, pl, pls, plc,plx, pm, pot, rar,
        #   reg, scr, sct, shs, swf, sys, url, vb, vbe, vbs, vxd, wmd, wmf, 
wms, wmz, wpm, wps, wpz, wsc, wsf, wsh, xlt, xlw, zip
        #       Swen Worm
        #       VBSun Worm



-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-sigs] multiple change on sid (snort233b14), rmkml
Next by Date:  Re: [Snort-sigs] sid 580 and sid 1267 = cve-1999-0008 ? (snort233b14), Matthew Watchinski
Previous by Thread:  [Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Next by Thread:  [Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Indexes:  [Date] [Thread] [Top] [All Lists]