Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] Bleedingsnort.com Daily Update

from [bleeding] Network Security [Permanent Link]
Subject: [Snort-sigs] Bleedingsnort.com Daily Update
Date: Mon, 11 Jul 2005 20:00:04 -0500 (EST) 

[***] Results from Oinkmaster started Mon Jul 11 20:00:03 2005 [***]

[///]     Modified active rules:     [///]

 2000040 - BLEEDING-EDGE VIRUS Sasser FTP Traffic (bleeding-virus.rules)
 2000047 - BLEEDING-EDGE VIRUS Sasser Transfer _up.exe (bleeding-virus.rules)
 2000310 - BLEEDING-EDGE VIRUS Probable Zafi VIRUS Outbound via SMTP 
(bleeding-virus.rules)
 2000561 - BLEEDING-EDGE VIRUS Possible Bagle.AI Worm Outbound 
(bleeding-virus.rules)
 2001045 - BLEEDING-EDGE MyDoom.P Query (bleeding-virus.rules)
 2001065 - BLEEDING-EDGE VIRUS Possible Bagle.AQ Worm Outbound 
(bleeding-virus.rules)
 2001234 - BLEEDING-EDGE Win32/Small.AR outbound activity (bleeding-virus.rules)
 2001268 - BLEEDING-EDGE VIRUS SWEN.A Worm detected (bleeding-virus.rules)
 2001269 - BLEEDING-EDGE VIRUS Beagle User Agent Detected (bleeding-virus.rules)
 2001270 - BLEEDING-EDGE VIRUS Bagle Worm (bleeding-virus.rules)
 2001273 - BLEEDING-EDGE VIRUS Outbound W32.Novarg.A worm (bleeding-virus.rules)
 2001274 - BLEEDING-EDGE VIRUS MyDoom/MIMAIL.R Outbound 1 (bleeding-virus.rules)
 2001275 - BLEEDING-EDGE VIRUS MyDoom/MIMAIL.R Outbound 2 (bleeding-virus.rules)
 2001276 - BLEEDING-EDGE VIRUS MyDoom/MIMAIL.R Outbound 3 (bleeding-virus.rules)
 2001277 - BLEEDING-EDGE VIRUS MyDoom/MIMAIL.R Variant Outbound 
(bleeding-virus.rules)
 2001278 - BLEEDING-EDGE VIRUS W32.Novarg.A SCO DOS (bleeding-virus.rules)
 2001279 - BLEEDING-EDGE VIRUS MyDoom.F Worm (bleeding-virus.rules)
 2001280 - BLEEDING-EDGE VIRUS Netsky message.zip HEX port 139 
(bleeding-virus.rules)
 2001281 - BLEEDING-EDGE VIRUS Netsky message.zip HEX port 445 
(bleeding-virus.rules)
 2001282 - BLEEDING-EDGE VIRUS Netsky base64 port 1352 (bleeding-virus.rules)
 2001283 - BLEEDING-EDGE VIRUS Netsky base64 port 25 (bleeding-virus.rules)
 2001284 - BLEEDING-EDGE VIRUS Sober.F Outbound (bleeding-virus.rules)
 2001285 - BLEEDING-EDGE VIRUS Sober.F Outbound (bleeding-virus.rules)
 2001287 - BLEEDING-EDGE VIRUS W32/Stdbot.worm.a (bleeding-virus.rules)
 2001288 - BLEEDING-EDGE VIRUS W32/Stdbot.worm.b (bleeding-virus.rules)
 2001292 - BLEEDING-EDGE VIRUS Possible Bagle.AI Worm (bleeding-virus.rules)
 2001487 - BLEEDING-EDGE Malware Tibsystems Spyware Activity 
(bleeding-malware.rules)
 2001504 - BLEEDING-EDGE Malware Medialoads.com Spyware Activity 
(bleeding-malware.rules)
 2001506 - BLEEDING-EDGE Malware Smartpops.com Spyware Activity 
(bleeding-malware.rules)
 2001507 - BLEEDING-EDGE Malware Medialoads.com Spyware Identifying Country of 
Origin (bleeding-malware.rules)
 2001522 - BLEEDING-EDGE Malware SpywareLabs Application Install 
(bleeding-malware.rules)
 2001547 - BLEEDING-EDGE VIRUS Sobig.E-F Trojan Site Download Request 
(bleeding-virus.rules)
 2001562 - BLEEDING-EDGE Malware MarketScore.com Spyware User Configuration and 
Setup Access (bleeding-malware.rules)
 2001566 - BLEEDING-EDGE Virus Netsky.P Worm detected (bleeding-virus.rules)
 2001567 - BLEEDING-EDGE VIRUS Bagel - outbound (bleeding-virus.rules)
 2001573 - BLEEDING-EDGE VIRUS Zafi Worm outgoing detected 
(bleeding-virus.rules)
 2001578 - BLEEDING-EDGE VIRUS Sober.I - outbound (bleeding-virus.rules)
 2001607 - BLEEDING-EDGE Virus Possible santy.A Worm Defaced Page 
(bleeding-virus.rules)
 2001617 - BLEEDING-EDGE Virus Santy.B worm variants searching for targets 
(bleeding-virus.rules)
 2001618 - BLEEDING-EDGE Virus Santy.B worm variants searching for targets 
(bleeding-virus.rules)
 2001619 - BLEEDING-EDGE Virus Santy.B worm variants serarching for targets 
(yahoo) (bleeding-virus.rules)
 2001639 - BLEEDING-EDGE Malware Wild Tangent Agent Activity 
(bleeding-malware.rules)
 2001654 - BLEEDING-EDGE Malware JoltID Agent Requesting File 
(bleeding-malware.rules)
 2001699 - BLEEDING-EDGE Malware YourSiteBar Activity (bleeding-malware.rules)
 2001726 - BLEEDING-EDGE Virus Trojan-Spy.Win32.Bancos Download 
(bleeding-virus.rules)
 2001732 - BLEEDING-EDGE Malware Top Converting Agent Activity 
(bleeding-malware.rules)
 2001736 - BLEEDING-EDGE Malware UCMore Spyware Activity 
(bleeding-malware.rules)
 2001743 - BLEEDING-EDGE Trojan HackerDefender Root Kit Remote Connection 
Attempt Detected (bleeding-virus.rules)
 2001879 - BLEEDING-EDGE VIRUS Sober-style Ehlo - noalert (bleeding-virus.rules)
 2001880 - BLEEDING-EDGE VIRUS Sober-style Ehlo followed by SMTP AUTH - noalert 
(bleeding-virus.rules)
 2001881 - BLEEDING-EDGE VIRUS Possible Sober virus attachment Outbound 
(bleeding-virus.rules)
 2001899 - BLEEDING-EDGE Botnet HTTP Botnet reg (bleeding-virus.rules)
 2001900 - BLEEDING-EDGE BwB Botnet Checkin (bleeding-virus.rules)
 2001913 - BLEEDING-EDGE VIRUS Possible Sober.P Outbound (bleeding-virus.rules)
 2001919 - BLEEDING-EDGE VIRUS - Greeting card gif.exe email incoming SMTP 
(bleeding-virus.rules)
 2001920 - BLEEDING-EDGE VIRUS - Greeting card gif.exe email incoming POP3/IMAP 
(bleeding-virus.rules)
 2001921 - BLEEDING-EDGE VIRUS - Greeting card gif.exe email incoming HTTP 
(bleeding-virus.rules)
 2001922 - BLEEDING-EDGE VIRUS Mytob.ED email attachment 1 Outbound 
(bleeding-virus.rules)
 2001923 - BLEEDING-EDGE VIRUS Mytob.ED email attachment 2 Outbound 
(bleeding-virus.rules)
 2001924 - BLEEDING-EDGE VIRUS Mytob.ED email attachment 3 Outbound 
(bleeding-virus.rules)
 2001933 - BLEEDING-EDGE VIRUS PWS Banker Trojan Sending Report of Infection 
(bleeding-virus.rules)
 2001967 - BLEEDING-EDGE VIRUS Fireby proxy trojan port report 
(bleeding-virus.rules)
 2002002 - BLEEDING-EDGE Malware Better Internet Spyware User Agent Activity 
(bleeding-malware.rules)
 2002011 - BLEEDING-EDGE Malware PeopleonPage Spyware User Agent Activity 
(bleeding-malware.rules)
 2002014 - BLEEDING-EDGE Malware Grandstreet Interactive Spyware User Agent 
Activity (bleeding-malware.rules)
 2002020 - BLEEDING-EDGE Malware Overpro Spyware User Agent Activity 
(bleeding-malware.rules)
 2002038 - BLEEDING-EDGE Malware Shopathomeselect.com Spyware User Agent 
Activity (bleeding-malware.rules)
 2002059 - BLEEDING-EDGE VIRUS Possible Sober.P Outbound (bleeding-virus.rules)


[///]    Modified inactive rules:    [///]

 2001367 - BLEEDING-EDGE WORM RBOT inbound Bestfriends.scr 
(bleeding-virus.rules)
 2001565 - BLEEDING-EDGE Virus Netsky.P Worm - incoming (bleeding-virus.rules)
 2001568 - BLEEDING-EDGE VIRUS Bagel - incoming (bleeding-virus.rules)
 2001572 - BLEEDING-EDGE VIRUS Zafi Worm - incoming (bleeding-virus.rules)
 2001577 - BLEEDING-EDGE VIRUS Sober.I - incoming (bleeding-virus.rules)
 2001914 - BLEEDING-EDGE VIRUS Possible Sober.P Inbound (bleeding-virus.rules)
 2001925 - BLEEDING-EDGE VIRUS Mytob.ED email attachment 1 Inbound 
(bleeding-virus.rules)
 2001926 - BLEEDING-EDGE VIRUS Mytob.ED email attachment 2 Inbound 
(bleeding-virus.rules)
 2001927 - BLEEDING-EDGE VIRUS Mytob.ED email attachment 3 Inbound 
(bleeding-virus.rules)
 2002060 - BLEEDING-EDGE VIRUS Possible Sober.P Inbound (bleeding-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (62):
        2000040 || BLEEDING-EDGE VIRUS Sasser FTP Traffic || 
url,vil.mcafeesecurity.com/vil/content/Print125009.htm
        2000047 || BLEEDING-EDGE VIRUS Sasser Transfer _up.exe || 
url,vil.mcafeesecurity.com/vil/content/Print125009.htm
        2000310 || BLEEDING-EDGE VIRUS Probable Zafi VIRUS Outbound via SMTP || 
url,securityresponse.symantec.com/avcenter/venc/data/w32.erkez.a@mm.html
        2000561 || BLEEDING-EDGE VIRUS Possible Bagle.AI Worm Outbound || 
url,securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ag@mm.html
        2001045 || BLEEDING-EDGE MyDoom.P Query || 
url,www.sarc.com/avcenter/venc/data/w32.mydoom.p@mm.html
        2001065 || BLEEDING-EDGE VIRUS Possible Bagle.AQ Worm Outbound || 
url,securityresponse.symantec.com/avcenter/venc/data/w32.beagle.av@mm.html
        2001234 || BLEEDING-EDGE Win32/Small.AR outbound activity || 
url,www.sophos.com/virusinfo/analyses/trojsmallar.html
        2001268 || BLEEDING-EDGE VIRUS SWEN.A Worm detected || 
url,securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.html
        2001269 || BLEEDING-EDGE VIRUS Beagle User Agent Detected || 
url,securityresponse.symantec.com/avcenter/venc/data/w32.beagle.i@mm.html
        2001270 || BLEEDING-EDGE VIRUS Bagle Worm || 
url,securityresponse.symantec.com/avcenter/venc/data/w32.beagle.i@mm.html
        2001273 || BLEEDING-EDGE VIRUS Outbound W32.Novarg.A worm || 
url,securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.a@mm.html
        2001274 || BLEEDING-EDGE VIRUS MyDoom/MIMAIL.R Outbound 1 || 
url,vil.mcafeesecurity.com/vil/content/Print100989.htm
        2001275 || BLEEDING-EDGE VIRUS MyDoom/MIMAIL.R Outbound 2 || 
url,vil.mcafeesecurity.com/vil/content/Print100989.htm
        2001276 || BLEEDING-EDGE VIRUS MyDoom/MIMAIL.R Outbound 3 || 
url,vil.mcafeesecurity.com/vil/content/Print100989.htm
        2001277 || BLEEDING-EDGE VIRUS MyDoom/MIMAIL.R Variant Outbound || 
url,vil.mcafeesecurity.com/vil/content/Print100989.htm || 
url,vil.mcafeesecurity.com/vil/content/v_101014.htm
        2001278 || BLEEDING-EDGE VIRUS W32.Novarg.A SCO DOS || 
url,securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.a@mm.html
        2001279 || BLEEDING-EDGE VIRUS MyDoom.F Worm || 
url,vil.mcafeesecurity.com/vil/content/v_101014.htm
        2001280 || BLEEDING-EDGE VIRUS Netsky message.zip HEX port 139 || 
url,antivirus.about.com/cs/allabout/a/netskyp_2.htm
        2001281 || BLEEDING-EDGE VIRUS Netsky message.zip HEX port 445 || 
url,antivirus.about.com/cs/allabout/a/netskyp_2.htm
        2001282 || BLEEDING-EDGE VIRUS Netsky base64 port 1352 || 
url,antivirus.about.com/cs/allabout/a/netskyp_2.htm
        2001283 || BLEEDING-EDGE VIRUS Netsky base64 port 25 || 
url,antivirus.about.com/cs/allabout/a/netskyp_2.htm
        2001284 || BLEEDING-EDGE VIRUS Sober.F Outbound || 
url,securityresponse.symnatec.com/avcenter/venc/data/w32.sober.f@mm.html?Open
        2001285 || BLEEDING-EDGE VIRUS Sober.F Outbound || 
url,securityresponse.symnatec.com/avcenter/venc/data/w32.sober.f@mm.html?Open
        2001287 || BLEEDING-EDGE VIRUS W32/Stdbot.worm.a || McAfee,125306
        2001288 || BLEEDING-EDGE VIRUS W32/Stdbot.worm.b || McAfee,125306
        2001292 || BLEEDING-EDGE VIRUS Possible Bagle.AI Worm || 
url,securityresponse.symantec.com/avcenter/venc/data/w32.beagle.i@mm.html
        2001367 || BLEEDING-EDGE WORM RBOT inbound Bestfriends.scr || 
url,spree.mnin.org/forums/viewtopic.php?t-104
        2001547 || BLEEDING-EDGE VIRUS Sobig.E-F Trojan Site Download Request 
|| url,securityresponse.symantec.com/avcenter/venc/data/w32.sobig.e@mm.html
        2001565 || BLEEDING-EDGE Virus Netsky.P Worm - incoming || 
url,vil.nai.com/vil/content/v_101119.htm
        2001566 || BLEEDING-EDGE Virus Netsky.P Worm detected || 
url,vil.nai.com/vil/content/v_101119.htm
        2001567 || BLEEDING-EDGE VIRUS Bagel - outbound || 
url,securityresponse.symantec.com/avcenter/venc/data/w32.beagle.a@mm.html
        2001568 || BLEEDING-EDGE VIRUS Bagel - incoming || 
url,securityresponse.symantec.com/avcenter/venc/data/w32.beagle.a@mm.html
        2001572 || BLEEDING-EDGE VIRUS Zafi Worm - incoming || 
url,securityresponse.symantec.com/avcenter/venc/data/w32.erkez.b@mm.html
        2001573 || BLEEDING-EDGE VIRUS Zafi Worm outgoing detected || 
url,securityresponse.symantec.com/avcenter/venc/data/w32.erkez.b@mm.html
        2001577 || BLEEDING-EDGE VIRUS Sober.I - incoming || 
url,securityresponse.symnatec.com/avcenter/venc/data/w32.sober.i@mm.html
        2001578 || BLEEDING-EDGE VIRUS Sober.I - outbound || 
url,securityresponse.symnatec.com/avcenter/venc/data/w32.sober.i@mm.html
        2001607 || BLEEDING-EDGE Virus Possible santy.A Worm Defaced Page || 
url,securityresponse.symantec.com/avcenter/venc/data/perl.santy.html || 
url,securityresponse.symantec.com/avcenter/venc/data/perl.santy.html
        2001617 || BLEEDING-EDGE Virus Santy.B worm variants searching for 
targets || 
url,securityresponse.symantec.com/avcenter/venc/data/perl.santy.b.html
        2001618 || BLEEDING-EDGE Virus Santy.B worm variants searching for 
targets || 
url,securityresponse.symantec.com/avcenter/venc/data/perl.santy.b.html
        2001619 || BLEEDING-EDGE Virus Santy.B worm variants serarching for 
targets (yahoo) || 
url,securityresponse.symantec.com/avcenter/venc/data/perl.santy.b.html
        2001726 || BLEEDING-EDGE Virus Trojan-Spy.Win32.Bancos Download || 
url,securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.b.html
        2001743 || BLEEDING-EDGE Trojan HackerDefender Root Kit Remote 
Connection Attempt Detected || 
url,securityresponse.symantec.com/avcenter/venc/data/backdoor.hackerdefender.html
        2001879 || BLEEDING-EDGE VIRUS Sober-style Ehlo - noalert || 
url,securityresponse.symnatec.com/avcenter/venc/data/w32.sober@mm.html
        2001880 || BLEEDING-EDGE VIRUS Sober-style Ehlo followed by SMTP AUTH - 
noalert || 
url,securityresponse.symnatec.com/avcenter/venc/data/w32.sober@mm.html
        2001881 || BLEEDING-EDGE VIRUS Possible Sober virus attachment Outbound 
|| url,securityresponse.symnatec.com/avcenter/venc/data/w32.sober@mm.html
        2001899 || BLEEDING-EDGE Botnet HTTP Botnet reg || 
url,www.honeynet.org/papers/bots
        2001900 || BLEEDING-EDGE BwB Botnet Checkin || 
url,www.honeynet.org/papers/bots
        2001913 || BLEEDING-EDGE VIRUS Possible Sober.P Outbound || 
url,securityresponse.symnatec.com/avcenter/venc/data/w32.sober.o@mm.html
        2001914 || BLEEDING-EDGE VIRUS Possible Sober.P Inbound || 
url,securityresponse.symnatec.com/avcenter/venc/data/w32.sober.o@mm.html
        2001919 || BLEEDING-EDGE VIRUS - Greeting card gif.exe email incoming 
SMTP || 
url,securityresponse.symantec.com/avcenter/venc/data/vbs.postcard@mm.html
        2001920 || BLEEDING-EDGE VIRUS - Greeting card gif.exe email incoming 
POP3/IMAP || 
url,securityresponse.symantec.com/avcenter/venc/data/vbs.postcard@mm.html
        2001921 || BLEEDING-EDGE VIRUS - Greeting card gif.exe email incoming 
HTTP || 
url,securityresponse.symantec.com/avcenter/venc/data/vbs.postcard@mm.html
        2001922 || BLEEDING-EDGE VIRUS Mytob.ED email attachment 1 Outbound || 
url,securityresponse.symantec.com/avcenter/venc/data/w32.mytob.ed@mm.html
        2001923 || BLEEDING-EDGE VIRUS Mytob.ED email attachment 2 Outbound || 
url,securityresponse.symantec.com/avcenter/venc/data/w32.mytob.ed@mm.html
        2001924 || BLEEDING-EDGE VIRUS Mytob.ED email attachment 3 Outbound || 
url,securityresponse.symantec.com/avcenter/venc/data/w32.mytob.ed@mm.html
        2001925 || BLEEDING-EDGE VIRUS Mytob.ED email attachment 1 Inbound || 
url,securityresponse.symantec.com/avcenter/venc/data/w32.mytob.ed@mm.html
        2001926 || BLEEDING-EDGE VIRUS Mytob.ED email attachment 2 Inbound || 
url,securityresponse.symantec.com/avcenter/venc/data/w32.mytob.ed@mm.html
        2001927 || BLEEDING-EDGE VIRUS Mytob.ED email attachment 3 Inbound || 
url,securityresponse.symantec.com/avcenter/venc/data/w32.mytob.ed@mm.html
        2001933 || BLEEDING-EDGE VIRUS PWS Banker Trojan Sending Report of 
Infection || 
url,securityresponse.symantec.com/avcenter/venc/data/pwsteal.banker.b.html
        2001967 || BLEEDING-EDGE VIRUS Fireby proxy trojan port report || 
url,securityresponse.symantec.com/avcenter/venc/data/backdoor.staprew.b.html
        2002059 || BLEEDING-EDGE VIRUS Possible Sober.P Outbound || 
url,securityresponse.symnatec.com/avcenter/venc/data/w32.sober.o@mm.html
        2002060 || BLEEDING-EDGE VIRUS Possible Sober.P Inbound || 
url,securityresponse.symnatec.com/avcenter/venc/data/w32.sober.o@mm.html

     -> Added to bleeding-web.rules (1):
        #By Blake Hartstein

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (62):
        2000040 || BLEEDING-EDGE VIRUS Sasser FTP Traffic
        2000047 || BLEEDING-EDGE VIRUS Sasser Transfer up.exe
        2000310 || BLEEDING-EDGE VIRUS Probable Zafi VIRUS Outbound via SMTP
        2000561 || BLEEDING-EDGE VIRUS Possible Bagle.AI Worm Outbound
        2001045 || BLEEDING-EDGE MyDoom.P Query
        2001065 || BLEEDING-EDGE VIRUS Possible Bagle.AQ Worm Outbound
        2001234 || BLEEDING-EDGE Win32/Small.AR outbound activity
        2001268 || BLEEDING-EDGE VIRUS SWEN.A Worm detected
        2001269 || BLEEDING-EDGE VIRUS Beagle User Agent Detected
        2001270 || BLEEDING-EDGE VIRUS Bagle Worm
        2001273 || BLEEDING-EDGE VIRUS Outbound W32.Novarg.A worm
        2001274 || BLEEDING-EDGE VIRUS MyDoom/MIMAIL.R Outbound 1
        2001275 || BLEEDING-EDGE VIRUS MyDoom/MIMAIL.R Outbound 2
        2001276 || BLEEDING-EDGE VIRUS MyDoom/MIMAIL.R Outbound 3
        2001277 || BLEEDING-EDGE VIRUS MyDoom/MIMAIL.R Variant Outbound
        2001278 || BLEEDING-EDGE VIRUS W32.Novarg.A SCO DOS
        2001279 || BLEEDING-EDGE VIRUS MyDoom.F Worm
        2001280 || BLEEDING-EDGE VIRUS Netsky message.zip HEX port 139
        2001281 || BLEEDING-EDGE VIRUS Netsky message.zip HEX port 445
        2001282 || BLEEDING-EDGE VIRUS Netsky base64 port 1352
        2001283 || BLEEDING-EDGE VIRUS Netsky base64 port 25
        2001284 || BLEEDING-EDGE VIRUS Sober.F Outbound
        2001285 || BLEEDING-EDGE VIRUS Sober.F Outbound
        2001287 || BLEEDING-EDGE VIRUS W32/Stdbot.worm.a
        2001288 || BLEEDING-EDGE VIRUS W32/Stdbot.worm.b
        2001292 || BLEEDING-EDGE VIRUS Possible Bagle.AI Worm
        2001367 || BLEEDING-EDGE WORM RBOT inbound Bestfriends.scr
        2001547 || BLEEDING-EDGE VIRUS Sobig.E-F Trojan Site Download Request
        2001565 || BLEEDING-EDGE Virus Netsky.P Worm - incoming
        2001566 || BLEEDING-EDGE Virus Netsky.P Worm detected
        2001567 || BLEEDING-EDGE VIRUS Bagel - outbound
        2001568 || BLEEDING-EDGE VIRUS Bagel - incoming
        2001572 || BLEEDING-EDGE VIRUS Zafi Worm - incoming
        2001573 || BLEEDING-EDGE VIRUS Zafi Worm outgoing detected
        2001577 || BLEEDING-EDGE VIRUS Sober.I - incoming
        2001578 || BLEEDING-EDGE VIRUS Sober.I - outbound
        2001607 || BLEEDING-EDGE Virus Possible santy.A Worm Defaced Page || 
url,securityresponse.symantec.com/avcenter/venc/data/perl.santy.html
        2001617 || BLEEDING-EDGE Virus Santy.B worm variants searching for 
targets
        2001618 || BLEEDING-EDGE Virus Santy.B worm variants searching for 
targets
        2001619 || BLEEDING-EDGE Virus Santy.B worm variants serarching for 
targets (yahoo)
        2001726 || BLEEDING-EDGE Virus Trojan-Spy.Win32.Bancos Download
        2001743 || BLEEDING-EDGE Trojan HackerDefender Root Kit Remote 
Connection Attempt Detected
        2001879 || BLEEDING-EDGE VIRUS Sober-style Ehlo - noalert
        2001880 || BLEEDING-EDGE VIRUS Sober-style Ehlo followed by SMTP AUTH - 
noalert
        2001881 || BLEEDING-EDGE VIRUS Possible Sober virus attachment Outbound
        2001899 || BLEEDING-EDGE Botnet HTTP Botnet reg
        2001900 || BLEEDING-EDGE BwB Botnet Checkin
        2001913 || BLEEDING-EDGE VIRUS Possible Sober.P Outbound
        2001914 || BLEEDING-EDGE VIRUS Possible Sober.P Inbound
        2001919 || BLEEDING-EDGE VIRUS - Greeting card gif.exe email incoming 
SMTP
        2001920 || BLEEDING-EDGE VIRUS - Greeting card gif.exe email incoming 
POP3/IMAP
        2001921 || BLEEDING-EDGE VIRUS - Greeting card gif.exe email incoming 
HTTP
        2001922 || BLEEDING-EDGE VIRUS Mytob.ED email attachment 1 Outbound
        2001923 || BLEEDING-EDGE VIRUS Mytob.ED email attachment 2 Outbound
        2001924 || BLEEDING-EDGE VIRUS Mytob.ED email attachment 3 Outbound
        2001925 || BLEEDING-EDGE VIRUS Mytob.ED email attachment 1 Inbound
        2001926 || BLEEDING-EDGE VIRUS Mytob.ED email attachment 2 Inbound
        2001927 || BLEEDING-EDGE VIRUS Mytob.ED email attachment 3 Inbound
        2001933 || BLEEDING-EDGE VIRUS PWS Banker Trojan Sending Report of 
Infection
        2001967 || BLEEDING-EDGE VIRUS Fireby proxy trojan port report
        2002059 || BLEEDING-EDGE VIRUS Possible Sober.P Outbound
        2002060 || BLEEDING-EDGE VIRUS Possible Sober.P Inbound

     -> Removed from bleeding-web.rules (1):
        #By Blake Harstein



-------------------------------------------------------
This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening
July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual
core and dual graphics technology at this free one hour event hosted by HP,
AMD, and NVIDIA.  To register visit http://www.hp.com/go/dualwebinar
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Snort-sigs] SID 3466 reference incorrect, Nigel Houghton
Next by Date:  [Snort-sigs] change msg nortan to norton on sid 2485 (snort233b14), rmkml
Previous by Thread:  [Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Next by Thread:  [Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Indexes:  [Date] [Thread] [Top] [All Lists]