Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] Bleedingsnort.com Daily Update

from [bleeding] Network Security [Permanent Link]
Subject: [Snort-sigs] Bleedingsnort.com Daily Update
Date: Mon, 8 Aug 2005 20:00:05 -0500 (EST) 

[***] Results from Oinkmaster started Mon Aug  8 20:00:04 2005 [***]

[+++]          Added rules:          [+++]

 2002159 - BLEEDING-EDGE WEB Blog Spamming HTTP_X (bleeding-web.rules)
 2002160 - BLEEDING-EDGE MALWARE CoolWebSearch Spyware (bleeding-malware.rules)
 2002161 - BLEEDING-EDGE MALWARE CoolWebSearch Spyware (bleeding-malware.rules)
 2002162 - BLEEDING-EDGE MALWARE CoolWebSearch Spyware (bleeding-malware.rules)
 2002163 - BLEEDING-EDGE MALWARE Ezula Update Engine (bleeding-malware.rules)
 2002164 - BLEEDING-EDGE MALWARE Hotbar Spyware (bleeding-malware.rules)
 2002165 - BLEEDING-EDGE MALWARE IESearch Spyware (bleeding-malware.rules)
 2002166 - BLEEDING-EDGE MALWARE Alexa Search Toolbar (bleeding-malware.rules)
 2002167 - BLEEDING-EDGE MALWARE Spyware Labs Spyware (bleeding-malware.rules)
 2002168 - BLEEDING-EDGE MALWARE Svcmm Parasite (bleeding-malware.rules)
 2002169 - BLEEDING-EDGE MALWARE iWon Spyware (bleeding-malware.rules)


[///]     Modified active rules:     [///]

 2000011 - BLEEDING-EDGE DOS Catalyst memory leak attack (bleeding-dos.rules)
 2000366 - BLEEDING-EDGE MALWARE Binet (bleeding-malware.rules)
 2000367 - BLEEDING-EDGE MALWARE Binet (bleeding-malware.rules)
 2000368 - BLEEDING-EDGE Malware Gator/Claria Agent Installed 
(bleeding-malware.rules)
 2000371 - BLEEDING-EDGE MALWARE Binet (bleeding-malware.rules)
 2000575 - BLEEDING-EDGE ICMP PING IPTools (bleeding-scan.rules)
 2000582 - BLEEDING-EDGE Malware F1Organizer Reporting (bleeding-malware.rules)
 2000585 - BLEEDING-EDGE Malware F1Organizer Install Attempt 
(bleeding-malware.rules)
 2000593 - BLEEDING-EDGE MALWARE Binet Ad Retrieval (bleeding-malware.rules)
 2000900 - BLEEDING-EDGE Malware JoltID Agent Probing or Announcing UDP 
(bleeding-malware.rules)
 2000905 - BLEEDING-EDGE Malware FlashPoint Agent Retrieving New Code 
(bleeding-malware.rules)
 2000920 - BLEEDING-EDGE Malware Hotbar Install (bleeding-malware.rules)
 2000921 - BLEEDING-EDGE Malware Hotbar Install (bleeding-malware.rules)
 2000922 - BLEEDING-EDGE Malware Hotbar Install (bleeding-malware.rules)
 2000923 - BLEEDING-EDGE Malware Hotbar Agent Reporting Information 
(bleeding-malware.rules)
 2000924 - BLEEDING-EDGE Malware Hotbar Agent Upgrading (bleeding-malware.rules)
 2000925 - BLEEDING-EDGE Malware Hotbar Agent Partner Checkin 
(bleeding-malware.rules)
 2000926 - BLEEDING-EDGE Malware ISearchTech.com XXXPornToolbar Install 
(bleeding-malware.rules)
 2000927 - BLEEDING-EDGE Malware ISearchTech.com XXXPornToolbar Reporting 
(bleeding-malware.rules)
 2000928 - BLEEDING-EDGE Malware ISearchTech.com XXXPornToolbar Activity 
(bleeding-malware.rules)
 2000929 - BLEEDING-EDGE Malware Hotbar Agent Activity (bleeding-malware.rules)
 2000931 - BLEEDING-EDGE Malware Comet Systems Spyware Traffic 
(bleeding-malware.rules)
 2000936 - BLEEDING-EDGE Malware FlashTrack Agent Retrieving New App Code 
(bleeding-malware.rules)
 2001015 - BLEEDING-EDGE Malware JoltID Agent Keep-Alive 
(bleeding-malware.rules)
 2001050 - BLEEDING-EDGE Malware CometSystems Spyware (bleeding-malware.rules)
 2001219 - BLEEDING-EDGE Potential SSH Scan (bleeding-scan.rules)
 2001221 - BLEEDING-EDGE Malware F1Organizer Config Download 
(bleeding-malware.rules)
 2001284 - BLEEDING-EDGE VIRUS Sober.F Outbound (bleeding-virus.rules)
 2001285 - BLEEDING-EDGE VIRUS Sober.F Outbound (bleeding-virus.rules)
 2001339 - BLEEDING-EDGE MALWARE BInet Information Upload 
(bleeding-malware.rules)
 2001374 - BLEEDING-EDGE EXPLOIT MS04-032 Bad EMF file (bleeding-exploit.rules)
 2001395 - BLEEDING-EDGE Malware ISearchTech.com XXXPornToolbar Activity 
(bleeding-malware.rules)
 2001440 - BLEEDING-EDGE MALWARE Abox Download (bleeding-malware.rules)
 2001441 - BLEEDING-EDGE MALWARE Abox Install Report (bleeding-malware.rules)
 2001459 - BLEEDING-EDGE Malware Overpro Spyware Games (bleeding-malware.rules)
 2001492 - BLEEDING-EDGE Malware ISearchTech.com XXXPornToolbar Activity 
(bleeding-malware.rules)
 2001493 - BLEEDING-EDGE Malware ISearchTech.com XXXPornToolbar Activity 
(bleeding-malware.rules)
 2001576 - BLEEDING-EDGE MALWARE BInet Information Install Report 
(bleeding-malware.rules)
 2001578 - BLEEDING-EDGE VIRUS Sober.I - outbound (bleeding-virus.rules)
 2001609 - BLEEDING-EDGE F5 BIG-IP 3DNS TCP Probe 1 (bleeding-scan.rules)
 2001610 - BLEEDING-EDGE F5 BIG-IP 3DNS TCP Probe 2 (bleeding-scan.rules)
 2001611 - BLEEDING-EDGE F5 BIG-IP 3DNS TCP Probe 3 (bleeding-scan.rules)
 2001658 - BLEEDING-EDGE Malware Comet Systems Spyware Reporting 
(bleeding-malware.rules)
 2001679 - BLEEDING-EDGE Malware JoltID Agent P2P via Proxy Server 
(bleeding-malware.rules)
 2001696 - BLEEDING-EDGE Malware Search Relevancy Spyware 
(bleeding-malware.rules)
 2001725 - BLEEDING-EDGE EXPLOIT MS05-014 HTML OBJECT tag local zone exploit 
(bleeding-exploit.rules)
 2001743 - BLEEDING-EDGE Trojan HackerDefender Root Kit Remote Connection 
Attempt Detected (bleeding-virus.rules)
 2001751 - BLEEDING-EDGE EXPLOIT Shoutcast file request overflow 
(bleeding-exploit.rules)
 2001879 - BLEEDING-EDGE VIRUS Sober-style Ehlo - noalert (bleeding-virus.rules)
 2001880 - BLEEDING-EDGE VIRUS Sober-style Ehlo followed by SMTP AUTH - noalert 
(bleeding-virus.rules)
 2001881 - BLEEDING-EDGE VIRUS Possible Sober virus attachment Outbound 
(bleeding-virus.rules)
 2001882 - BLEEDING-EDGE DOS ICMP Path MTU lowered below acceptable threshold 
(bleeding-dos.rules)
 2001904 - BLEEDING-EDGE Behavioral Unusually fast Telnet Connections, 
Potential Scan or Brute Force (bleeding-scan.rules)
 2001913 - BLEEDING-EDGE VIRUS Possible Sober.P Outbound (bleeding-virus.rules)
 2001959 - BLEEDING-EDGE VIRUS Hotword Trojan in Transit (bleeding-virus.rules)
 2001960 - BLEEDING-EDGE VIRUS Hotword Trojan inbound via http 
(bleeding-virus.rules)
 2001961 - BLEEDING-EDGE VIRUS Hotword Trojan -- Possible File Upload CHJO 
(bleeding-virus.rules)
 2001962 - BLEEDING-EDGE VIRUS Hotword Trojan -- Possible File Upload CFXP 
(bleeding-virus.rules)
 2001963 - BLEEDING-EDGE VIRUS Hotword Trojan -- Possible FTP File Request 
pspv.exe (bleeding-virus.rules)
 2001964 - BLEEDING-EDGE VIRUS Hotword Trojan -- Possible FTP File Request .tea 
(bleeding-virus.rules)
 2001965 - BLEEDING-EDGE VIRUS Hotword Trojan -- Possible FTP File Status 
Upload ___ (bleeding-virus.rules)
 2001966 - BLEEDING-EDGE VIRUS Hotword Trojan -- Possible FTP File Status Check 
___ (bleeding-virus.rules)
 2002017 - BLEEDING-EDGE Malware Overpro Spyware Install Report 
(bleeding-malware.rules)
 2002059 - BLEEDING-EDGE VIRUS Possible Sober.P Outbound (bleeding-virus.rules)
 2002069 - BLEEDING-EDGE WEB Blog Spam Insert Attempt (bleeding-web.rules)


[///]    Modified inactive rules:    [///]

 2000419 - BLEEDING-EDGE PE EXE or DLL Windows file download 
(bleeding-policy.rules)
 2000551 - BLEEDING-EDGE Malware Comet Cursor spyware detection 
(bleeding-malware.rules)
 2000901 - BLEEDING-EDGE Malware JoltID Agent Communicating TCP 
(bleeding-malware.rules)
 2001398 - BLEEDING-EDGE MALWARE Bfast.com Spyware (bleeding-malware.rules)
 2001577 - BLEEDING-EDGE VIRUS Sober.I - incoming (bleeding-virus.rules)
 2001914 - BLEEDING-EDGE VIRUS Possible Sober.P Inbound (bleeding-virus.rules)
 2002060 - BLEEDING-EDGE VIRUS Possible Sober.P Inbound (bleeding-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-dos.rules (1):
        # alert on pmtu frames with next-hop mtu not 0 (old RFC shortcut) and 
(added this so the sig wouldn't trigger missing reference:url, search errors)

     -> Added to bleeding-malware.rules (2):
        #New from Chris Taylor and the User agents project
        #Disabling, Hits on regular windows update type traffic to 
sa.windows.com

     -> Added to bleeding-sid-msg.map (82):
        2000011 || BLEEDING-EDGE DOS Catalyst memory leak attack || 
url,www.cisco.com/en/US/products/products_security_advisory09186a00800b138e.shtml
        2000366 || BLEEDING-EDGE MALWARE Binet || 
url,sarc.com/avcenter/venc/data/pf/adware.betterinternet.html
        2000367 || BLEEDING-EDGE MALWARE Binet || 
url,sarc.com/avcenter/venc/data/pf/adware.betterinternet.html
        2000368 || BLEEDING-EDGE Malware Gator/Claria Agent Installed
        2000371 || BLEEDING-EDGE MALWARE Binet || 
url,sarc.com/avcenter/venc/data/pf/adware.betterinternet.html
        2000419 || BLEEDING-EDGE PE EXE or DLL Windows file download
        2000551 || BLEEDING-EDGE Malware Comet Cursor spyware detection
        2000575 || BLEEDING-EDGE ICMP PING IPTools || 
url,www.ks-soft.net/ip-tools.eng/index.htm || url,www.ks-soft.net/ip-tools.eng
        2000582 || BLEEDING-EDGE Malware F1Organizer Reporting
        2000585 || BLEEDING-EDGE Malware F1Organizer Install Attempt
        2000593 || BLEEDING-EDGE MALWARE Binet Ad Retrieval || 
url,sarc.com/avcenter/venc/data/pf/adware.betterinternet.html
        2000900 || BLEEDING-EDGE Malware JoltID Agent Probing or Announcing UDP 
|| 
url,securityresponse.symantec.com/avcenter/venc/data/adware.p2pnetworking.html 
|| url,forum.treweeke.com/lofiversion/index.php/t597.html || url,www.joltid.com
        2000901 || BLEEDING-EDGE Malware JoltID Agent Communicating TCP || 
url,securityresponse.symantec.com/avcenter/venc/data/adware.p2pnetworking.html 
|| url,forum.treweeke.com/lofiversion/index.php/t597.html || url,www.joltid.com
        2000905 || BLEEDING-EDGE Malware FlashPoint Agent Retrieving New Code 
|| url,www.flashpoint.bm
        2000920 || BLEEDING-EDGE Malware Hotbar Install || url,www.hotbar.com
        2000921 || BLEEDING-EDGE Malware Hotbar Install || url,www.hotbar.com
        2000922 || BLEEDING-EDGE Malware Hotbar Install || url,www.hotbar.com
        2000923 || BLEEDING-EDGE Malware Hotbar Agent Reporting Information || 
url,www.hotbar.com
        2000924 || BLEEDING-EDGE Malware Hotbar Agent Upgrading || 
url,www.hotbar.com
        2000925 || BLEEDING-EDGE Malware Hotbar Agent Partner Checkin || 
url,www.hotbar.com
        2000926 || BLEEDING-EDGE Malware ISearchTech.com XXXPornToolbar Install 
|| url,www.isearchtech.com
        2000927 || BLEEDING-EDGE Malware ISearchTech.com XXXPornToolbar 
Reporting || url,www.isearchtech.com
        2000928 || BLEEDING-EDGE Malware ISearchTech.com XXXPornToolbar 
Activity || url,www.isearchtech.com
        2000929 || BLEEDING-EDGE Malware Hotbar Agent Activity || 
url,www.hotbar.com
        2000931 || BLEEDING-EDGE Malware Comet Systems Spyware Traffic
        2000936 || BLEEDING-EDGE Malware FlashTrack Agent Retrieving New App 
Code || url,www.flashpoint.bm
        2001015 || BLEEDING-EDGE Malware JoltID Agent Keep-Alive || 
url,securityresponse.symantec.com/avcenter/venc/data/adware.p2pnetworking.html 
|| url,forum.treweeke.com/lofiversion/index.php/t597.html || url,www.joltid.com
        2001050 || BLEEDING-EDGE Malware CometSystems Spyware
        2001219 || BLEEDING-EDGE Potential SSH Scan || 
url,www.whitedust.net/article/27/Recent%20SSH%20Brute-Force%20Attacks/
        2001221 || BLEEDING-EDGE Malware F1Organizer Config Download
        2001284 || BLEEDING-EDGE VIRUS Sober.F Outbound || 
url,securityresponse.symantec.com/avcenter/venc/data/w32.sober.f@mm.html?Open
        2001285 || BLEEDING-EDGE VIRUS Sober.F Outbound || 
url,securityresponse.symantec.com/avcenter/venc/data/w32.sober.f@mm.html?Open
        2001339 || BLEEDING-EDGE MALWARE BInet Information Upload || 
url,sarc.com/avcenter/venc/data/pf/adware.betterinternet.html
        2001374 || BLEEDING-EDGE EXPLOIT MS04-032 Bad EMF file || 
url,www.sygate.com/alerts/SSR20041013-0001.htm
        2001395 || BLEEDING-EDGE Malware ISearchTech.com XXXPornToolbar 
Activity || url,www.isearchtech.com
        2001398 || BLEEDING-EDGE MALWARE Bfast.com Spyware
        2001440 || BLEEDING-EDGE MALWARE Abox Download
        2001441 || BLEEDING-EDGE MALWARE Abox Install Report || 
url,securityresponse.symantec.com/avcenter/venc/data/adware.adultbox.html
        2001459 || BLEEDING-EDGE Malware Overpro Spyware Games || 
url,securityresponse.symantec.com/avcenter/venc/data/adware.overpro.html
        2001492 || BLEEDING-EDGE Malware ISearchTech.com XXXPornToolbar 
Activity || url,www.isearchtech.com
        2001493 || BLEEDING-EDGE Malware ISearchTech.com XXXPornToolbar 
Activity || url,www.isearchtech.com
        2001576 || BLEEDING-EDGE MALWARE BInet Information Install Report || 
url,sarc.com/avcenter/venc/data/pf/adware.betterinternet.html
        2001577 || BLEEDING-EDGE VIRUS Sober.I - incoming || 
url,securityresponse.symantec.com/avcenter/venc/data/w32.sober.i@mm.html
        2001578 || BLEEDING-EDGE VIRUS Sober.I - outbound || 
url,securityresponse.symantec.com/avcenter/venc/data/w32.sober.i@mm.html
        2001609 || BLEEDING-EDGE F5 BIG-IP 3DNS TCP Probe 1 || 
url,www.f5.com/f5products/v9intro/index.html
        2001610 || BLEEDING-EDGE F5 BIG-IP 3DNS TCP Probe 2 || 
url,www.f5.com/f5products/v9intro/index.html
        2001611 || BLEEDING-EDGE F5 BIG-IP 3DNS TCP Probe 3 || 
url,www.f5.com/f5products/v9intro/index.html
        2001658 || BLEEDING-EDGE Malware Comet Systems Spyware Reporting
        2001679 || BLEEDING-EDGE Malware JoltID Agent P2P via Proxy Server || 
url,securityresponse.symantec.com/avcenter/venc/data/adware.p2pnetworking.html
        2001696 || BLEEDING-EDGE Malware Search Relevancy Spyware || 
url,securityresponse.symantec.com/avcenter/venc/data/spyware.relevancy.html
        2001725 || BLEEDING-EDGE EXPLOIT MS05-014 HTML OBJECT tag local zone 
exploit || url,www.microsoft.com/technet/security/bulletin/ms05-014.mspx
        2001743 || BLEEDING-EDGE Trojan HackerDefender Root Kit Remote 
Connection Attempt Detected || 
url,securityresponse.symantec.com/avcenter/venc/data/backdoor.hackdefender.html
        2001751 || BLEEDING-EDGE EXPLOIT Shoutcast file request overflow || 
url,www.frsirt.com/exploits/product/3514 || cve,CAN-2002-1470
        2001879 || BLEEDING-EDGE VIRUS Sober-style Ehlo - noalert || 
url,securityresponse.symantec.com/avcenter/venc/data/w32.sober@mm.html
        2001880 || BLEEDING-EDGE VIRUS Sober-style Ehlo followed by SMTP AUTH - 
noalert || 
url,securityresponse.symantec.com/avcenter/venc/data/w32.sober@mm.html
        2001881 || BLEEDING-EDGE VIRUS Possible Sober virus attachment Outbound 
|| url,securityresponse.symantec.com/avcenter/venc/data/w32.sober@mm.html
        2001904 || BLEEDING-EDGE Behavioral Unusually fast Telnet Connections, 
Potential Scan or Brute Force || url,www.rapid7.com/nexpose-faq-answer2.htm
        2001913 || BLEEDING-EDGE VIRUS Possible Sober.P Outbound || 
url,securityresponse.symantec.com/avcenter/venc/data/w32.sober.o@mm.html
        2001914 || BLEEDING-EDGE VIRUS Possible Sober.P Inbound || 
url,securityresponse.symantec.com/avcenter/venc/data/w32.sober.o@mm.html
        2001959 || BLEEDING-EDGE VIRUS Hotword Trojan in Transit || 
url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2001960 || BLEEDING-EDGE VIRUS Hotword Trojan inbound via http || 
url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2001961 || BLEEDING-EDGE VIRUS Hotword Trojan -- Possible File Upload 
CHJO || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2001962 || BLEEDING-EDGE VIRUS Hotword Trojan -- Possible File Upload 
CFXP || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2001963 || BLEEDING-EDGE VIRUS Hotword Trojan -- Possible FTP File 
Request pspv.exe || 
url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2001964 || BLEEDING-EDGE VIRUS Hotword Trojan -- Possible FTP File 
Request .tea || 
url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2001965 || BLEEDING-EDGE VIRUS Hotword Trojan -- Possible FTP File 
Status Upload ___ || 
url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2001966 || BLEEDING-EDGE VIRUS Hotword Trojan -- Possible FTP File 
Status Check ___ || 
url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2002017 || BLEEDING-EDGE Malware Overpro Spyware Install Report || 
url,securityresponse.symantec.com/avcenter/venc/data/adware.overpro.html
        2002059 || BLEEDING-EDGE VIRUS Possible Sober.P Outbound || 
url,securityresponse.symantec.com/avcenter/venc/data/w32.sober.o@mm.html
        2002060 || BLEEDING-EDGE VIRUS Possible Sober.P Inbound || 
url,securityresponse.symantec.com/avcenter/venc/data/w32.sober.o@mm.html
        2002069 || BLEEDING-EDGE WEB Blog Spam Insert Attempt || 
url,www.webmasterworld.com/forum92/3683.htm || 
url,lists.geeklog.net/pipermail/geeklog-spam/2005-June/000020.html || 
url,spamhuntress.com/2005/05/14/new-block-for-bulgarians/
        2002159 || BLEEDING-EDGE WEB Blog Spamming HTTP_X || 
url,www.webmasterworld.com/forum92/3683.htm || 
url,lists.geeklog.net/pipermail/geeklog-spam/2005-June/000020.html || 
url,spamhuntress.com/2005/05/14/new-block-for-bulgarians/
        2002160 || BLEEDING-EDGE MALWARE CoolWebSearch Spyware || 
url,www.doxdesk.com/parasite/CoolWebSearch.html || 
url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453075759 || 
url,www.spywareguide.com/product_show.php?id=599
        2002161 || BLEEDING-EDGE MALWARE CoolWebSearch Spyware || 
url,www.doxdesk.com/parasite/CoolWebSearch.html || 
url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453075759 || 
url,www.spywareguide.com/product_show.php?id=599
        2002162 || BLEEDING-EDGE MALWARE CoolWebSearch Spyware || 
url,www.doxdesk.com/parasite/CoolWebSearch.html || 
url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453075759 || 
url,www.spywareguide.com/product_show.php?id=599
        2002163 || BLEEDING-EDGE MALWARE Ezula Update Engine || 
url,www.spywareguide.com/product_show.php?id=9
        2002164 || BLEEDING-EDGE MALWARE Hotbar Spyware || 
url,www.pchell.com/support/hotbar.shtml || 
url,www.doxdesk.com/parasite/Hotbar.html
        2002165 || BLEEDING-EDGE MALWARE IESearch Spyware || 
url,www.spywareguide.com/product_show.php?id=982
        2002166 || BLEEDING-EDGE MALWARE Alexa Search Toolbar || 
url,www.spywareguide.com/product_show.php?id=418
        2002167 || BLEEDING-EDGE MALWARE Spyware Labs Spyware || 
url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453076771
        2002168 || BLEEDING-EDGE MALWARE Svcmm Parasite || 
url,doxdesk.com/parasite/SvcMM.html || url,castlecops.com/startuplist-5862.html
        2002169 || BLEEDING-EDGE MALWARE iWon Spyware || 
url,www.spywareguide.com/product_show.php?id=461

     -> Added to bleeding-web.rules (1):
        #By Jeff Kell

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-dos.rules (1):
        # alert on pmtu frames with next-hop mtu not 0 (old RFC shortcut) and

     -> Removed from bleeding-sid-msg.map (71):
        2000011 || BLEEDING-EDGE DOS Catalyst memory leak attack
        2000366 || BLEEDING-EDGE MALWARE Binet || 
url,sarc.com/avcenter/venc/data/pf/adware.binet.html
        2000367 || BLEEDING-EDGE MALWARE Binet || 
url,sarc.com/avcenter/venc/data/pf/adware.binet.html
        2000368 || BLEEDING-EDGE Malware Gator/Claria Agent Installed || 
url,pestpatrol.com/pestinfo/g/gain.asp
        2000371 || BLEEDING-EDGE MALWARE Binet || 
url,sarc.com/avcenter/venc/data/pf/adware.binet.html
        2000419 || BLEEDING-EDGE PE EXE or DLL Windows file download || 
url,hyatus.dune2.info/Miscellanous/exe_header.html
        2000551 || BLEEDING-EDGE Malware Comet Cursor spyware detection || 
url,simplythebest.net/info/spyware/comet_cursor_spyware.html
        2000575 || BLEEDING-EDGE ICMP PING IPTools || 
url,www.ks-soft.net/ip-tools.eng
        2000582 || BLEEDING-EDGE Malware F1Organizer Reporting || 
url,www.f1organizer.com
        2000585 || BLEEDING-EDGE Malware F1Organizer Install Attempt || 
url,www.f1organizer.com
        2000593 || BLEEDING-EDGE MALWARE Binet Ad Retrieval || 
url,sarc.com/avcenter/venc/data/pf/adware.binet.html
        2000900 || BLEEDING-EDGE Malware JoltID Agent Probing or Announcing UDP 
|| 
url,securityresponse.symantec.com/avcenter/venc/data/adware/p2pnetworking.html 
|| url,forum.treweeke.com/lofiversion/index.php/t597.html || url,www.joltid.com
        2000901 || BLEEDING-EDGE Malware JoltID Agent Communicating TCP || 
url,securityresponse.symantec.com/avcenter/venc/data/adware/p2pnetworking.html 
|| url,forum.treweeke.com/lofiversion/index.php/t597.html || url,www.joltid.com
        2000905 || BLEEDING-EDGE Malware FlashPoint Agent Retrieving New Code 
|| url,www.flashpoint.bm || 
url,simplythebest.net/info/spyware/flashtrack_spyware.html
        2000920 || BLEEDING-EDGE Malware Hotbar Install || 
url,www.simplythebest.net/info/spyware/hotbar_spyware.html || url,www.hotbar.com
        2000921 || BLEEDING-EDGE Malware Hotbar Install || 
url,www.simplythebest.net/info/spyware/hotbar_spyware.html || url,www.hotbar.com
        2000922 || BLEEDING-EDGE Malware Hotbar Install || 
url,www.simplythebest.net/info/spyware/hotbar_spyware.html || url,www.hotbar.com
        2000923 || BLEEDING-EDGE Malware Hotbar Agent Reporting Information || 
url,www.simplythebest.net/info/spyware/hotbar_spyware.html || url,www.hotbar.com
        2000924 || BLEEDING-EDGE Malware Hotbar Agent Upgrading || 
url,www.simplythebest.net/info/spyware/hotbar_spyware.html || url,www.hotbar.com
        2000925 || BLEEDING-EDGE Malware Hotbar Agent Partner Checkin || 
url,www.simplythebest.net/info/spyware/hotbar_spyware.html || url,www.hotbar.com
        2000926 || BLEEDING-EDGE Malware ISearchTech.com XXXPornToolbar Install 
|| url,www.simplythebest.net/info/spyware/istbar_spyware.html || 
url,www.isearchtech.com
        2000927 || BLEEDING-EDGE Malware ISearchTech.com XXXPornToolbar 
Reporting || url,www.simplythebest.net/info/spyware/istbar_spyware.html || 
url,www.isearchtech.com
        2000928 || BLEEDING-EDGE Malware ISearchTech.com XXXPornToolbar 
Activity || url,www.simplythebest.net/info/spyware/istbar_spyware.html || 
url,www.isearchtech.com
        2000929 || BLEEDING-EDGE Malware Hotbar Agent Activity || 
url,www.simplythebest.net/info/spyware/hotbar_spyware.html || url,www.hotbar.com
        2000931 || BLEEDING-EDGE Malware Comet Systems Spyware Traffic || 
url,www.pestpatrol.com/PestInfo/c/cometsystems.asp
        2000936 || BLEEDING-EDGE Malware FlashTrack Agent Retrieving New App 
Code || url,www.flashpoint.bm || 
url,simplythebest.net/info/spyware/flashtrack_spyware.html
        2001015 || BLEEDING-EDGE Malware JoltID Agent Keep-Alive || 
url,securityresponse.symantec.com/avcenter/venc/data/adware/p2pnetworking.html 
|| url,forum.treweeke.com/lofiversion/index.php/t597.html || url,www.joltid.com
        2001050 || BLEEDING-EDGE Malware CometSystems Spyware || 
url,www.pestpatrol.com/pestinfo/c/cometsystems.asp
        2001219 || BLEEDING-EDGE Potential SSH Scan
        2001221 || BLEEDING-EDGE Malware F1Organizer Config Download || 
url,www.f1organizer.com
        2001284 || BLEEDING-EDGE VIRUS Sober.F Outbound || 
url,securityresponse.symnatec.com/avcenter/venc/data/w32.sober.f@mm.html?Open
        2001285 || BLEEDING-EDGE VIRUS Sober.F Outbound || 
url,securityresponse.symnatec.com/avcenter/venc/data/w32.sober.f@mm.html?Open
        2001339 || BLEEDING-EDGE MALWARE BInet Information Upload || 
url,sarc.com/avcenter/venc/data/pf/adware.binet.html
        2001374 || BLEEDING-EDGE EXPLOIT MS04-032 Bad EMF file
        2001395 || BLEEDING-EDGE Malware ISearchTech.com XXXPornToolbar 
Activity || url,www.simplythebest.net/info/spyware/istbar_spyware.html || 
url,www.isearchtech.com
        2001398 || BLEEDING-EDGE MALWARE Bfast.com Spyware || 
url,www.giantcompany.com/antispyware/research/spyware/spyware-BFast.com.aspx
        2001440 || BLEEDING-EDGE MALWARE Abox Download || 
url,www.giantcompany.com/antispyware/research/spyware/spyware-ABox.aspx
        2001441 || BLEEDING-EDGE MALWARE Abox Install Report || 
url,securityresponse.symantex.com/avcenter/venc/data/adware.adultbox.html
        2001459 || BLEEDING-EDGE Malware Overpro Spyware Games || 
url,securityresponse.symnatec.com/avcenter/venc/data/adware.overpro.html
        2001492 || BLEEDING-EDGE Malware ISearchTech.com XXXPornToolbar 
Activity || url,www.simplythebest.net/info/spyware/istbar_spyware.html || 
url,www.isearchtech.com
        2001493 || BLEEDING-EDGE Malware ISearchTech.com XXXPornToolbar 
Activity || url,www.simplythebest.net/info/spyware/istbar_spyware.html || 
url,www.isearchtech.com
        2001576 || BLEEDING-EDGE MALWARE BInet Information Install Report || 
url,sarc.com/avcenter/venc/data/pf/adware.binet.html
        2001577 || BLEEDING-EDGE VIRUS Sober.I - incoming || 
url,securityresponse.symnatec.com/avcenter/venc/data/w32.sober.i@mm.html
        2001578 || BLEEDING-EDGE VIRUS Sober.I - outbound || 
url,securityresponse.symnatec.com/avcenter/venc/data/w32.sober.i@mm.html
        2001609 || BLEEDING-EDGE F5 BIG-IP 3DNS TCP Probe 1
        2001610 || BLEEDING-EDGE F5 BIG-IP 3DNS TCP Probe 2
        2001611 || BLEEDING-EDGE F5 BIG-IP 3DNS TCP Probe 3
        2001658 || BLEEDING-EDGE Malware Comet Systems Spyware Reporting || 
url,www.pestpatrol.com/PestInfo/c/cometsystems.asp
        2001679 || BLEEDING-EDGE Malware JoltID Agent P2P via Proxy Server || 
url,securityresponse.symantec.com/avcenter/venc/data/adware/p2pnetworking.html
        2001696 || BLEEDING-EDGE Malware Search Relevancy Spyware || 
url,securityresponse.symantec.com/avcenter/venc/data/spyware.relevancy
        2001725 || BLEEDING-EDGE EXPLOIT MS05-014 HTML OBJECT tag local zone 
exploit
        2001743 || BLEEDING-EDGE Trojan HackerDefender Root Kit Remote 
Connection Attempt Detected || 
url,securityresponse.symantec.com/avcenter/venc/data/backdoor.hackerdefender.html
        2001751 || BLEEDING-EDGE EXPLOIT Shoutcast file request overflow
        2001879 || BLEEDING-EDGE VIRUS Sober-style Ehlo - noalert || 
url,securityresponse.symnatec.com/avcenter/venc/data/w32.sober@mm.html
        2001880 || BLEEDING-EDGE VIRUS Sober-style Ehlo followed by SMTP AUTH - 
noalert || 
url,securityresponse.symnatec.com/avcenter/venc/data/w32.sober@mm.html
        2001881 || BLEEDING-EDGE VIRUS Possible Sober virus attachment Outbound 
|| url,securityresponse.symnatec.com/avcenter/venc/data/w32.sober@mm.html
        2001904 || BLEEDING-EDGE Behavioral Unusually fast Telnet Connections, 
Potential Scan or Brute Force
        2001913 || BLEEDING-EDGE VIRUS Possible Sober.P Outbound || 
url,securityresponse.symnatec.com/avcenter/venc/data/w32.sober.o@mm.html
        2001914 || BLEEDING-EDGE VIRUS Possible Sober.P Inbound || 
url,securityresponse.symnatec.com/avcenter/venc/data/w32.sober.o@mm.html
        2001959 || BLEEDING-EDGE VIRUS Hotword Trojan in Transit || 
url,securityresponse.symantec.com/avcenter/venc/data/trojan.rona.html || 
url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2001960 || BLEEDING-EDGE VIRUS Hotword Trojan inbound via http || 
url,securityresponse.symantec.com/avcenter/venc/data/trojan.rona.html || 
url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2001961 || BLEEDING-EDGE VIRUS Hotword Trojan -- Possible File Upload 
CHJO || url,securityresponse.symantec.com/avcenter/venc/data/trojan.rona.html 
|| url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2001962 || BLEEDING-EDGE VIRUS Hotword Trojan -- Possible File Upload 
CFXP || url,securityresponse.symantec.com/avcenter/venc/data/trojan.rona.html 
|| url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2001963 || BLEEDING-EDGE VIRUS Hotword Trojan -- Possible FTP File 
Request pspv.exe || 
url,securityresponse.symantec.com/avcenter/venc/data/trojan.rona.html || 
url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2001964 || BLEEDING-EDGE VIRUS Hotword Trojan -- Possible FTP File 
Request .tea || 
url,securityresponse.symantec.com/avcenter/venc/data/trojan.rona.html || 
url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2001965 || BLEEDING-EDGE VIRUS Hotword Trojan -- Possible FTP File 
Status Upload ___ || 
url,securityresponse.symantec.com/avcenter/venc/data/trojan.rona.html || 
url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2001966 || BLEEDING-EDGE VIRUS Hotword Trojan -- Possible FTP File 
Status Check ___ || 
url,securityresponse.symantec.com/avcenter/venc/data/trojan.rona.html || 
url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2002017 || BLEEDING-EDGE Malware Overpro Spyware Install Report || 
url,securityresponse.symnatec.com/avcenter/venc/data/adware.overpro.html
        2002059 || BLEEDING-EDGE VIRUS Possible Sober.P Outbound || 
url,securityresponse.symnatec.com/avcenter/venc/data/w32.sober.o@mm.html
        2002060 || BLEEDING-EDGE VIRUS Possible Sober.P Inbound || 
url,securityresponse.symnatec.com/avcenter/venc/data/w32.sober.o@mm.html
        2002069 || BLEEDING-EDGE WEB Blog Spam Insert Attempt



-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Snort-sigs] Authorization overflow ?, Frank Knobbe
Next by Date:  [Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Previous by Thread:  [Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Next by Thread:  [Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Indexes:  [Date] [Thread] [Top] [All Lists]