[***] Results from Oinkmaster started Fri Aug 12 20:00:07 2005 [***]
[+++] Added rules: [+++]
2002177 - Bagle.CC (aka Win32.Bagle.bz, .ca, .cb) - outbound
(bleeding-virus.rules)
2002178 - Bagle.CC (aka Win32.Bagle.bz, .ca, .cb) - incoming
(bleeding-virus.rules)
2002180 - BLEEDING-EDGE VIRUS W32.Beagle.CE@mm Infection Outbound web.php
(bleeding-virus.rules)
2002181 - BLEEDING-EDGE EXPLOIT Backup Exec Windows Agent Remote File Access -
Attempt (bleeding-exploit.rules)
2002182 - BLEEDING-EDGE EXPLOIT Backup Exec Windows Agent Remote File Access -
Vulnerable (bleeding-exploit.rules)
2002183 - VIRUS BagleDL-S SMTP Outbound (bleeding-virus.rules)
2002184 - VIRUS BagleDL-S SMTP Inbound (bleeding-virus.rules)
[---] Disabled rules: [---]
2002176 - BLEEDING-EDGE Veritas Backup Exec Windows Agent Remote File Access
Exploit (bleeding-exploit.rules)
[+++] Added non-rule lines: [+++]
-> Added to bleeding-exploit.rules (1):
# Added 2005/08/12 by Frank Knobbe - This version alerts if a system is
vulnerable. flowbits:noalert is optional on the first rule if you don't want to
detect (possibly unsuccessfull) attempts.
-> Added to bleeding-sid-msg.map (7):
2002177 || Bagle.CC (aka Win32.Bagle.bz, .ca, .cb) - outbound ||
url,www.viruslist.com/en/alerts?alertid=168511904
2002178 || Bagle.CC (aka Win32.Bagle.bz, .ca, .cb) - incoming ||
url,www.viruslist.com/en/alerts?alertid=168511904
2002180 || BLEEDING-EDGE VIRUS W32.Beagle.CE@mm Infection Outbound
web.php ||
url,securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ce@mm.html
2002181 || BLEEDING-EDGE EXPLOIT Backup Exec Windows Agent Remote File
Access - Attempt || url,www.frsirt.com/exploits/20050811.backupexec_dump.pm.php
|| url,www.frsirt.com/english/advisories/2005/1387
2002182 || BLEEDING-EDGE EXPLOIT Backup Exec Windows Agent Remote File
Access - Vulnerable ||
url,www.frsirt.com/exploits/20050811.backupexec_dump.pm.php ||
url,www.frsirt.com/english/advisories/2005/1387
2002183 || VIRUS BagleDL-S SMTP Outbound ||
url,www.sophos.com/virusinfo/analyses/trojbagledls.html
2002184 || VIRUS BagleDL-S SMTP Inbound ||
url,www.sophos.com/virusinfo/analyses/trojbagledls.html
-> Added to bleeding-virus.rules (3):
#Submitted by Mark Scott, 8/11/2005, for Bagle.CC
#By dajackman
# Submitted by Mark Tombaugh, 2005-08-12 - Alternative sigs for
2002177/2002178
-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
