Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] Bleedingsnort.com Daily Update

from [bleeding] Network Security [Permanent Link]
Subject: [Snort-sigs] Bleedingsnort.com Daily Update
Date: Wed, 17 Aug 2005 20:00:06 -0500 (EST) 

[***] Results from Oinkmaster started Wed Aug 17 20:00:06 2005 [***]

[+++]          Added rules:          [+++]

 2002194 - BLEEDING-EDGE Malware Unknown Spyware. Please report hits to 
lp-analysts@bleedingsnort.com (bleeding-malware.rules)
 2002195 - BLEEDING-EDGE MALWARE Casalemedia Spyware Reporting URL Visited1 
(bleeding-malware.rules)
 2002196 - BLEEDING-EDGE MALWARE Casalemedia Spyware Reporting URL Visited2 
(bleeding-malware.rules)
 2002197 - BLEEDING-EDGE MALWARE Tickle.com Spyware (bleeding-malware.rules)
 2002198 - BLEEDING-EDGE MALWARE Bidclix.com Spyware (bleeding-malware.rules)
 2002199 - BLEEDING-EDGE EXPLOIT SMB-DS DCERPC PnP HOD bind attempt 
(bleeding-exploit.rules)
 2002200 - BLEEDING-EDGE EXPLOIT SMB-DS DCERPC PnP bind attempt 
(bleeding-exploit.rules)
 2002201 - BLEEDING-EDGE EXPLOIT SMB-DS DCERPC PnP QueryResConfList exploit 
attempt (bleeding-exploit.rules)
 2002202 - BLEEDING-EDGE EXPLOIT SMB DCERPC PnP bind attempt 
(bleeding-exploit.rules)
 2002203 - BLEEDING-EDGE EXPLOIT SMB DCERPC PnP QueryResConfList exploit 
attempt (bleeding-exploit.rules)
 2002204 - BLEEDING-EDGE MALWARE Websponsors.com Spyware 
(bleeding-malware.rules)
 2002296 - BLEEDING-EDGE Malware Searchfeed.com Spyware 1 
(bleeding-malware.rules)
 2002297 - BLEEDING-EDGE Malware Searchfeed.com Spyware 2 
(bleeding-malware.rules)
 2002298 - BLEEDING-EDGE Malware Searchfeed.com Spyware 3 
(bleeding-malware.rules)
 2002299 - BLEEDING-EDGE Malware Searchfeed.com Spyware 4 
(bleeding-malware.rules)
 2002300 - BLEEDING-EDGE Malware Searchfeed.com Spyware 5 
(bleeding-malware.rules)
 2002301 - BLEEDING-EDGE Malware Searchfeed.com Spyware 6 
(bleeding-malware.rules)
 2002302 - BLEEDING-EDGE Malware Searchfeed.com Spyware 7 
(bleeding-malware.rules)
 2002303 - BLEEDING-EDGE Malware Searchfeed.com Spyware 8 
(bleeding-malware.rules)
 2002304 - BLEEDING-EDGE MALWARE Advertising.com Reporting Data 
(bleeding-malware.rules)
 2002308 - BLEEDING-EDGE EXPLOIT Internet Explorer Vulnerable CLSID (Msdds.dll) 
(bleeding-exploit.rules)


[///]     Modified active rules:     [///]

 2000026 - BLEEDING-EDGE Malware Gator Agent Traffic (bleeding-malware.rules)
 2000586 - BLEEDING-EDGE Malware Ezula Related Calling Home 
(bleeding-malware.rules)
 2001295 - BLEEDING-EDGE MALWARE Browseraid.com Agent (bleeding-malware.rules)
 2001487 - BLEEDING-EDGE Malware Tibsystems Spyware Activity 
(bleeding-malware.rules)
 2001492 - BLEEDING-EDGE Malware ISearchTech.com XXXPornToolbar Activity 
(MyApp) (bleeding-malware.rules)
 2001493 - BLEEDING-EDGE Malware ISearchTech.com XXXPornToolbar Activity (IST) 
(bleeding-malware.rules)
 2001498 - BLEEDING-EDGE Malware Internet Optimizer Activity 
(bleeding-malware.rules)
 2001504 - BLEEDING-EDGE Malware Medialoads.com Spyware Activity 
(bleeding-malware.rules)
 2001562 - BLEEDING-EDGE Malware MarketScore.com Spyware User Configuration and 
Setup Access (bleeding-malware.rules)
 2001639 - BLEEDING-EDGE Malware Wild Tangent Agent Activity 
(bleeding-malware.rules)
 2001640 - BLEEDING-EDGE MALWARE Altnet PeerPoints Manager Traffic 
(bleeding-malware.rules)
 2001652 - BLEEDING-EDGE Malware JoltID Agent New Code Download 
(bleeding-malware.rules)
 2001699 - BLEEDING-EDGE Malware YourSiteBar Activity (bleeding-malware.rules)
 2001702 - BLEEDING-EDGE Malware Shop at Home Select Spyware Activity (Bundle) 
(bleeding-malware.rules)
 2001703 - BLEEDING-EDGE Malware Context Plus Spyware Activity (1) 
(bleeding-malware.rules)
 2001706 - BLEEDING-EDGE Malware Context Plus Spyware Activity (2) 
(bleeding-malware.rules)
 2001707 - BLEEDING-EDGE Malware Shop at Home Select Spyware Activity (SAH) 
(bleeding-malware.rules)
 2001732 - BLEEDING-EDGE Malware Top Converting Agent Activity 
(bleeding-malware.rules)
 2001736 - BLEEDING-EDGE Malware UCMore Spyware Activity 
(bleeding-malware.rules)
 2001746 - BLEEDING-EDGE Malware Enhance My Search Spyware Activity 
(bleeding-malware.rules)
 2001852 - BLEEDING-EDGE MALWARE 404Search Spyware User Agent 
(bleeding-malware.rules)
 2001853 - BLEEDING-EDGE MALWARE Easy Search Bar Spyware User Agent 
(bleeding-malware.rules)
 2001854 - BLEEDING-EDGE MALWARE EZULA Spyware User Agent 
(bleeding-malware.rules)
 2001855 - BLEEDING-EDGE MALWARE Fun Web Products Spyware User Agent (1) 
(bleeding-malware.rules)
 2001858 - BLEEDING-EDGE MALWARE Hotbar Spyware User Agent 
(bleeding-malware.rules)
 2001859 - BLEEDING-EDGE MALWARE Cool Web Search Spyware User Agent 
(bleeding-malware.rules)
 2001860 - BLEEDING-EDGE MALWARE Kontiki Spyware User Agent 
(bleeding-malware.rules)
 2001861 - BLEEDING-EDGE MALWARE Micro-Gaming Spyware User Agent 
(bleeding-malware.rules)
 2001862 - BLEEDING-EDGE MALWARE Surf Assistant Spyware User Agent 
(bleeding-malware.rules)
 2001863 - BLEEDING-EDGE MALWARE Fun Web Products Spyware User Agent (2) 
(bleeding-malware.rules)
 2001864 - BLEEDING-EDGE MALWARE Fun Web Products Spyware User Agent (3) 
(bleeding-malware.rules)
 2001865 - BLEEDING-EDGE MALWARE MyWebSearch Spyware User Agent 
(bleeding-malware.rules)
 2001866 - BLEEDING-EDGE MALWARE Smartpops/Mediaload Spyware User Agent 
(bleeding-malware.rules)
 2001867 - BLEEDING-EDGE MALWARE Search Engine 2000 Spyware User Agent 
(bleeding-malware.rules)
 2001868 - BLEEDING-EDGE MALWARE SureSeeker Spyware User Agent 
(bleeding-malware.rules)
 2001869 - BLEEDING-EDGE MALWARE Sidesearch Spyware User Agent 
(bleeding-malware.rules)
 2001870 - BLEEDING-EDGE MALWARE Surfplayer Spyware User Agent 
(bleeding-malware.rules)
 2001871 - BLEEDING-EDGE MALWARE Target Saver Spyware User Agent 
(bleeding-malware.rules)
 2001872 - BLEEDING-EDGE MALWARE Visicom Spyware User Agent 
(bleeding-malware.rules)
 2001891 - BLEEDING-EDGE Malware ToolbarPartner User Agent Activity 
(bleeding-malware.rules)
 2001996 - BLEEDING-EDGE Malware UCMore Spyware Activity User Agent String 
(bleeding-malware.rules)
 2002002 - BLEEDING-EDGE Malware Better Internet Spyware User Agent Activity 
(thnall) (bleeding-malware.rules)
 2002005 - BLEEDING-EDGE Malware Better Internet Spyware User Agent Activity 
(poller) (bleeding-malware.rules)
 2002007 - BLEEDING-EDGE Malware Wildmedia Spyware User Agent Activity 
(bleeding-malware.rules)
 2002011 - BLEEDING-EDGE Malware PeopleonPage Spyware User Agent Activity 
(bleeding-malware.rules)
 2002014 - BLEEDING-EDGE Malware Grandstreet Interactive Spyware User Agent 
Activity (2) (bleeding-malware.rules)
 2002020 - BLEEDING-EDGE Malware Overpro Spyware User Agent Activity (merong) 
(bleeding-malware.rules)
 2002021 - BLEEDING-EDGE Malware Grandstreet Interactive Spyware User Agent 
Activity (1) (bleeding-malware.rules)
 2002035 - BLEEDING-EDGE Malware Better Internet Spyware User Agent Activity 
(thin) (bleeding-malware.rules)
 2002038 - BLEEDING-EDGE Malware Shopathomeselect.com Spyware User Agent 
Activity (bleeding-malware.rules)
 2002039 - BLEEDING-EDGE Malware Better Internet Spyware User Agent Activity 
(aurareco) (bleeding-malware.rules)
 2002071 - BLEEDING-EDGE Malware XupiterToolbar Spyware User Agent Activity 
(bleeding-malware.rules)
 2002073 - BLEEDING-EDGE Malware General Spyware User Agent Activity 
(bleeding-malware.rules)
 2002074 - BLEEDING-EDGE Malware Win32.Stubby Spyware User Agent Activity 
(bleeding-malware.rules)
 2002076 - BLEEDING-EDGE Malware New.net Spyware User Agent Activity 
(bleeding-malware.rules)
 2002077 - BLEEDING-EDGE Malware IEBar Spyware User Agent Activity 
(bleeding-malware.rules)
 2002078 - BLEEDING-EDGE Malware SideStep Spyware User Agent Activity 
(bleeding-malware.rules)
 2002079 - BLEEDING-EDGE MALWARE MyWaySearch Products Spyware User Agent 
(bleeding-malware.rules)
 2002080 - BLEEDING-EDGE MALWARE MySearch Products Spyware User Agent 
(bleeding-malware.rules)
 2002082 - BLEEDING-EDGE Malware Unknown Spyware User Agent Activity -- Please 
report to bleedingsnort.com (bleeding-malware.rules)
 2002097 - BLEEDING-EDGE Malware IEHelp.net Spyware User Agent Activity 
(bleeding-malware.rules)
 2002153 - BLEEDING-EDGE MALWARE EXE as User Agent -- Potential Spyware 
(bleeding-malware.rules)
 2002160 - BLEEDING-EDGE MALWARE CoolWebSearch Spyware (Feat) 
(bleeding-malware.rules)
 2002161 - BLEEDING-EDGE MALWARE CoolWebSearch Spyware (feat2) 
(bleeding-malware.rules)
 2002163 - BLEEDING-EDGE MALWARE Ezula Update Engine (bleeding-malware.rules)
 2002164 - BLEEDING-EDGE MALWARE Hotbar Spyware (bleeding-malware.rules)
 2002165 - BLEEDING-EDGE MALWARE IESearch Spyware (bleeding-malware.rules)
 2002166 - BLEEDING-EDGE MALWARE Alexa Search Toolbar (bleeding-malware.rules)
 2002167 - BLEEDING-EDGE MALWARE Spyware Labs Spyware (bleeding-malware.rules)
 2002168 - BLEEDING-EDGE MALWARE Svcmm Parasite (bleeding-malware.rules)
 2002169 - BLEEDING-EDGE MALWARE iWon Spyware (bleeding-malware.rules)
 2002173 - BLEEDING-EDGE EXPLOIT COM Object Instantiation Memory Corruption 
Vulnerability (group 3) (bleeding-exploit.rules)
 2002177 - BLEEDING-EDGE VIRUS Bagle.CC (aka Win32.Bagle.bz, .ca, .cb) - 
outbound (bleeding-virus.rules)
 2002189 - BLEEDING-EDGE Current Events OSA4.GIF Detected Possible Trojan.Tooso 
Infection (bleeding.rules)


[///]    Modified inactive rules:    [///]

 2002162 - BLEEDING-EDGE MALWARE CoolWebSearch Spyware (SCAgent) 
(bleeding-malware.rules)
 2002178 - BLEEDING-EDGE VIRUS Bagle.CC (aka Win32.Bagle.bz, .ca, .cb) - 
incoming (bleeding-virus.rules)
 2002183 - BLEEDING-EDGE VIRUS BagleDL-S SMTP Outbound (bleeding-virus.rules)
 2002184 - BLEEDING-EDGE VIRUS BagleDL-S SMTP Inbound (bleeding-virus.rules)


[---]         Disabled rules:        [---]

 2002186 - BLEEDING-EDGE EXPLOIT SMB-DS Microsoft Windows 2000 Plug and Play 
Vulnerability (bleeding-exploit.rules)
 2002187 - BLEEDING-EDGE EXPLOIT NETBIOS SMB Microsoft Windows 2000 PNP Vuln 
(bleeding-exploit.rules)
 2002188 - BLEEDING-EDGE EXPLOIT NETBIOS SMB-DS Microsoft Windows 2000 PNP Vuln 
(bleeding-exploit.rules)


[---]         Removed rules:         [---]

 2000368 - BLEEDING-EDGE Malware Gator/Claria Agent Installed 
(bleeding-malware.rules)
 2001527 - BLEEDING-EDGE MALWARE Casalemedia Access, Likely Spyware 
(bleeding-malware.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-exploit.rules (6):
        #This is for the new IE Exploit. It will be moved to it's own file 
shortly. It is staying put to make sure it's after the
        # clsid flowbits set above.
        #By Blake Harstein of Demarc
        #Replaced by sigs below
        #All related to UPnP Exploit, MS05-039
        #Thanks to the Alert Logic team

     -> Added to bleeding-malware.rules (7):
        #From Listening Post data
        #Matt Jonkman from Spyware listening post data
        #By Matt Jonkman from Spyware listening post data
        #By Matt Jonkman from Listening Post Data
        alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS 
(msg:"BLEEDING-EDGE User-Agent String"; flow:established,to_server; 
flowbits:isnotset,http.UserAgent; flowbits:noalert; 
flowbits:set,http.UserAgent; content:"User-Agent\:"; nocase; 
classtype:string-detect; rev:1;)
        #By Matt Jonkman from Spyware listening post data
        #Matt Jonkman from spyware listening post data

     -> Added to bleeding-sid-msg.map (25):
        2002177 || BLEEDING-EDGE VIRUS Bagle.CC (aka Win32.Bagle.bz, .ca, .cb) 
- outbound || url,www.viruslist.com/en/alerts?alertid=168511904
        2002178 || BLEEDING-EDGE VIRUS Bagle.CC (aka Win32.Bagle.bz, .ca, .cb) 
- incoming || url,www.viruslist.com/en/alerts?alertid=168511904
        2002183 || BLEEDING-EDGE VIRUS BagleDL-S SMTP Outbound || 
url,www.sophos.com/virusinfo/analyses/trojbagledls.html
        2002184 || BLEEDING-EDGE VIRUS BagleDL-S SMTP Inbound || 
url,www.sophos.com/virusinfo/analyses/trojbagledls.html
        2002194 || BLEEDING-EDGE Malware Unknown Spyware. Please report hits to 
lp-analysts@bleedingsnort.com
        2002195 || BLEEDING-EDGE MALWARE Casalemedia Spyware Reporting URL 
Visited1
        2002196 || BLEEDING-EDGE MALWARE Casalemedia Spyware Reporting URL 
Visited2
        2002197 || BLEEDING-EDGE MALWARE Tickle.com Spyware || 
url,www.spywareremove.com/removeTickle.html
        2002198 || BLEEDING-EDGE MALWARE Bidclix.com Spyware
        2002199 || BLEEDING-EDGE EXPLOIT SMB-DS DCERPC PnP HOD bind attempt
        2002200 || BLEEDING-EDGE EXPLOIT SMB-DS DCERPC PnP bind attempt
        2002201 || BLEEDING-EDGE EXPLOIT SMB-DS DCERPC PnP QueryResConfList 
exploit attempt || 
url,www.microsoft.com/technet/security/Bulletin/MS05-039.mspx || 
cve,CAN-2005-1983
        2002202 || BLEEDING-EDGE EXPLOIT SMB DCERPC PnP bind attempt
        2002203 || BLEEDING-EDGE EXPLOIT SMB DCERPC PnP QueryResConfList 
exploit attempt || 
url,www.microsoft.com/technet/security/Bulletin/MS05-039.mspx || 
cve,CAN-2005-1983
        2002204 || BLEEDING-EDGE MALWARE Websponsors.com Spyware
        2002296 || BLEEDING-EDGE Malware Searchfeed.com Spyware 1 || 
url,www.searchfeed.com
        2002297 || BLEEDING-EDGE Malware Searchfeed.com Spyware 2 || 
url,www.searchfeed.com
        2002298 || BLEEDING-EDGE Malware Searchfeed.com Spyware 3 || 
url,www.searchfeed.com
        2002299 || BLEEDING-EDGE Malware Searchfeed.com Spyware 4 || 
url,www.searchfeed.com
        2002300 || BLEEDING-EDGE Malware Searchfeed.com Spyware 5 || 
url,www.searchfeed.com
        2002301 || BLEEDING-EDGE Malware Searchfeed.com Spyware 6 || 
url,www.searchfeed.com
        2002302 || BLEEDING-EDGE Malware Searchfeed.com Spyware 7 || 
url,www.searchfeed.com
        2002303 || BLEEDING-EDGE Malware Searchfeed.com Spyware 8 || 
url,www.searchfeed.com
        2002304 || BLEEDING-EDGE MALWARE Advertising.com Reporting Data || 
url,securityresponse.symantec.com/avcenter/venc/data/adware.fastseek.html
        2002308 || BLEEDING-EDGE EXPLOIT Internet Explorer Vulnerable CLSID 
(Msdds.dll) || url,www.frsirt.com/exploits/20050817.IE-Msddsdll-0day.php

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-malware.rules (2):
        # This looks more like legit ad traffic. Needs to be verified
        #Joel Esler rule (depth added by bobkberg)

     -> Removed from bleeding-sid-msg.map (6):
        2000368 || BLEEDING-EDGE Malware Gator/Claria Agent Installed
        2001527 || BLEEDING-EDGE MALWARE Casalemedia Access, Likely Spyware || 
url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453082755
        2002177 || Bagle.CC (aka Win32.Bagle.bz, .ca, .cb) - outbound || 
url,www.viruslist.com/en/alerts?alertid=168511904
        2002178 || Bagle.CC (aka Win32.Bagle.bz, .ca, .cb) - incoming || 
url,www.viruslist.com/en/alerts?alertid=168511904
        2002183 || VIRUS BagleDL-S SMTP Outbound || 
url,www.sophos.com/virusinfo/analyses/trojbagledls.html
        2002184 || VIRUS BagleDL-S SMTP Inbound || 
url,www.sophos.com/virusinfo/analyses/trojbagledls.html



-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-sigs] Re: Snort-sigs digest, Vol 1 #1459 - 1 msg, Aaron Dolan
Next by Date:  [Snort-sigs] fix typo "/calendar-admin.pl" to "/calendar_admin.pl" on sid 1701 (snortrule24), rmkml
Previous by Thread:  [Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Next by Thread:  [Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Indexes:  [Date] [Thread] [Top] [All Lists]