[***] Results from Oinkmaster started Thu Aug 18 20:00:06 2005 [***]
[+++] Added rules: [+++]
2002305 - BLEEDING-EDGE Malware Fun Web Products Smileychooser Spyware
(bleeding-malware.rules)
2002306 - BLEEDING-EDGE Malware Fun Web Products Cursorchooser Spyware
(bleeding-malware.rules)
2002307 - BLEEDING-EDGE Malware Fun Web Products Stampchooser Spyware
(bleeding-malware.rules)
2002309 - BLEEDING-EDGE Malware Metarewards Disclaimer Access
(bleeding-malware.rules)
2002310 - BLEEDING-EDGE Malware Fun Web Products Smileychooser Spyware
(bleeding-malware.rules)
2002311 - BLEEDING-EDGE User-Agent String (bleeding-malware.rules)
[///] Modified active rules: [///]
2002083 - BLEEDING-EDGE MALWARE Pacimedia Spyware 1 (bleeding-malware.rules)
2002194 - BLEEDING-EDGE Malware Pacimedia Spyware 2 (bleeding-malware.rules)
[---] Disabled rules: [---]
2002191 - BLEEDING-EDGE POLICY MSN successful logon (bleeding-policy.rules)
2002193 - BLEEDING-EDGE POLICY MSN Chat Message (bleeding-policy.rules)
[---] Removed rules: [---]
2000551 - BLEEDING-EDGE Malware Comet Cursor spyware detection
(bleeding-malware.rules)
[+++] Added non-rule lines: [+++]
-> Added to bleeding-malware.rules (2):
#From listening post data
#Matt Jonkman from Spyware Listening Post Data
-> Added to bleeding-policy.rules (2):
#Disabling 2191, lots of falses. Not sure if limiting by port will help.
#Duplicate of snort.org sid 540
-> Added to bleeding-sid-msg.map (8):
2002083 || BLEEDING-EDGE MALWARE Pacimedia Spyware 1
2002194 || BLEEDING-EDGE Malware Pacimedia Spyware 2
2002305 || BLEEDING-EDGE Malware Fun Web Products Smileychooser Spyware
|| url,www.funwebproducts.com
2002306 || BLEEDING-EDGE Malware Fun Web Products Cursorchooser Spyware
|| url,www.funwebproducts.com
2002307 || BLEEDING-EDGE Malware Fun Web Products Stampchooser Spyware
|| url,www.funwebproducts.com
2002309 || BLEEDING-EDGE Malware Metarewards Disclaimer Access
2002310 || BLEEDING-EDGE Malware Fun Web Products Smileychooser Spyware
|| url,www.funwebproducts.com
2002311 || BLEEDING-EDGE User-Agent String
[---] Removed non-rule lines: [---]
-> Removed from bleeding-malware.rules (3):
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS
(msg:"BLEEDING-EDGE User-Agent String"; flow:established,to_server;
flowbits:isnotset,http.UserAgent; flowbits:noalert;
flowbits:set,http.UserAgent; content:"User-Agent\:"; nocase;
classtype:string-detect; rev:1;)
# By matt Jonkman, info from a user is seeing this url related to
bingorico.com.
#If you get hits on it please report those to
bleeding@bleedingsnort.com. If you have mor einfo on bingorico please report as
well.
-> Removed from bleeding-sid-msg.map (3):
2000551 || BLEEDING-EDGE Malware Comet Cursor spyware detection
2002083 || BLEEDING-EDGE MALWARE Unknown Malware -- Please report hits
to bleeding@bleedingsnort.com
2002194 || BLEEDING-EDGE Malware Unknown Spyware. Please report hits to
lp-analysts@bleedingsnort.com
-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
