Network Security: Detailed info on [Snort-sigs] Bleedingsnort.com Daily Update

Subject:	[Snort-sigs] Bleedingsnort.com Daily Update
Date:	Thu, 25 Aug 2005 20:00:15 -0500 (EST)

Subject:

[Snort-sigs] Bleedingsnort.com Daily Update

Date:

Thu, 25 Aug 2005 20:00:15 -0500 (EST)


[***] Results from Oinkmaster started Thu Aug 25 20:00:14 2005 [***]

[+++]          Added rules:          [+++]

 2002322 - BLEEDING-EDGE WORM Possible MSN Worm Exploit php 
(bleeding-virus.rules)
 2002323 - BLEEDING-EDGE WORM Possible MSN Worm Exploit exe 
(bleeding-virus.rules)
 2002324 - BLEEDING-EDGE WORM Possible MSN Worm Exploit pif 
(bleeding-virus.rules)
 2002325 - BLEEDING-EDGE WORM W32.kelvir.HI (bleeding-virus.rules)


[///]     Modified active rules:     [///]

 2001728 - BLEEDING-EDGE POLICY TOR 1.0 Client Circuit Traffic 
(bleeding-policy.rules)


[---]         Removed rules:         [---]

 2002321 - BLEEDING-EDGE WORM W32.Kelvir.HI Browser Re-direct 
(bleeding-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-policy.rules (1):
        #by Mark Tombaugh

     -> Added to bleeding-sid-msg.map (5):
        2001728 || BLEEDING-EDGE POLICY TOR 1.0 Client Circuit Traffic || 
url,tor.eff.org
        2002322 || BLEEDING-EDGE WORM Possible MSN Worm Exploit php
        2002323 || BLEEDING-EDGE WORM Possible MSN Worm Exploit exe
        2002324 || BLEEDING-EDGE WORM Possible MSN Worm Exploit pif
        2002325 || BLEEDING-EDGE WORM W32.kelvir.HI || 
url,securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.hi.html

     -> Added to bleeding-virus.rules (2):
        #by Scott Melnick
        #Specific Kelvir.HI detection on MSN

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-policy.rules (1):
        #by Bob Grabowsky

     -> Removed from bleeding-sid-msg.map (2):
        2001728 || BLEEDING-EDGE Policy TOR1.0 nodes negotiation || 
url,tor.eff.org
        2002321 || BLEEDING-EDGE WORM W32.Kelvir.HI Browser Re-direct || 
url,securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.hi.html

     -> Removed from bleeding-virus.rules (1):
        #by dajackman



-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

<Prev in Thread]	Current Thread	[Next in Thread>
[Snort-sigs] Bleedingsnort.com Daily Update, (continued) [Snort-sigs] Bleedingsnort.com Daily Update, bleeding [Snort-sigs] Bleedingsnort.com Daily Update, bleeding [Snort-sigs] Bleedingsnort.com Daily Update, bleeding [Snort-sigs] Bleedingsnort.com Daily Update, bleeding [Snort-sigs] Bleedingsnort.com Daily Update, bleeding [Snort-sigs] Bleedingsnort.com Daily Update, bleeding [Snort-sigs] Bleedingsnort.com Daily Update, bleeding [Snort-sigs] Bleedingsnort.com Daily Update, bleeding [Snort-sigs] Bleedingsnort.com Daily Update, bleeding [Snort-sigs] Bleedingsnort.com Daily Update, bleeding [Snort-sigs] Bleedingsnort.com Daily Update, bleeding <= [Snort-sigs] Bleedingsnort.com Daily Update, bleeding [Snort-sigs] Bleedingsnort.com Daily Update, bleeding [Snort-sigs] Bleedingsnort.com Daily Update, bleeding [Snort-sigs] Bleedingsnort.com Daily Update, bleeding [Snort-sigs] Bleedingsnort.com Daily Update, bleeding [Snort-sigs] Bleedingsnort.com Daily Update, bleeding

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	[Snort-sigs] Remote IIS Server_Name Spoof attempt, rmkml
Next by Date:	[Snort-sigs] new rule for detect 'piranha default passwd attempt', rmkml
Previous by Thread:	[Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Next by Thread:	[Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

[Snort-sigs] Remote IIS Server_Name Spoof attempt, rmkml

Next by Date:

[Snort-sigs] new rule for detect 'piranha default passwd attempt', rmkml

Previous by Thread:

[Snort-sigs] Bleedingsnort.com Daily Update, bleeding

Next by Thread:

[Snort-sigs] Bleedingsnort.com Daily Update, bleeding

Indexes:

[Date] [Thread] [Top] [All Lists]