[Snort-sigs] Bleedingsnort.com Daily Update

[***] Results from Oinkmaster started Tue Nov 22 20:00:05 2005 [***]

[+++]          Added rules:          [+++]

  200283 - BLEEDING-EDGE WEB shell bot perl code download (bleeding-virus.rules)
 2002158 - BLEEDING-EDGE EXPLOIT XML-RPC for PHP Remote Code Injection 
(bleeding-exploit.rules)
 2002684 - BLEEDING-EDGE WEB Shell Bot Code Download (bleeding-virus.rules)
 2002685 - BLEEDING-EDGE WEB Barracuda Spam Firewall img.pl Remote Directory 
Traversal Attempt (bleeding-web.rules)
 2002686 - BLEEDING-EDGE VIRUS Sober.AA worm SMTP Outbound 
(bleeding-virus.rules)
 2002687 - BLEEDING-EDGE VIRUS Sober.AA worm SMTP Inbound (bleeding-virus.rules)


[+++]  Enabled and modified rules:   [+++]

 2002682 - BLEEDING-EDGE CURRENT EVENTS Microsoft Internet Explorer Window() 
Possible Code Execution (bleeding.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-exploit.rules (1):
        #Mark Tombaugh

     -> Added to bleeding-sid-msg.map (6):
        200283 || BLEEDING-EDGE WEB shell bot perl code download
        2002158 || BLEEDING-EDGE EXPLOIT XML-RPC for PHP Remote Code Injection 
|| cve,2005-1921 || url,www.securityfocus.com/bid/14088/exploit
        2002684 || BLEEDING-EDGE WEB Shell Bot Code Download
        2002685 || BLEEDING-EDGE WEB Barracuda Spam Firewall img.pl Remote 
Directory Traversal Attempt || bugtraq,14710
        2002686 || BLEEDING-EDGE VIRUS Sober.AA worm SMTP Outbound || 
url,www.norman.com/Virus/Virus_descriptions/25962/en-us || 
url,secunia.com/search/?search=sober.aa
        2002687 || BLEEDING-EDGE VIRUS Sober.AA worm SMTP Inbound || 
url,www.norman.com/Virus/Virus_descriptions/25962/en-us || 
url,secunia.com/search/?search=sober.aa

     -> Added to bleeding-virus.rules (2):
        # Submitted by Mark Scott, 2005-11-21, for Sober.AA worm
        #from Jack Pepper

     -> Added to bleeding-web.rules (1):
        # Submitted 2005-11-22 by David Maciejak (with thanks to Nicob for 
pointing it out)

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding.rules (1):
        #Disabling, already covered in snort.org 4647



-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc.  Get Certified Today
Register for a JBoss Training Course.  Free Certification Exam
for All Training Attendees Through End of 2005. For more info visit:
http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs