Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] Bleedingsnort.com Daily Update

from [bleeding] Network Security [Permanent Link]
Subject: [Snort-sigs] Bleedingsnort.com Daily Update
Date: Thu, 2 Feb 2006 20:00:14 -0500 (EST) 

[***] Results from Oinkmaster started Thu Feb  2 20:00:13 2006 [***]

[+++]          Added rules:          [+++]

 2002795 - BLEEDING-EDGE VIRUS Nyxem attempting to copy WINZIP_TMP.exe to 
shares (bleeding-virus.rules)


[///]     Modified active rules:     [///]

 2000559 - BLEEDING-EDGE THCIISLame IIS SSL Exploit Attempt (bleeding-web.rules)
 2000917 - BLEEDING-EDGE Malware WhenUClick.com WhenUSave Data Retrieval 
(offersdata) (bleeding-malware.rules)
 2000919 - BLEEDING-EDGE Malware WhenUClick.com WhenUSave Data Retrieval 
(Searchdb) (bleeding-malware.rules)
 2001021 - BLEEDING-EDGE Suspicious Encrypted Webpage Content 
(bleeding-web.rules)
 2001079 - BLEEDING-EDGE WEB-MISC cross site scripting attempt STYLE + VBSCRIPT 
1 (bleeding-web.rules)
 2001080 - BLEEDING-EDGE WEB-MISC cross site scripting attempt STYLE + VBSCRIPT 
2 (bleeding-web.rules)
 2001082 - BLEEDING-EDGE WEB-MISC cross site scripting attempt STYLE + 
EXPRESSION 1 (bleeding-web.rules)
 2001083 - BLEEDING-EDGE WEB-MISC cross site scripting attempt STYLE + 
EXPRESSION 2 (bleeding-web.rules)
 2001085 - BLEEDING-EDGE WEB-MISC cross site scripting attempt executing hidden 
Javascript 1 (bleeding-web.rules)
 2001086 - BLEEDING-EDGE WEB-MISC cross site scripting attempt executing hidden 
Javascript 2 (bleeding-web.rules)
 2001488 - BLEEDING-EDGE Malware Tibsystems Spyware Download 
(bleeding-malware.rules)
 2001537 - BLEEDING-EDGE Malware Spyspotter.com Access (bleeding-malware.rules)
 2001621 - BLEEDING-EDGE Exploit Suspected PHP Injection Attack 
(bleeding-web.rules)
 2001738 - BLEEDING-EDGE WEB PHP vBulletin Remote Command Execution Attempt 
(bleeding-web.rules)
 2001762 - BLEEDING-EDGE WEB phpbb Session Cookie (bleeding-web.rules)
 2001810 - BLEEDING-EDGE EXPLOIT WEB PHP remote file include exploit attempt 
(bleeding-web.rules)
 2001928 - BLEEDING-EDGE WEB XSS Possible Arbitrary Scripting Code Attack in 
phpBB (private message) (bleeding-web.rules)
 2001929 - BLEEDING-EDGE WEB XSS Possible Arbitrary Scripting Code Attack in 
phpBB (signature) (bleeding-web.rules)
 2001945 - BLEEDING-EDGE WEB WebAPP Apage.CGI Remote Command Execution Attempt 
(bleeding-web.rules)
 2001949 - BLEEDING-EDGE WEB Athena Web Registration Remote Command Execution 
Attempt (bleeding-web.rules)
 2002066 - BLEEDING-EDGE WEB CSV-DB CSV_DB.CGI Remote Command Execution Attempt 
(bleeding-web.rules)
 2002067 - BLEEDING-EDGE WEB Community Link Pro Login.CGI Remote Command 
Execution Attempt (bleeding-web.rules)
 2002069 - BLEEDING-EDGE WEB Blog Spam Insert Attempt (bleeding-web.rules)
 2002070 - BLEEDING-EDGE WEB phpBB Remote Code Execution Attempt 
(bleeding-web.rules)
 2002100 - BLEEDING-EDGE WEB WPS wps_shop.cgi Remote Command Execution Attempt 
(bleeding-web.rules)
 2002129 - BLEEDING-EDGE Cacti Input Validation Attack (bleeding-web.rules)
 2002313 - BLEEDING-EDGE WEB Cacti graph_image.php Remote Command Execution 
Attempt (bleeding-web.rules)
 2002314 - BLEEDING-EDGE WEB PHPOutsourcing Zorum prod.php Remote Command 
Execution Attempt (bleeding-web.rules)
 2002355 - BLEEDING-EDGE TROJAN Trojan.Exphook Sending Info Home 198.173.4.9 
(bleeding-virus.rules)
 2002356 - BLEEDING-EDGE TROJAN Trojan.Exphook Sending Info Home 66.160.138.149 
(bleeding-virus.rules)
 2002357 - BLEEDING-EDGE TROJAN Trojan.Exphook Sending Info Home 66.225.221.197 
(bleeding-virus.rules)
 2002358 - BLEEDING-EDGE TROJAN Backdoor.Graybird.O Calling Home 202.101.43.83 
(bleeding-virus.rules)
 2002359 - BLEEDING-EDGE TROJAN Backdoor.Graybird.O Calling Home 61.152.93.13 
(bleeding-virus.rules)
 2002361 - BLEEDING-EDGE WEB Netquery Remote Command Execution Attempt 
(bleeding-web.rules)
 2002371 - BLEEDING-EDGE WEB Miva Merchant Cross Site Scripting Attack 
(bleeding-web.rules)
 2002388 - BLEEDING-EDGE WEB vBulletin misc.php Template Name Arbitrary Code 
Execution (bleeding-web.rules)
 2002408 - BLEEDING-EDGE WEB phpMyAdmin Suspicious Activity (bleeding-web.rules)
 2002409 - BLEEDING-EDGE WEB phpMyAdmin Local File Inclusion (2.6.4-pl1) 
(bleeding-web.rules)
 2002660 - BLEEDING-EDGE WEB RSA Web Auth Exploit Attempt - Long URL 
(bleeding-web.rules)
 2002668 - BLEEDING-EDGE WEB CutePHP CuteNews directory traversal vulnerability 
(bleeding-web.rules)
 2002681 - BLEEDING-EDGE WEB Mambo Exploit (bleeding-web.rules)
 2002705 - BLEEDING-EDGE WORM W32.Magflag.A@mm 1 (bleeding-virus.rules)
 2002706 - BLEEDING-EDGE WORM W32.Magflag.A@mm 2 (bleeding-virus.rules)
 2002711 - BLEEDING-EDGE WEB includer.cgi Remote Command Execution Attempt 
(bleeding-web.rules)
 2002721 - BLEEDING-EDGE WEB Cisco IOS HTTP set enable password attack 
(bleeding-web.rules)
 2002727 - BLEEDING-EDGE VIRUS Bagle.gen SMTP Outbound (aka - 
.BK,.ET,.FT,.JH,Lodear.E,.gen,Mitglieder.GU) (bleeding-virus.rules)
 2002790 - BLEEDING-EDGE TROJAN Haxdoor Reporting User Activity 
(bleeding-virus.rules)
 2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 222.149.192.0/24 
(bleeding-dshield.rules)
 2402001 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 61.128.162.0/24 
(bleeding-dshield.rules)
 2402002 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 221.202.78.0/24 
(bleeding-dshield.rules)
 2402003 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 219.146.96.0/24 
(bleeding-dshield.rules)
 2402004 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 219.146.78.0/24 
(bleeding-dshield.rules)
 2402005 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 59.8.216.0/24 
(bleeding-dshield.rules)
 2402006 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 61.128.161.0/24 
(bleeding-dshield.rules)
 2402007 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 218.12.197.0/24 
(bleeding-dshield.rules)
 2402008 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 218.25.253.0/24 
(bleeding-dshield.rules)
 2402009 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 61.185.36.0/24 
(bleeding-dshield.rules)
 2402010 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 218.31.79.0/24 
(bleeding-dshield.rules)
 2402011 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 202.97.181.0/24 
(bleeding-dshield.rules)
 2402012 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 220.163.113.0/24 
(bleeding-dshield.rules)
 2402013 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 219.148.70.0/24 
(bleeding-dshield.rules)
 2402014 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 61.139.44.0/24 
(bleeding-dshield.rules)
 2402015 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 140.113.31.0/24 
(bleeding-dshield.rules)
 2402016 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 61.136.152.0/24 
(bleeding-dshield.rules)
 2402017 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 213.47.131.0/24 
(bleeding-dshield.rules)
 2402018 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 61.175.218.0/24 
(bleeding-dshield.rules)
 2402019 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 210.205.147.0/24 
(bleeding-dshield.rules)
 2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 222.149.192.0/24 
BLOCKING (bleeding-dshield-BLOCK.rules)
 2403001 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 61.128.162.0/24 
BLOCKING (bleeding-dshield-BLOCK.rules)
 2403002 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 221.202.78.0/24 
BLOCKING (bleeding-dshield-BLOCK.rules)
 2403003 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 219.146.96.0/24 
BLOCKING (bleeding-dshield-BLOCK.rules)
 2403004 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 219.146.78.0/24 
BLOCKING (bleeding-dshield-BLOCK.rules)
 2403005 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 59.8.216.0/24 
BLOCKING (bleeding-dshield-BLOCK.rules)
 2403006 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 61.128.161.0/24 
BLOCKING (bleeding-dshield-BLOCK.rules)
 2403007 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 218.12.197.0/24 
BLOCKING (bleeding-dshield-BLOCK.rules)
 2403008 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 218.25.253.0/24 
BLOCKING (bleeding-dshield-BLOCK.rules)
 2403009 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 61.185.36.0/24 
BLOCKING (bleeding-dshield-BLOCK.rules)
 2403010 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 218.31.79.0/24 
BLOCKING (bleeding-dshield-BLOCK.rules)
 2403011 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 202.97.181.0/24 
BLOCKING (bleeding-dshield-BLOCK.rules)
 2403012 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 220.163.113.0/24 
BLOCKING (bleeding-dshield-BLOCK.rules)
 2403013 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 219.148.70.0/24 
BLOCKING (bleeding-dshield-BLOCK.rules)
 2403014 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 61.139.44.0/24 
BLOCKING (bleeding-dshield-BLOCK.rules)
 2403015 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 140.113.31.0/24 
BLOCKING (bleeding-dshield-BLOCK.rules)
 2403016 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 61.136.152.0/24 
BLOCKING (bleeding-dshield-BLOCK.rules)
 2403017 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 213.47.131.0/24 
BLOCKING (bleeding-dshield-BLOCK.rules)
 2403018 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 61.175.218.0/24 
BLOCKING (bleeding-dshield-BLOCK.rules)
 2403019 - BLEEDING-EDGE DROP Dshield Block Listed Source IP - 210.205.147.0/24 
BLOCKING (bleeding-dshield-BLOCK.rules)


[///]    Modified inactive rules:    [///]

 2002726 - BLEEDING-EDGE VIRUS Bagle.gen SMTP Inbound (aka - 
.BK,.ET,.FT,.JH,Lodear.E,.gen,Mitglieder.GU) (bleeding-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (20):
        2000917 || BLEEDING-EDGE Malware WhenUClick.com WhenUSave Data 
Retrieval (offersdata) || 
url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || 
url,www.whenusearch.com
        2000919 || BLEEDING-EDGE Malware WhenUClick.com WhenUSave Data 
Retrieval (Searchdb) || 
url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || 
url,www.whenusearch.com
        2001079 || BLEEDING-EDGE WEB-MISC cross site scripting attempt STYLE + 
VBSCRIPT 1
        2001080 || BLEEDING-EDGE WEB-MISC cross site scripting attempt STYLE + 
VBSCRIPT 2
        2001082 || BLEEDING-EDGE WEB-MISC cross site scripting attempt STYLE + 
EXPRESSION 1
        2001083 || BLEEDING-EDGE WEB-MISC cross site scripting attempt STYLE + 
EXPRESSION 2
        2001085 || BLEEDING-EDGE WEB-MISC cross site scripting attempt 
executing hidden Javascript 1
        2001086 || BLEEDING-EDGE WEB-MISC cross site scripting attempt 
executing hidden Javascript 2
        2001488 || BLEEDING-EDGE Malware Tibsystems Spyware Download
        2001537 || BLEEDING-EDGE Malware Spyspotter.com Access
        2002355 || BLEEDING-EDGE TROJAN Trojan.Exphook Sending Info Home 
198.173.4.9 || 
url,securityresponse.symantec.com/avcenter/venc/data/trojan.exphook.html
        2002356 || BLEEDING-EDGE TROJAN Trojan.Exphook Sending Info Home 
66.160.138.149 || 
url,securityresponse.symantec.com/avcenter/venc/data/trojan.exphook.html
        2002357 || BLEEDING-EDGE TROJAN Trojan.Exphook Sending Info Home 
66.225.221.197 || 
url,securityresponse.symantec.com/avcenter/venc/data/trojan.exphook.html
        2002358 || BLEEDING-EDGE TROJAN Backdoor.Graybird.O Calling Home 
202.101.43.83 || 
url,securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.o.html
        2002359 || BLEEDING-EDGE TROJAN Backdoor.Graybird.O Calling Home 
61.152.93.13 || 
url,securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.o.html
        2002705 || BLEEDING-EDGE WORM W32.Magflag.A@mm 1 || 
url,securityresponse.symantec.com/avcenter/venc/data/w32.magflag.a@mm.html
        2002706 || BLEEDING-EDGE WORM W32.Magflag.A@mm 2 || 
url,securityresponse.symantec.com/avcenter/venc/data/w32.magflag.a@mm.html
        2002726 || BLEEDING-EDGE VIRUS Bagle.gen SMTP Inbound (aka - 
.BK,.ET,.FT,.JH,Lodear.E,.gen,Mitglieder.GU) || 
url,isc.sans.org/diary.php?storyid=937
        2002727 || BLEEDING-EDGE VIRUS Bagle.gen SMTP Outbound (aka - 
.BK,.ET,.FT,.JH,Lodear.E,.gen,Mitglieder.GU) || 
url,isc.sans.org/diary.php?storyid=937
        2002795 || BLEEDING-EDGE VIRUS Nyxem attempting to copy WINZIP_TMP.exe 
to shares || url,www.incidents.org/diary.php?date=2006-02-02 || 
url,www.lurhq.com/blackworm.html

     -> Added to bleeding-virus.rules (3):
        #    Trojan HaxDoor
        #Submitted by Tom Fischer, 2006-01-24, modified 2/2/06 on info from 
chriss
        #from isc, by Per Kristian Johnsen of Telenor Security Center

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (19):
        2000917 || BLEEDING-EDGE Malware WhenUClick.com WhenUSave Data 
Retrieval || url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml 
|| url,www.whenusearch.com
        2000919 || BLEEDING-EDGE Malware WhenUClick.com WhenUSave Data 
Retrieval || url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml 
|| url,www.whenusearch.com
        2001079 || BLEEDING-EDGE WEB-MISC cross site scripting attempt STYLE + 
VBSCRIPT
        2001080 || BLEEDING-EDGE WEB-MISC cross site scripting attempt STYLE + 
VBSCRIPT
        2001082 || BLEEDING-EDGE WEB-MISC cross site scripting attempt STYLE + 
EXPRESSION
        2001083 || BLEEDING-EDGE WEB-MISC cross site scripting attempt STYLE + 
EXPRESSION
        2001085 || BLEEDING-EDGE WEB-MISC cross site scripting attempt 
executing hidden Javascript
        2001086 || BLEEDING-EDGE WEB-MISC cross site scripting attempt 
executing hidden Javascript
        2001488 || BLEEDING-EDGE Malware Tibsystems Spyware Activity
        2001537 || BLEEDING-EDGE Malware Spyspotter.com Access, Likely Spyware
        2002355 || BLEEDING-EDGE TROJAN Trojan.Exphook Sending Info Home || 
url,securityresponse.symantec.com/avcenter/venc/data/trojan.exphook.html
        2002356 || BLEEDING-EDGE TROJAN Trojan.Exphook Sending Info Home || 
url,securityresponse.symantec.com/avcenter/venc/data/trojan.exphook.html
        2002357 || BLEEDING-EDGE TROJAN Trojan.Exphook Sending Info Home || 
url,securityresponse.symantec.com/avcenter/venc/data/trojan.exphook.html
        2002358 || BLEEDING-EDGE TROJAN Backdoor.Graybird.O Calling Home || 
url,securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.o.html
        2002359 || BLEEDING-EDGE TROJAN Backdoor.Graybird.O Calling Home || 
url,securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.o.html
        2002705 || BLEEDING-EDGE WORM W32.Magflag.A@mm || 
url,securityresponse.symantec.com/avcenter/venc/data/w32.magflag.a@mm.html
        2002706 || BLEEDING-EDGE WORM W32.Magflag.A@mm || 
url,securityresponse.symantec.com/avcenter/venc/data/w32.magflag.a@mm.html
        2002726 || BLEEDING_EDGE VIRUS Bagle.gen SMTP Inbound (aka - 
.BK,.ET,.FT,.JH,Lodear.E,.gen,Mitglieder.GU) || 
url,isc.sans.org/diary.php?storyid=937
        2002727 || BLEEDING_EDGE VIRUS Bagle.gen SMTP Outbound (aka - 
.BK,.ET,.FT,.JH,Lodear.E,.gen,Mitglieder.GU) || 
url,isc.sans.org/diary.php?storyid=937

     -> Removed from bleeding-virus.rules (2):
        #     Trojan HaxDoor
        #Submitted by Tom Fischer, 2006-01-24



-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-sigs] Snort Community Rules Update, Sourcefire VRT
Next by Date:  [Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Previous by Thread:  [Snort-sigs] Snort Community Rules Update, Sourcefire VRT
Next by Thread:  [Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Indexes:  [Date] [Thread] [Top] [All Lists]