Network Security: Detailed info on [Snort-sigs] Bleedingsnort.com Daily Update

Subject:	[Snort-sigs] Bleedingsnort.com Daily Update
Date:	Thu, 27 Jul 2006 21:00:12 -0400 (EDT)


[***] Results from Oinkmaster started Thu Jul 27 21:00:12 2006 [***]

[+++]          Added rules:          [+++]

 2003056 - BLEEDING-EDGE WEB-MISC EiQNetworks Security Analyzer Buffer Overflow 
(bleeding-web.rules)
 2003057 - BLEEDING-EDGE MALWARE 180solutions Spyware Actionlibs Download 
(bleeding-malware.rules)
 2003058 - BLEEDING-EDGE MALWARE 180solutions (Zango) Spyware Installer 
Download (bleeding-malware.rules)
 2003059 - BLEEDING-EDGE MALWARE 180solutions (Zango) Spyware TB Installer 
Download (bleeding-malware.rules)
 2003060 - BLEEDING-EDGE MALWARE 180solutions (Zango) Spyware Local Stats Post 
(bleeding-malware.rules)
 2003061 - BLEEDING-EDGE MALWARE 180solutions (Zango) Spyware Event Activity 
Post (bleeding-malware.rules)
 2003062 - BLEEDING-EDGE MALWARE 180 Solutions (Zango Installer) User Agent 
(bleeding-malware.rules)


[///]     Modified active rules:     [///]

 2400000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2400001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2400002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2400003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2400004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2401000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2401001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2401002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2401003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2401004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)


[---]         Removed rules:         [---]

 2003043 - BLEEDING-EDGE VIRUS Suspicious SMTP HELO Outbound [zombie] - 
Possible Bot (bleeding-virus.rules)
 2003044 - BLEEDING-EDGE VIRUS Suspicious SMTP EHLO Outbound [zombie] - 
Possible Bot (bleeding-virus.rules)
 2003049 - BLEEDING-EDGE VIRUS Suspicious SMTP EHLO Outbound [billy] - Possible 
Bot (bleeding-virus.rules)
 2003050 - BLEEDING-EDGE VIRUS Suspicious SMTP EHLO Intbound [billy] 
(bleeding-virus.rules)
 2003051 - BLEEDING-EDGE VIRUS Suspicious SMTP HELO Outbound [billy] - Possible 
Bot (bleeding-virus.rules)
 2003052 - BLEEDING-EDGE VIRUS Suspicious SMTP HELO Intbound [billy] 
(bleeding-virus.rules)
 2003053 - BLEEDING-EDGE VIRUS Suspicious SMTP HELO Inbound [zombie] 
(bleeding-virus.rules)
 2003054 - BLEEDING-EDGE VIRUS Suspicious SMTP EHLO Inbound [zombie] 
(bleeding-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-malware.rules (1):
        #Matt Jonkman. Bundled from Warner Brothers Kids site.. can you believe 
that crap? Guess where my kids WON'T be spending my money....

     -> Added to bleeding-sid-msg.map (7):
        2003056 || BLEEDING-EDGE WEB-MISC EiQNetworks Security Analyzer Buffer 
Overflow || url,secunia.com/advisories/21211/ || cve,2006-3838
        2003057 || BLEEDING-EDGE MALWARE 180solutions Spyware Actionlibs 
Download || 
url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html
        2003058 || BLEEDING-EDGE MALWARE 180solutions (Zango) Spyware Installer 
Download || 
url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html
        2003059 || BLEEDING-EDGE MALWARE 180solutions (Zango) Spyware TB 
Installer Download || 
url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html
        2003060 || BLEEDING-EDGE MALWARE 180solutions (Zango) Spyware Local 
Stats Post || 
url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html
        2003061 || BLEEDING-EDGE MALWARE 180solutions (Zango) Spyware Event 
Activity Post || 
url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html
        2003062 || BLEEDING-EDGE MALWARE 180 Solutions (Zango Installer) User 
Agent

     -> Added to bleeding-web.rules (1):
        #by Blake Hartstein from Demarc

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (8):
        2003043 || BLEEDING-EDGE VIRUS Suspicious SMTP HELO Outbound [zombie] - 
Possible Bot
        2003044 || BLEEDING-EDGE VIRUS Suspicious SMTP EHLO Outbound [zombie] - 
Possible Bot
        2003049 || BLEEDING-EDGE VIRUS Suspicious SMTP EHLO Outbound [billy] - 
Possible Bot
        2003050 || BLEEDING-EDGE VIRUS Suspicious SMTP EHLO Intbound [billy]
        2003051 || BLEEDING-EDGE VIRUS Suspicious SMTP HELO Outbound [billy] - 
Possible Bot
        2003052 || BLEEDING-EDGE VIRUS Suspicious SMTP HELO Intbound [billy]
        2003053 || BLEEDING-EDGE VIRUS Suspicious SMTP HELO Inbound [zombie]
        2003054 || BLEEDING-EDGE VIRUS Suspicious SMTP EHLO Inbound [zombie]

     -> Removed from bleeding-virus.rules (2):
        #These sigs are for the unique things that spam bots do in how they talk
        #Submitted by Scott Melnick


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

<Prev in Thread]	Current Thread	[Next in Thread>
[Snort-sigs] Bleedingsnort.com Daily Update, (continued) [Snort-sigs] Bleedingsnort.com Daily Update, bleeding [Snort-sigs] Bleedingsnort.com Daily Update, bleeding [Snort-sigs] Bleedingsnort.com Daily Update, bleeding [Snort-sigs] Bleedingsnort.com Daily Update, bleeding [Snort-sigs] Bleedingsnort.com Daily Update, bleeding [Snort-sigs] Bleedingsnort.com Daily Update, bleeding [Snort-sigs] Bleedingsnort.com Daily Update, bleeding [Snort-sigs] Bleedingsnort.com Daily Update, bleeding [Snort-sigs] Bleedingsnort.com Daily Update, bleeding [Snort-sigs] Bleedingsnort.com Daily Update, bleeding [Snort-sigs] Bleedingsnort.com Daily Update, bleeding <= [Snort-sigs] Bleedingsnort.com Daily Update, bleeding [Snort-sigs] Bleedingsnort.com Daily Update, bleeding

Previous by Date:	[Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Next by Date:	[Snort-sigs] bad rule, Gentoo-Wally
Previous by Thread:	[Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Next by Thread:	[Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Indexes:	[Date] [Thread] [Top] [All Lists]