Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] Bleedingsnort.com Daily Update

from [bleeding] Network Security [Permanent Link]
Subject: [Snort-sigs] Bleedingsnort.com Daily Update
Date: Tue, 15 Aug 2006 21:00:09 -0400 (EDT) 

[***] Results from Oinkmaster started Tue Aug 15 21:00:09 2006 [***]

[///]     Modified active rules:     [///]

 2001841 - BLEEDING-EDGE P2P UDP traffic - Likely Limewire (bleeding-p2p.rules)
 2001961 - BLEEDING-EDGE VIRUS Hotword Trojan - Possible File Upload CHJO 
(bleeding-virus.rules)
 2001962 - BLEEDING-EDGE VIRUS Hotword Trojan - Possible File Upload CFXP 
(bleeding-virus.rules)
 2001963 - BLEEDING-EDGE VIRUS Hotword Trojan - Possible FTP File Request 
pspv.exe (bleeding-virus.rules)
 2001964 - BLEEDING-EDGE VIRUS Hotword Trojan - Possible FTP File Request .tea 
(bleeding-virus.rules)
 2001965 - BLEEDING-EDGE VIRUS Hotword Trojan - Possible FTP File Status Upload 
___ (bleeding-virus.rules)
 2001966 - BLEEDING-EDGE VIRUS Hotword Trojan - Possible FTP File Status Check 
___ (bleeding-virus.rules)
 2002087 - BLEEDING-EDGE POLICY Inbound Frequent Emails - Possible Spambot 
Inbound (bleeding-policy.rules)
 2002091 - BLEEDING-EDGE Malware Searchmiracle.com Spyware Install - silent.exe 
(bleeding-malware.rules)
 2002092 - BLEEDING-EDGE Malware yupsearch.com Spyware Install - protector.exe 
(bleeding-malware.rules)
 2002098 - BLEEDING-EDGE Malware yupsearch.com Spyware Install - sideb.exe 
(bleeding-malware.rules)
 2002120 - BLEEDING-EDGE EXPLOIT Potential MS05-036 exploit - JPEG with 
embedded ICC - Excessive Profile Size (bleeding-exploit.rules)
 2002121 - BLEEDING-EDGE EXPLOIT Potential MS05-036 exploit - JPEG with 
embedded ICC - Excessive Tag Count (bleeding-exploit.rules)
 2002122 - BLEEDING-EDGE EXPLOIT Potential MS05-036 exploit - GIF with embedded 
ICC - Excessive Profile Size (bleeding-exploit.rules)
 2002123 - BLEEDING-EDGE EXPLOIT Potential MS05-036 exploit - GIF with embedded 
ICC - Excessive Tag Count (bleeding-exploit.rules)
 2002134 - BLEEDING-EDGE EXPLOIT MS05-036 exploit - JPEG ICC r/b/g/XYZ 
GetColorProfileElement overflow (bleeding-exploit.rules)
 2002137 - BLEEDING-EDGE EXPLOIT MS05-036 exploit - GIF ICC r/b/g/XYZ 
GetColorProfileElement overflow (bleeding-exploit.rules)
 2002153 - BLEEDING-EDGE MALWARE EXE as User Agent - Potential Spyware 
(bleeding-malware.rules)
 2002167 - BLEEDING-EDGE MALWARE Possible Spyware - Wise User Agent 
(bleeding-malware.rules)
 2002656 - BLEEDING-EDGE EXPLOIT malformed Sack - Snort DoS-by-$um$id 
(bleeding-exploit.rules)
 2002679 - BLEEDING-EDGE Malware Sony DRM Related - CodeSupport ActiveX Attempt 
(bleeding-malware.rules)
 2002680 - BLEEDING-EDGE Malware Sony DRM - Uninstaller CLSID 
(bleeding-malware.rules)
 2002732 - BLEEDING-EDGE VIRUS Multiple Time server requests - Possible Sober 
Infection (bleeding-virus.rules)
 2002897 - BLEEDING-EDGE WEB Horde README access probe (bleeding-web.rules)
 2002970 - BLEEDING-EDGE MALWARE VB WinHTTP User Agent - Possible Malware 
(bleeding-malware.rules)
 2400000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2400001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2400002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2400003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2400004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2401000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2401001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2401002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2401003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2401004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)


[///]    Modified inactive rules:    [///]

 2001615 - BLEEDING-EDGE VIRUS PHPInclude.Worm Outbound Attack - LOCAL 
INFECTION (bleeding-virus.rules)
 2001723 - BLEEDING-EDGE EXPLOIT ATmaCA PoC for CORE-2004-0819 - Bad PNG 
(bleeding-exploit.rules)
 2002124 - BLEEDING-EDGE EXPLOIT Potential MS05-036 exploit - PNG with embedded 
ICC document (bleeding-exploit.rules)
 2002669 - BLEEDING-EDGE TROJAN Potential New Spambot Proxy Control Channel - 
Please report hits to bleeding-sigs@bleedingsnort.com (bleeding-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (29):
        2001615 || BLEEDING-EDGE VIRUS PHPInclude.Worm Outbound Attack - LOCAL 
INFECTION || url,www.k-otik.com/exploits/20041225.PhpIncludeWorm.php
        2001723 || BLEEDING-EDGE EXPLOIT ATmaCA PoC for CORE-2004-0819 - Bad PNG
        2001841 || BLEEDING-EDGE P2P UDP traffic - Likely Limewire || 
url,www.limewire.com
        2001961 || BLEEDING-EDGE VIRUS Hotword Trojan - Possible File Upload 
CHJO || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2001962 || BLEEDING-EDGE VIRUS Hotword Trojan - Possible File Upload 
CFXP || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2001963 || BLEEDING-EDGE VIRUS Hotword Trojan - Possible FTP File 
Request pspv.exe || 
url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2001964 || BLEEDING-EDGE VIRUS Hotword Trojan - Possible FTP File 
Request .tea || 
url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2001965 || BLEEDING-EDGE VIRUS Hotword Trojan - Possible FTP File 
Status Upload ___ || 
url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2001966 || BLEEDING-EDGE VIRUS Hotword Trojan - Possible FTP File 
Status Check ___ || 
url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2002087 || BLEEDING-EDGE POLICY Inbound Frequent Emails - Possible 
Spambot Inbound
        2002091 || BLEEDING-EDGE Malware Searchmiracle.com Spyware Install - 
silent.exe || url,www.searchmiracle.com
        2002092 || BLEEDING-EDGE Malware yupsearch.com Spyware Install - 
protector.exe || url,www.yupsearch.com
        2002098 || BLEEDING-EDGE Malware yupsearch.com Spyware Install - 
sideb.exe || url,www.yupsearch.com
        2002120 || BLEEDING-EDGE EXPLOIT Potential MS05-036 exploit - JPEG with 
embedded ICC - Excessive Profile Size || cve,CVE-2005-1219 || 
url,www.microsoft.com/technet/security/Bulletin/MS05-036.mspx
        2002121 || BLEEDING-EDGE EXPLOIT Potential MS05-036 exploit - JPEG with 
embedded ICC - Excessive Tag Count || cve,CVE-2005-1219 || 
url,www.microsoft.com/technet/security/Bulletin/MS05-036.mspx
        2002122 || BLEEDING-EDGE EXPLOIT Potential MS05-036 exploit - GIF with 
embedded ICC - Excessive Profile Size || cve,CVE-2005-1219 || 
url,www.microsoft.com/technet/security/Bulletin/MS05-036.mspx
        2002123 || BLEEDING-EDGE EXPLOIT Potential MS05-036 exploit - GIF with 
embedded ICC - Excessive Tag Count || cve,CVE-2005-1219 || 
url,www.microsoft.com/technet/security/Bulletin/MS05-036.mspx
        2002124 || BLEEDING-EDGE EXPLOIT Potential MS05-036 exploit - PNG with 
embedded ICC document || cve,CVE-2005-1219 || 
url,www.microsoft.com/technet/security/Bulletin/MS05-036.mspx
        2002134 || BLEEDING-EDGE EXPLOIT MS05-036 exploit - JPEG ICC r/b/g/XYZ 
GetColorProfileElement overflow || cve,CVE-2005-1219 || 
url,www.microsoft.com/technet/security/Bulletin/MS05-036.mspx
        2002137 || BLEEDING-EDGE EXPLOIT MS05-036 exploit - GIF ICC r/b/g/XYZ 
GetColorProfileElement overflow || cve,CVE-2005-1219 || 
url,www.microsoft.com/technet/security/Bulletin/MS05-036.mspx
        2002153 || BLEEDING-EDGE MALWARE EXE as User Agent - Potential Spyware
        2002167 || BLEEDING-EDGE MALWARE Possible Spyware - Wise User Agent || 
url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453076771
        2002656 || BLEEDING-EDGE EXPLOIT malformed Sack - Snort DoS-by-$um$id
        2002669 || BLEEDING-EDGE TROJAN Potential New Spambot Proxy Control 
Channel - Please report hits to bleeding-sigs@bleedingsnort.com
        2002679 || BLEEDING-EDGE Malware Sony DRM Related - CodeSupport ActiveX 
Attempt || url,www.hack.fi/~muzzy/sony-drm/ || 
url,www.frsirt.com/english/advisories/2005/2454
        2002680 || BLEEDING-EDGE Malware Sony DRM - Uninstaller CLSID || 
url,www.microsoft.com/technet/security/bulletin/ms05-054.mspx || 
url,www.frsirt.com/english/advisories/2005/2493 || 
url,www.freedom-to-tinker.com/?p=931
        2002732 || BLEEDING-EDGE VIRUS Multiple Time server requests - Possible 
Sober Infection || 
url,www.bleedingsnort.com/forum/viewtopic.php?forum=3&showtopic=1540
        2002897 || BLEEDING-EDGE WEB Horde README access probe || 
url,csirt.terradon.com/postarchive.php?month=4&year=2006#article28 || 
cve,CVE-2006-1491
        2002970 || BLEEDING-EDGE MALWARE VB WinHTTP User Agent - Possible 
Malware

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (29):
        2001615 || BLEEDING-EDGE VIRUS PHPInclude.Worm Outbound Attack --LOCAL 
INFECTION-- || url,www.k-otik.com/exploits/20041225.PhpIncludeWorm.php
        2001723 || BLEEDING-EDGE EXPLOIT ATmaCA PoC for CORE-2004-0819 -- bad 
PNG
        2001841 || BLEEDING-EDGE P2P UDP traffic -- Likely Limewire || 
url,www.limewire.com
        2001961 || BLEEDING-EDGE VIRUS Hotword Trojan -- Possible File Upload 
CHJO || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2001962 || BLEEDING-EDGE VIRUS Hotword Trojan -- Possible File Upload 
CFXP || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2001963 || BLEEDING-EDGE VIRUS Hotword Trojan -- Possible FTP File 
Request pspv.exe || 
url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2001964 || BLEEDING-EDGE VIRUS Hotword Trojan -- Possible FTP File 
Request .tea || 
url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2001965 || BLEEDING-EDGE VIRUS Hotword Trojan -- Possible FTP File 
Status Upload ___ || 
url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2001966 || BLEEDING-EDGE VIRUS Hotword Trojan -- Possible FTP File 
Status Check ___ || 
url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2002087 || BLEEDING-EDGE POLICY Inbound Frequent Emails -- Possible 
Spambot Inbound
        2002091 || BLEEDING-EDGE Malware Searchmiracle.com Spyware Install -- 
silent.exe || url,www.searchmiracle.com
        2002092 || BLEEDING-EDGE Malware yupsearch.com Spyware Install -- 
protector.exe || url,www.yupsearch.com
        2002098 || BLEEDING-EDGE Malware yupsearch.com Spyware Install -- 
sideb.exe || url,www.yupsearch.com
        2002120 || BLEEDING-EDGE EXPLOIT Potential MS05-036 exploit -- JPEG 
with embedded ICC - Excessive Profile Size || cve,CVE-2005-1219 || 
url,www.microsoft.com/technet/security/Bulletin/MS05-036.mspx
        2002121 || BLEEDING-EDGE EXPLOIT Potential MS05-036 exploit -- JPEG 
with embedded ICC - Excessive Tag Count || cve,CVE-2005-1219 || 
url,www.microsoft.com/technet/security/Bulletin/MS05-036.mspx
        2002122 || BLEEDING-EDGE EXPLOIT Potential MS05-036 exploit -- GIF with 
embedded ICC - Excessive Profile Size || cve,CVE-2005-1219 || 
url,www.microsoft.com/technet/security/Bulletin/MS05-036.mspx
        2002123 || BLEEDING-EDGE EXPLOIT Potential MS05-036 exploit -- GIF with 
embedded ICC - Excessive Tag Count || cve,CVE-2005-1219 || 
url,www.microsoft.com/technet/security/Bulletin/MS05-036.mspx
        2002124 || BLEEDING-EDGE EXPLOIT Potential MS05-036 exploit -- PNG with 
embedded ICC document || cve,CVE-2005-1219 || 
url,www.microsoft.com/technet/security/Bulletin/MS05-036.mspx
        2002134 || BLEEDING-EDGE EXPLOIT MS05-036 exploit -- JPEG ICC r/b/g/XYZ 
GetColorProfileElement overflow || cve,CVE-2005-1219 || 
url,www.microsoft.com/technet/security/Bulletin/MS05-036.mspx
        2002137 || BLEEDING-EDGE EXPLOIT MS05-036 exploit -- GIF ICC r/b/g/XYZ 
GetColorProfileElement overflow || cve,CVE-2005-1219 || 
url,www.microsoft.com/technet/security/Bulletin/MS05-036.mspx
        2002153 || BLEEDING-EDGE MALWARE EXE as User Agent -- Potential Spyware
        2002167 || BLEEDING-EDGE MALWARE Possible Spyware -- Wise User Agent || 
url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453076771
        2002656 || BLEEDING-EDGE EXPLOIT malformed Sack --Snort DoS-by-$um$id
        2002669 || BLEEDING-EDGE TROJAN Potential New Spambot Proxy Control 
Channel -- Please report hits to bleeding-sigs@bleedingsnort.com
        2002679 || BLEEDING-EDGE Malware Sony DRM Related -- CodeSupport 
ActiveX Attempt || url,www.hack.fi/~muzzy/sony-drm/ || 
url,www.frsirt.com/english/advisories/2005/2454
        2002680 || BLEEDING-EDGE Malware Sony DRM -- Uninstaller CLSID || 
url,www.microsoft.com/technet/security/bulletin/ms05-054.mspx || 
url,www.frsirt.com/english/advisories/2005/2493 || 
url,www.freedom-to-tinker.com/?p=931
        2002732 || BLEEDING-EDGE VIRUS Multiple Time server requests -- 
Possible Sober Infection || 
url,www.bleedingsnort.com/forum/viewtopic.php?forum=3&showtopic=1540
        2002897 || BLEEDING-EDGE WEB Horde README access -- Probe || 
url,csirt.terradon.com/postarchive.php?month=4&year=2006#article28 || 
cve,CVE-2006-1491
        2002970 || BLEEDING-EDGE MALWARE VB WinHTTP User Agent -- Possible 
Malware


-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Next by Date:  [Snort-sigs] Powergap Remote File Inclusion Signatures, Ureleet Ureleet
Previous by Thread:  [Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Next by Thread:  [Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Indexes:  [Date] [Thread] [Top] [All Lists]