[Snort-sigs] Bleeding Edge Threats Daily Update

[***] Results from Oinkmaster started Thu Oct 19 21:00:06 2006 [***]

[+++]          Added rules:          [+++]

 2003123 - BLEEDING-EDGE POLICY SMTP traffic on port 25 (mail from) 
(bleeding-policy.rules)
 2003124 - BLEEDING-EDGE POLICY SMTP traffic on port 25 (rcpt to) 
(bleeding-policy.rules)
 2003125 - BLEEDING-EDGE POLICY SSL/TLS traffic on port 25 (01) 
(bleeding-policy.rules)
 2003127 - BLEEDING-EDGE POLICY SSL/TLS traffic on port 25 (00) 
(bleeding-policy.rules)
 2003136 - BLEEDING-EDGE POLICY NON-SMTP and NON-SSL/TLS traffic on port 25 
(bleeding-policy.rules)
 2003138 - BLEEDING-EDGE TROJAN SpamThru trojan peer exchange 
(bleeding-virus.rules)
 2003139 - BLEEDING-EDGE TROJAN SpamThru trojan SMTP test successful 
(bleeding-virus.rules)
 2003140 - BLEEDING-EDGE TROJAN SpamThru trojan update request 
(bleeding-virus.rules)
 2003141 - BLEEDING-EDGE TROJAN SpamThru trojan AV DLL request 
(bleeding-virus.rules)
 2003142 - BLEEDING-EDGE TROJAN SpamThru trojan spam template request 
(bleeding-virus.rules)
 2003143 - BLEEDING-EDGE TROJAN SpamThru trojan spam run report 
(bleeding-virus.rules)
 2003144 - BLEEDING-EDGE TROJAN SpamThru trojan AV scan report 
(bleeding-virus.rules)


[///]     Modified active rules:     [///]

 2003121 - BLEEDING-EDGE POLICY docs.google.com Activity (bleeding-policy.rules)
 2003122 - BLEEDING-EDGE POLICY Possible docs.google.com Activity 
(bleeding-policy.rules)
 2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source 
(bleeding-dshield.rules)
 2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING 
(bleeding-dshield-BLOCK.rules)
 2410000 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 1)  
(bleeding-botcc.rules)
 2410001 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 2)  
(bleeding-botcc.rules)
 2410002 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 3)  
(bleeding-botcc.rules)
 2410003 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 4)  
(bleeding-botcc.rules)
 2410004 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 5)  
(bleeding-botcc.rules)
 2411000 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2411001 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2411002 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2411003 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2411004 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-policy.rules (1):
        #intention is to catch traffic on port 25 that is NOT smtp or ssl/tls.

     -> Added to bleeding-sid-msg.map (14):
        2003121 || BLEEDING-EDGE POLICY docs.google.com Activity || 
url,docs.google.com
        2003122 || BLEEDING-EDGE POLICY Possible docs.google.com Activity || 
url,docs.google.com
        2003123 || BLEEDING-EDGE POLICY SMTP traffic on port 25 (mail from)
        2003124 || BLEEDING-EDGE POLICY SMTP traffic on port 25 (rcpt to)
        2003125 || BLEEDING-EDGE POLICY SSL/TLS traffic on port 25 (01)
        2003127 || BLEEDING-EDGE POLICY SSL/TLS traffic on port 25 (00)
        2003136 || BLEEDING-EDGE POLICY NON-SMTP and NON-SSL/TLS traffic on 
port 25
        2003138 || BLEEDING-EDGE TROJAN SpamThru trojan peer exchange || 
url,www.secureworks.com/analysis/spamthru/
        2003139 || BLEEDING-EDGE TROJAN SpamThru trojan SMTP test successful || 
url,www.secureworks.com/analysis/spamthru/
        2003140 || BLEEDING-EDGE TROJAN SpamThru trojan update request || 
url,www.secureworks.com/analysis/spamthru/
        2003141 || BLEEDING-EDGE TROJAN SpamThru trojan AV DLL request || 
url,www.secureworks.com/analysis/spamthru/
        2003142 || BLEEDING-EDGE TROJAN SpamThru trojan spam template request 
|| url,www.secureworks.com/analysis/spamthru/
        2003143 || BLEEDING-EDGE TROJAN SpamThru trojan spam run report || 
url,www.secureworks.com/analysis/spamthru/
        2003144 || BLEEDING-EDGE TROJAN SpamThru trojan AV scan report || 
url,www.secureworks.com/analysis/spamthru/

     -> Added to bleeding-virus.rules (1):
        #by Joe Stewart of Lurhq/Secureworks

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (2):
        2003121 || BLEEDING-EDGE docs.google.com Activity || url,docs.google.com
        2003122 || BLEEDING-EDGE Possible docs.google.com Activity || 
url,docs.google.com


-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs