Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] Bleeding Edge Threats Daily Update

from [bleeding] Network Security [Permanent Link]
Subject: [Snort-sigs] Bleeding Edge Threats Daily Update
Date: Fri, 20 Oct 2006 21:00:07 -0400 (EDT) 

[***] Results from Oinkmaster started Fri Oct 20 21:00:07 2006 [***]

[+++]          Added rules:          [+++]

 2003126 - BLEEDING-EDGE POLICY NON-SMTP and NON-SSL/TLS traffic on port 25 
(bleeding-policy.rules)
 2003128 - BLEEDING-EDGE POLICY SMTP traffic on port 25 (ehlo) 
(bleeding-policy.rules)
 2003129 - BLEEDING-EDGE POLICY SMTP traffic on port 25 (starttls) 
(bleeding-policy.rules)
 2003130 - BLEEDING-EDGE POLICY SMTP traffic on port 25 (helo) 
(bleeding-policy.rules)
 2003131 - BLEEDING-EDGE POLICY SMTP traffic on port 25 (authsmtp) 
(bleeding-policy.rules)
 2003132 - BLEEDING-EDGE TROJAN BOT - potential DDoS command (2) 
(bleeding-virus.rules)


[///]     Modified active rules:     [///]

 2001852 - BLEEDING-EDGE MALWARE 404Search Spyware User Agent 
(bleeding-malware.rules)
 2001853 - BLEEDING-EDGE MALWARE Easy Search Bar Spyware User Agent 
(bleeding-malware.rules)
 2001854 - BLEEDING-EDGE MALWARE EZULA Spyware User Agent 
(bleeding-malware.rules)
 2001855 - BLEEDING-EDGE MALWARE Fun Web Products Spyware User Agent (1) 
(bleeding-malware.rules)
 2001858 - BLEEDING-EDGE MALWARE Hotbar Spyware User Agent 
(bleeding-malware.rules)
 2001859 - BLEEDING-EDGE MALWARE Cool Web Search Spyware User Agent 
(bleeding-malware.rules)
 2001860 - BLEEDING-EDGE MALWARE Kontiki Spyware User Agent 
(bleeding-malware.rules)
 2001861 - BLEEDING-EDGE MALWARE Micro-Gaming Spyware User Agent 
(bleeding-malware.rules)
 2001862 - BLEEDING-EDGE MALWARE Surf Assistant Spyware User Agent 
(bleeding-malware.rules)
 2001863 - BLEEDING-EDGE MALWARE Fun Web Products Spyware User Agent (2) 
(bleeding-malware.rules)
 2001864 - BLEEDING-EDGE MALWARE Fun Web Products Spyware User Agent (3) 
(bleeding-malware.rules)
 2001865 - BLEEDING-EDGE MALWARE MyWebSearch Spyware User Agent 
(bleeding-malware.rules)
 2001867 - BLEEDING-EDGE MALWARE Search Engine 2000 Spyware User Agent 
(bleeding-malware.rules)
 2001868 - BLEEDING-EDGE MALWARE SureSeeker Spyware User Agent 
(bleeding-malware.rules)
 2001869 - BLEEDING-EDGE MALWARE Sidesearch Spyware User Agent 
(bleeding-malware.rules)
 2001870 - BLEEDING-EDGE MALWARE Surfplayer Spyware User Agent 
(bleeding-malware.rules)
 2001871 - BLEEDING-EDGE MALWARE Target Saver Spyware User Agent 
(bleeding-malware.rules)
 2001872 - BLEEDING-EDGE MALWARE Visicom Spyware User Agent 
(bleeding-malware.rules)
 2002032 - BLEEDING-EDGE TROJAN BOT - potential DDoS command (1) 
(bleeding-virus.rules)
 2002382 - BLEEDING-EDGE EXPLOIT Wzdftpd SITE command arbitrary command 
execution attempt (bleeding-exploit.rules)
 2003123 - BLEEDING-EDGE POLICY SMTP traffic on port 25 (mail from) 
(bleeding-policy.rules)
 2003124 - BLEEDING-EDGE POLICY SMTP traffic on port 25 (rcpt to) 
(bleeding-policy.rules)
 2003125 - BLEEDING-EDGE POLICY SSL/TLS traffic on port 25 (01) 
(bleeding-policy.rules)
 2003127 - BLEEDING-EDGE POLICY SSL/TLS traffic on port 25 (00) 
(bleeding-policy.rules)
 2400000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2400001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2400002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2400003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2400004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2401000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2401001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2401002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2401003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2401004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source 
(bleeding-dshield.rules)
 2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING 
(bleeding-dshield-BLOCK.rules)
 2410000 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 1)  
(bleeding-botcc.rules)
 2410001 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 2)  
(bleeding-botcc.rules)
 2410002 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 3)  
(bleeding-botcc.rules)
 2410003 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 4)  
(bleeding-botcc.rules)
 2410004 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 5)  
(bleeding-botcc.rules)
 2411000 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2411001 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2411002 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2411003 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2411004 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)


[---]         Removed rules:         [---]

 2001866 - BLEEDING-EDGE MALWARE Smartpops/Mediaload Spyware User Agent 
(bleeding-malware.rules)
 2002077 - BLEEDING-EDGE Malware IEBar Spyware User Agent Activity 
(bleeding-malware.rules)
 2002162 - BLEEDING-EDGE MALWARE CoolWebSearch Spyware (SCAgent) 
(bleeding-malware.rules)
 2002669 - BLEEDING-EDGE TROJAN Potential New Spambot Proxy Control Channel - 
Please report hits to bleeding-sigs@bleedingsnort.com (bleeding-virus.rules)
 2003136 - BLEEDING-EDGE POLICY NON-SMTP and NON-SSL/TLS traffic on port 25 
(bleeding-policy.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-drop-BLOCK.rules (3):
        # Rules to block Spamhaus DROP listed networks (www.spamhaus.org)
        # Please submit any feedback or ideas to bleeding@bleedingsnort.com or 
the bleeding-sigs mailing list
        #  VERSION 2054

     -> Added to bleeding-drop.rules (3):
        # Rules to block Spamhaus DROP listed networks (www.spamhaus.org)
        # Please submit any feedback or ideas to bleeding@bleedingsnort.com or 
the bleeding-sigs mailing list
        #  VERSION 2054

     -> Added to bleeding-sid-msg.map (25):
        2001852 || BLEEDING-EDGE MALWARE 404Search Spyware User Agent || 
url,www.bleedingedgethreats.net/cgi-bin/viewcvs.cgi/?root=Spyware-User-Agents
        2001853 || BLEEDING-EDGE MALWARE Easy Search Bar Spyware User Agent || 
url,www.bleedingedgethreats.net/cgi-bin/viewcvs.cgi/?root=Spyware-User-Agents
        2001854 || BLEEDING-EDGE MALWARE EZULA Spyware User Agent || 
url,www.bleedingedgethreats.net/cgi-bin/viewcvs.cgi/?root=Spyware-User-Agents
        2001855 || BLEEDING-EDGE MALWARE Fun Web Products Spyware User Agent 
(1) || 
url,www.bleedingedgethreats.net/cgi-bin/viewcvs.cgi/?root=Spyware-User-Agents
        2001858 || BLEEDING-EDGE MALWARE Hotbar Spyware User Agent || 
url,www.bleedingedgethreats.net/cgi-bin/viewcvs.cgi/?root=Spyware-User-Agents
        2001859 || BLEEDING-EDGE MALWARE Cool Web Search Spyware User Agent || 
url,www.bleedingedgethreats.net/cgi-bin/viewcvs.cgi/?root=Spyware-User-Agents
        2001860 || BLEEDING-EDGE MALWARE Kontiki Spyware User Agent || 
url,www.bleedingedgethreats.net/cgi-bin/viewcvs.cgi/?root=Spyware-User-Agents
        2001861 || BLEEDING-EDGE MALWARE Micro-Gaming Spyware User Agent || 
url,www.bleedingedgethreats.net/cgi-bin/viewcvs.cgi/?root=Spyware-User-Agents
        2001862 || BLEEDING-EDGE MALWARE Surf Assistant Spyware User Agent || 
url,www.bleedingedgethreats.net/cgi-bin/viewcvs.cgi/?root=Spyware-User-Agents
        2001863 || BLEEDING-EDGE MALWARE Fun Web Products Spyware User Agent 
(2) || 
url,www.bleedingedgethreats.net/cgi-bin/viewcvs.cgi/?root=Spyware-User-Agents
        2001864 || BLEEDING-EDGE MALWARE Fun Web Products Spyware User Agent 
(3) || 
url,www.bleedingedgethreats.net/cgi-bin/viewcvs.cgi/?root=Spyware-User-Agents3
        2001865 || BLEEDING-EDGE MALWARE MyWebSearch Spyware User Agent || 
url,www.bleedingedgethreats.net/cgi-bin/viewcvs.cgi/?root=Spyware-User-Agents
        2001867 || BLEEDING-EDGE MALWARE Search Engine 2000 Spyware User Agent 
|| url,www.bleedingedgethreats.net/cgi-bin/viewcvs.cgi/?root=Spyware-User-Agents
        2001868 || BLEEDING-EDGE MALWARE SureSeeker Spyware User Agent || 
url,www.bleedingedgethreats.net/cgi-bin/viewcvs.cgi/?root=Spyware-User-Agents
        2001869 || BLEEDING-EDGE MALWARE Sidesearch Spyware User Agent || 
url,www.bleedingedgethreats.net/cgi-bin/viewcvs.cgi/?root=Spyware-User-Agents
        2001870 || BLEEDING-EDGE MALWARE Surfplayer Spyware User Agent || 
url,www.bleedingedgethreats.net/cgi-bin/viewcvs.cgi/?root=Spyware-User-Agents
        2001871 || BLEEDING-EDGE MALWARE Target Saver Spyware User Agent || 
url,www.bleedingedgethreats.net/cgi-bin/viewcvs.cgi/?root=Spyware-User-Agents
        2001872 || BLEEDING-EDGE MALWARE Visicom Spyware User Agent || 
url,www.bleedingedgethreats.net/cgi-bin/viewcvs.cgi/?root=Spyware-User-Agents
        2002032 || BLEEDING-EDGE TROJAN BOT - potential DDoS command (1)
        2003126 || BLEEDING-EDGE POLICY NON-SMTP and NON-SSL/TLS traffic on 
port 25
        2003128 || BLEEDING-EDGE POLICY SMTP traffic on port 25 (ehlo)
        2003129 || BLEEDING-EDGE POLICY SMTP traffic on port 25 (starttls)
        2003130 || BLEEDING-EDGE POLICY SMTP traffic on port 25 (helo)
        2003131 || BLEEDING-EDGE POLICY SMTP traffic on port 25 (authsmtp)
        2003132 || BLEEDING-EDGE TROJAN BOT - potential DDoS command (2)

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-drop-BLOCK.rules (6):
        # $Id: bleeding-drop.rules $
        # Bleeding Snort drop rules.
        #These are generated from the Spamhaus DROP list available at
        #  http://www.spamhaus.org/DROP/
        # SID's are 2400000+ to avoid conflicts
        # Please submit any custom rules or ideas to bleeding@bleedingsnort.com 
or the snort-sigs mailing list

     -> Removed from bleeding-drop.rules (6):
        # $Id: bleeding-drop.rules $
        # Bleeding Snort drop rules.
        #These are generated from the Spamhaus DROP list available at
        #  http://www.spamhaus.org/DROP/
        # SID's are 2400000+ to avoid conflicts
        # Please submit any custom rules or ideas to bleeding@bleedingsnort.com 
or the snort-sigs mailing list

     -> Removed from bleeding-malware.rules (3):
        #This is used by a number of things, not unique to spartpops
        #disabling, it hits on normal traffic from Windows Media Player, and 
others. Needs more research
        #Disabling, Hits on regular windows update type traffic to 
sa.windows.com

     -> Removed from bleeding-sid-msg.map (24):
        2001852 || BLEEDING-EDGE MALWARE 404Search Spyware User Agent || 
url,www.bleedingsnort.com/article.php?story=20050303190103553
        2001853 || BLEEDING-EDGE MALWARE Easy Search Bar Spyware User Agent || 
url,www.bleedingsnort.com/article.php?story=20050303190103553
        2001854 || BLEEDING-EDGE MALWARE EZULA Spyware User Agent || 
url,www.bleedingsnort.com/article.php?story=20050303190103553
        2001855 || BLEEDING-EDGE MALWARE Fun Web Products Spyware User Agent 
(1) || url,www.bleedingsnort.com/article.php?story=20050303190103553
        2001858 || BLEEDING-EDGE MALWARE Hotbar Spyware User Agent || 
url,www.bleedingsnort.com/article.php?story=20050303190103553
        2001859 || BLEEDING-EDGE MALWARE Cool Web Search Spyware User Agent || 
url,www.bleedingsnort.com/article.php?story=20050303190103553
        2001860 || BLEEDING-EDGE MALWARE Kontiki Spyware User Agent || 
url,www.bleedingsnort.com/article.php?story=20050303190103553
        2001861 || BLEEDING-EDGE MALWARE Micro-Gaming Spyware User Agent || 
url,www.bleedingsnort.com/article.php?story=20050303190103553
        2001862 || BLEEDING-EDGE MALWARE Surf Assistant Spyware User Agent || 
url,www.bleedingsnort.com/article.php?story=20050303190103553
        2001863 || BLEEDING-EDGE MALWARE Fun Web Products Spyware User Agent 
(2) || url,www.bleedingsnort.com/article.php?story=20050303190103553
        2001864 || BLEEDING-EDGE MALWARE Fun Web Products Spyware User Agent 
(3) || url,www.bleedingsnort.com/article.php?story=20050303190103553
        2001865 || BLEEDING-EDGE MALWARE MyWebSearch Spyware User Agent || 
url,www.bleedingsnort.com/article.php?story=20050303190103553
        2001866 || BLEEDING-EDGE MALWARE Smartpops/Mediaload Spyware User Agent 
|| url,www.bleedingsnort.com/article.php?story=20050303190103553
        2001867 || BLEEDING-EDGE MALWARE Search Engine 2000 Spyware User Agent 
|| url,www.bleedingsnort.com/article.php?story=20050303190103553
        2001868 || BLEEDING-EDGE MALWARE SureSeeker Spyware User Agent || 
url,www.bleedingsnort.com/article.php?story=20050303190103553
        2001869 || BLEEDING-EDGE MALWARE Sidesearch Spyware User Agent || 
url,www.bleedingsnort.com/article.php?story=20050303190103553
        2001870 || BLEEDING-EDGE MALWARE Surfplayer Spyware User Agent || 
url,www.bleedingsnort.com/article.php?story=20050303190103553
        2001871 || BLEEDING-EDGE MALWARE Target Saver Spyware User Agent || 
url,www.bleedingsnort.com/article.php?story=20050303190103553
        2001872 || BLEEDING-EDGE MALWARE Visicom Spyware User Agent || 
url,www.bleedingsnort.com/article.php?story=20050303190103553
        2002032 || BLEEDING-EDGE TROJAN BOT - potential DDoS command
        2002077 || BLEEDING-EDGE Malware IEBar Spyware User Agent Activity || 
url,castlecops.com/tk1463-IEBAR_DLL.html
        2002162 || BLEEDING-EDGE MALWARE CoolWebSearch Spyware (SCAgent) || 
url,www.doxdesk.com/parasite/CoolWebSearch.html || 
url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453075759 || 
url,www.spywareguide.com/product_show.php?id=599
        2002669 || BLEEDING-EDGE TROJAN Potential New Spambot Proxy Control 
Channel - Please report hits to bleeding-sigs@bleedingsnort.com
        2003136 || BLEEDING-EDGE POLICY NON-SMTP and NON-SSL/TLS traffic on 
port 25

     -> Removed from bleeding-virus.rules (1):
        #by Jeff Kell


-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-sigs] Rule Edit: COMMUNITY BOT GTBot ver command, Blake Hartstein
Next by Date:  Re: [Snort-sigs] Snort Community Rules Update, info+lucretia.ca
Previous by Thread:  [Snort-sigs] Bleeding Edge Threats Daily Update, bleeding
Next by Thread:  [Snort-sigs] Bleeding Edge Threats Daily Update, bleeding
Indexes:  [Date] [Thread] [Top] [All Lists]