[Snort-sigs] Bleeding Edge Threats Daily Signature Changes

[***] Results from Oinkmaster started Mon Jan 22 20:00:08 2007 [***]

[+++]          Added rules:          [+++]

 2003298 - BLEEDING-EDGE MALWARE KMIP.net Spyware (bleeding-malware.rules)
 2003299 - BLEEDING-EDGE TROJAN Stormy P2P bot C&C Seek Traffic Outbound 
(bleeding-virus.rules)
 2003300 - BLEEDING-EDGE TROJAN Stormy P2P bot C&C Reply Traffic Inbound 
(bleeding-virus.rules)
 2003301 - BLEEDING-EDGE TROJAN Stormy P2P bot C&C Data Traffic Inbound 
(bleeding-virus.rules)
 2003302 - BLEEDING-EDGE TROJAN psyBNC IRC Server Connection 
(bleeding-virus.rules)
 2003303 - BLEEDING-EDGE POLICY FTP Login Attempt (non-anonymous) 
(bleeding-policy.rules)
 2003304 - BLEEDING-EDGE MALWARE Effectivebrands.com Spyware Checkin 
(bleeding-malware.rules)
 2003305 - BLEEDING-EDGE MALWARE Zango-Hotbar User Agent (sbu-hb-) 
(bleeding-malware.rules)
 2003306 - BLEEDING-EDGE MALWARE 180solutions Spyware (tracked event 2 
reporting) (bleeding-malware.rules)
 2003307 - BLEEDING-EDGE Malware Comet Systems Spyware Cursor DL 
(bleeding-malware.rules)
 2003308 - BLEEDING-EDGE P2P Edonkey IP Request (bleeding-p2p.rules)
 2003309 - BLEEDING-EDGE P2P Edonkey IP Reply (bleeding-p2p.rules)
 2003310 - BLEEDING-EDGE P2P Edonkey Publicize File (bleeding-p2p.rules)
 2003311 - BLEEDING-EDGE P2P Edonkey Publicize File ACK (bleeding-p2p.rules)
 2003312 - BLEEDING-EDGE P2P Edonkey Connect Request (bleeding-p2p.rules)
 2003313 - BLEEDING-EDGE P2P Edonkey Connect Reply and Server List 
(bleeding-p2p.rules)
 2003314 - BLEEDING-EDGE P2P Edonkey Search Request (by file hash) 
(bleeding-p2p.rules)
 2003315 - BLEEDING-EDGE P2P Edonkey Search Reply (bleeding-p2p.rules)
 2003316 - BLEEDING-EDGE P2P Edonkey IP Query End (bleeding-p2p.rules)
 2003317 - BLEEDING-EDGE P2P Edonkey Search Request (any type file) 
(bleeding-p2p.rules)
 2003318 - BLEEDING-EDGE P2P Edonkey Get Sources Request (by hash) 
(bleeding-p2p.rules)
 2003319 - BLEEDING-EDGE P2P Edonkey Search Request (search by name) 
(bleeding-p2p.rules)
 2003320 - BLEEDING-EDGE P2P Edonkey Search Results (bleeding-p2p.rules)
 2003321 - BLEEDING-EDGE P2P Edonkey Server Message (bleeding-p2p.rules)
 2003322 - BLEEDING-EDGE P2P Edonkey Server List (bleeding-p2p.rules)
 2003323 - BLEEDING-EDGE P2P Edonkey Client to Server Hello (bleeding-p2p.rules)
 2003324 - BLEEDING-EDGE P2P Edonkey Server Status (bleeding-p2p.rules)


[///]     Modified active rules:     [///]

 2000335 - BLEEDING-EDGE P2P Overnet (Edonkey) Server Announce 
(bleeding-p2p.rules)
 2001298 - BLEEDING-EDGE P2P eDonkey Server Status Request (bleeding-p2p.rules)
 2001299 - BLEEDING-EDGE P2P eDonkey Server Status (bleeding-p2p.rules)
 2400000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2400001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2400002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2400003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2400004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2401000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2401001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2401002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2401003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2401004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source 
(bleeding-dshield.rules)
 2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING 
(bleeding-dshield-BLOCK.rules)
 2404000 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 1)  
(bleeding-botcc.rules)
 2404001 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 2)  
(bleeding-botcc.rules)
 2404002 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 3)  
(bleeding-botcc.rules)
 2404003 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 4)  
(bleeding-botcc.rules)
 2404004 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 5)  
(bleeding-botcc.rules)
 2404005 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 6)  
(bleeding-botcc.rules)
 2405000 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405001 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405002 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405003 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405004 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405005 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)


[---]         Disabled rules:        [---]

 2000330 - BLEEDING-EDGE P2P ed2k connection to server (bleeding-p2p.rules)


[---]         Removed rules:         [---]

 2000331 - BLEEDING-EDGE P2P ed2k file search (bleeding-p2p.rules)
 2001300 - BLEEDING-EDGE P2P eDonkey Hello Request (bleeding-p2p.rules)
 2001305 - BLEEDING-EDGE P2P eDonkey Search (bleeding-p2p.rules)
 2003928 - BLEEDING-EDGE MALWARE KMIP.net Spyware (bleeding-malware.rules)
 2003929 - BLEEDING-EDGE TROJAN psyBNC IRC Server Connection 
(bleeding-virus.rules)
 2003930 - BLEEDING-EDGE POLICY FTP Login Attempt (non-anonymous) 
(bleeding-policy.rules)
 2003931 - BLEEDING-EDGE MALWARE Effectivebrands.com Spyware Checkin 
(bleeding-malware.rules)
 2003932 - BLEEDING-EDGE MALWARE Zango-Hotbar User Agent (sbu-hb-) 
(bleeding-malware.rules)
 2003933 - BLEEDING-EDGE MALWARE 180solutions Spyware (tracked event 2 
reporting) (bleeding-malware.rules)
 2003934 - BLEEDING-EDGE Malware Comet Systems Spyware Cursor DL 
(bleeding-malware.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-drop-BLOCK.rules (1):
        #  VERSION 63

     -> Added to bleeding-drop.rules (1):
        #  VERSION 63

     -> Added to bleeding-p2p.rules (1):
        #Matt Jonkman

     -> Added to bleeding-sid-msg.map (28):
        2000335 || BLEEDING-EDGE P2P Overnet (Edonkey) Server Announce || 
url,www.overnet.com
        2003298 || BLEEDING-EDGE MALWARE KMIP.net Spyware || url,www.kmip.net
        2003299 || BLEEDING-EDGE TROJAN Stormy P2P bot C&C Seek Traffic Outbound
        2003300 || BLEEDING-EDGE TROJAN Stormy P2P bot C&C Reply Traffic Inbound
        2003301 || BLEEDING-EDGE TROJAN Stormy P2P bot C&C Data Traffic Inbound
        2003302 || BLEEDING-EDGE TROJAN psyBNC IRC Server Connection
        2003303 || BLEEDING-EDGE POLICY FTP Login Attempt (non-anonymous)
        2003304 || BLEEDING-EDGE MALWARE Effectivebrands.com Spyware Checkin
        2003305 || BLEEDING-EDGE MALWARE Zango-Hotbar User Agent (sbu-hb-)
        2003306 || BLEEDING-EDGE MALWARE 180solutions Spyware (tracked event 2 
reporting) || 
url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html
        2003307 || BLEEDING-EDGE Malware Comet Systems Spyware Cursor DL
        2003308 || BLEEDING-EDGE P2P Edonkey IP Request || 
url,www.giac.org/certified_professionals/practicals/gcih/0446.php
        2003309 || BLEEDING-EDGE P2P Edonkey IP Reply || 
url,www.giac.org/certified_professionals/practicals/gcih/0446.php
        2003310 || BLEEDING-EDGE P2P Edonkey Publicize File || 
url,www.giac.org/certified_professionals/practicals/gcih/0446.php
        2003311 || BLEEDING-EDGE P2P Edonkey Publicize File ACK || 
url,www.giac.org/certified_professionals/practicals/gcih/0446.php
        2003312 || BLEEDING-EDGE P2P Edonkey Connect Request || 
url,www.giac.org/certified_professionals/practicals/gcih/0446.php
        2003313 || BLEEDING-EDGE P2P Edonkey Connect Reply and Server List || 
url,www.giac.org/certified_professionals/practicals/gcih/0446.php
        2003314 || BLEEDING-EDGE P2P Edonkey Search Request (by file hash) || 
url,www.giac.org/certified_professionals/practicals/gcih/0446.php
        2003315 || BLEEDING-EDGE P2P Edonkey Search Reply || 
url,www.giac.org/certified_professionals/practicals/gcih/0446.php
        2003316 || BLEEDING-EDGE P2P Edonkey IP Query End || 
url,www.giac.org/certified_professionals/practicals/gcih/0446.php
        2003317 || BLEEDING-EDGE P2P Edonkey Search Request (any type file) || 
url,www.giac.org/certified_professionals/practicals/gcih/0446.php
        2003318 || BLEEDING-EDGE P2P Edonkey Get Sources Request (by hash) || 
url,www.giac.org/certified_professionals/practicals/gcih/0446.php
        2003319 || BLEEDING-EDGE P2P Edonkey Search Request (search by name) || 
url,www.giac.org/certified_professionals/practicals/gcih/0446.php
        2003320 || BLEEDING-EDGE P2P Edonkey Search Results || 
url,www.giac.org/certified_professionals/practicals/gcih/0446.php
        2003321 || BLEEDING-EDGE P2P Edonkey Server Message || 
url,www.giac.org/certified_professionals/practicals/gcih/0446.php
        2003322 || BLEEDING-EDGE P2P Edonkey Server List || 
url,www.giac.org/certified_professionals/practicals/gcih/0446.php
        2003323 || BLEEDING-EDGE P2P Edonkey Client to Server Hello || 
url,www.giac.org/certified_professionals/practicals/gcih/0446.php
        2003324 || BLEEDING-EDGE P2P Edonkey Server Status || 
url,www.giac.org/certified_professionals/practicals/gcih/0446.php

     -> Added to bleeding-virus.rules (1):
        #Commenting these out. This is edonkey protocol. Altering the wexisting 
edonkey rules to be inclusive

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-drop-BLOCK.rules (1):
        #  VERSION 61

     -> Removed from bleeding-drop.rules (1):
        #  VERSION 61

     -> Removed from bleeding-sid-msg.map (11):
        2000331 || BLEEDING-EDGE P2P ed2k file search || 
url,www.giac.org/practical/GCIH/Ian_Gosling_GCIH.pdf
        2000335 || BLEEDING-EDGE P2P Overnet Server Announce || 
url,www.overnet.com
        2001300 || BLEEDING-EDGE P2P eDonkey Hello Request || 
url,www.edonkey.com
        2001305 || BLEEDING-EDGE P2P eDonkey Search || url,www.edonkey.com
        2003928 || BLEEDING-EDGE MALWARE KMIP.net Spyware || url,www.kmip.net
        2003929 || BLEEDING-EDGE TROJAN psyBNC IRC Server Connection
        2003930 || BLEEDING-EDGE POLICY FTP Login Attempt (non-anonymous)
        2003931 || BLEEDING-EDGE MALWARE Effectivebrands.com Spyware Checkin
        2003932 || BLEEDING-EDGE MALWARE Zango-Hotbar User Agent (sbu-hb-)
        2003933 || BLEEDING-EDGE MALWARE 180solutions Spyware (tracked event 2 
reporting) || 
url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html
        2003934 || BLEEDING-EDGE Malware Comet Systems Spyware Cursor DL


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs