Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] Bleeding Edge Threats Weekly Signature Changes

from [bleeding] Network Security [Permanent Link]
Subject: [Snort-sigs] Bleeding Edge Threats Weekly Signature Changes
Date: Fri, 9 Feb 2007 15:00:08 +0000 (UTC) 

[***] Results from Oinkmaster started Fri Feb  9 15:00:08 2007 [***]

[+++]          Added rules:          [+++]

 2003367 - BLEEDING-EDGE MALWARE www.baidu.com Spyware User Agent (sobar-post) 
(bleeding-malware.rules)
 2003368 - BLEEDING-EDGE MALWARE Web-nexus.net Spyware User Agent (z_v5.2.7) 
(bleeding-malware.rules)
 2003369 - BLEEDING-EDGE EXPLOIT CA BrightStor ARCserve Mobile Backup 
LGSERVER.EXE Heap Corruption (bleeding-exploit.rules)
 2003370 - BLEEDING-EDGE EXPLOIT Computer Associates Brightstor ARCServer 
Backup RPC Server (Catirpc.dll) DoS (bleeding-exploit.rules)
 2003371 - BLEEDING-EDGE WEB PHP Portail Includes.php remote file include 
(bleeding-web.rules)
 2003372 - BLEEDING-EDGE WEB PHPEventMan remote file include 
(bleeding-web.rules)
 2003373 - BLEEDING-EDGE CURRENT_EVENTS Generic PWStealer Trojan Checking In 
(bleeding.rules)
 2003375 - BLEEDING-EDGE MALWARE Spy-Not.com Spyware Pulling Fake Sigs 
(bleeding-malware.rules)
 2003376 - BLEEDING-EDGE Instafinder.com spyware (bleeding-malware.rules)
 2003377 - BLEEDING-EDGE MALWARE Spy-Not.com Spyware Updating 
(bleeding-malware.rules)
 2003378 - BLEEDING-EDGE EXPLOIT Computer Associates Mobile Backup Service 
LGSERVER.EXE Stack Overflow (bleeding-exploit.rules)
 2003379 - BLEEDING-EDGE EXPLOIT Computer Associates BrightStor ARCserve Backup 
for Laptops LGServer.exe DoS (bleeding-exploit.rules)
 2003380 - BLEEDING-EDGE TROJAN Suspicious User-Agent - Possible Trojan 
Downloader (bleeding-virus.rules)
 2003381 - BLEEDING-EDGE POLICY McAfee Update User Agent -NOT HOSTILE- (McAfee 
AutoUpdate) (bleeding-policy.rules)
 2003383 - BLEEDING-EDGE MALWARE Hotbar Tools Spyware User Agent (hbtools) 
(bleeding-malware.rules)
 2003384 - BLEEDING-EDGE MALWARE SpamBlockerUtility Fake Anti-Spyware User 
Agent (SpamBlockerUtility x.x.x) (bleeding-malware.rules)
 2003385 - BLEEDING-EDGE MALWARE sgrunt Dialer User Agent (sgrunt) 
(bleeding-malware.rules)
 2003386 - BLEEDING-EDGE MALWARE snprtz Dialer User Agent (snprtz) 
(bleeding-malware.rules)
 2003387 - BLEEDING-EDGE MALWARE dialno Dialer User Agent (dialno) 
(bleeding-malware.rules)
 2003388 - BLEEDING-EDGE Malware Hotbar Keywords Download 
(bleeding-malware.rules)
 2003389 - BLEEDING-EDGE Malware WhenUClick.com Application Version Check 
(bleeding-malware.rules)
 2003390 - BLEEDING-EDGE Malware SurfAccuracy.com Spyware Updating 
(bleeding-malware.rules)
 2003391 - BLEEDING-EDGE Malware SurfAccuracy.com Spyware Pulling Ads 
(bleeding-malware.rules)
 2003392 - BLEEDING-EDGE TROJAN Warezov/Stration Communicating with Controller 
(bleeding-virus.rules)
 2003393 - BLEEDING-EDGE Malware My Search Spyware Config Download 3 
(bleeding-malware.rules)
 2003394 - BLEEDING-EDGE MALWARE User Agent Containing http\:// - Possible 
Spyware (bleeding-malware.rules)
 2003396 - BLEEDING-EDGE MALWARE Mysearch.com/Morpheus Bar Spyware User-Agent 
(bleeding-malware.rules)
 2003397 - BLEEDING-EDGE MALWARE Zango Seekmo Bar Spyware User-Agent (Seekmo 
Toolbar) (bleeding-malware.rules)
 2003398 - BLEEDING-EDGE MALWARE Morpheus Spyware Install User-Agent 
(SmartInstaller) (bleeding-malware.rules)
 2003399 - BLEEDING-EDGE MALWARE Spyhealer Fake Anti-Spyware Install User-Agent 
(SpyHealer) (bleeding-malware.rules)
 2003400 - BLEEDING-EDGE EXPLOIT US-ASCII Obfuscated script 
(bleeding-exploit.rules)
 2003401 - BLEEDING-EDGE EXPLOIT US-ASCII Obfuscated VBScript download file 
(bleeding-exploit.rules)
 2003402 - BLEEDING-EDGE EXPLOIT US-ASCII Obfuscated VBScript execute command 
(bleeding-exploit.rules)
 2003403 - BLEEDING-EDGE EXPLOIT US-ASCII Obfuscated VBScript 
(bleeding-exploit.rules)
 2003404 - BLEEDING-EDGE Malware WhenUClick.com WhenUSave Data Retrieval 
(DataChunksGZ) (bleeding-malware.rules)
 2003405 - BLEEDING-EDGE MALWARE Freeze.com Spyware User-Agent (YourScreen123) 
(bleeding-malware.rules)
 2003406 - BLEEDING-EDGE MALWARE Mysearch.com Spyware User-Agent (iMeshBar) 
(bleeding-malware.rules)
 2003407 - BLEEDING-EDGE MALWARE searchenginebar.com Spyware User-Agent (RX 
Bar) (bleeding-malware.rules)
 2003408 - BLEEDING-EDGE TROJAN Downloader-1355 Checking In 
(bleeding-virus.rules)
 2400001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2400002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2400003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2400004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2401001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2401002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2401003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2401004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)


[///]     Modified active rules:     [///]

 2000908 - BLEEDING-EDGE Malware WhenUClick.com App and Search Bar Install (1) 
(bleeding-malware.rules)
 2000909 - BLEEDING-EDGE Malware WhenUClick.com App and Search Bar Install (2) 
(bleeding-malware.rules)
 2000910 - BLEEDING-EDGE Malware WhenUClick.com Clock Sync App Checkin 
(bleeding-malware.rules)
 2000911 - BLEEDING-EDGE Malware WhenUClick.com Weather App Checkin 
(bleeding-malware.rules)
 2000912 - BLEEDING-EDGE Malware WhenUClick.com Clock Sync App Checkin (1) 
(bleeding-malware.rules)
 2000913 - BLEEDING-EDGE Malware WhenUClick.com Clock Sync App Checkin (2) 
(bleeding-malware.rules)
 2000914 - BLEEDING-EDGE Malware WhenUClick.com Weather App Checkin (1) 
(bleeding-malware.rules)
 2000915 - BLEEDING-EDGE Malware WhenUClick.com Weather App Checkin (2) 
(bleeding-malware.rules)
 2000916 - BLEEDING-EDGE Malware WhenUClick.com WhenUSave App Checkin 
(bleeding-malware.rules)
 2000917 - BLEEDING-EDGE Malware WhenUClick.com WhenUSave Data Retrieval 
(offersdata) (bleeding-malware.rules)
 2000918 - BLEEDING-EDGE Malware WhenUClick.com Desktop Bar Install 
(bleeding-malware.rules)
 2000919 - BLEEDING-EDGE Malware WhenUClick.com WhenUSave Data Retrieval 
(Searchdb) (bleeding-malware.rules)
 2001306 - BLEEDING-EDGE Malware Gator/Clarian Agent (bleeding-malware.rules)
 2001365 - BLEEDING-EDGE WEB-MISC Alternate Data Stream source view attempt 
(bleeding-web.rules)
 2001443 - BLEEDING-EDGE Malware WhenUClick.com Desktop Bar App Checkin 
(bleeding-malware.rules)
 2002998 - BLEEDING-EDGE SMTP HELO Non-Displayable Characters MailEnable Denial 
of Service (bleeding-dos.rules)
 2003102 - BLEEDING-EDGE EXPLOIT Microsoft Multimedia Controls - ActiveX 
control's spline function call CSLID (bleeding-exploit.rules)
 2003103 - BLEEDING-EDGE EXPLOIT Microsoft Multimedia Controls - ActiveX 
control's spline function call Object (bleeding-exploit.rules)
 2003105 - BLEEDING-EDGE EXPLOIT Microsoft Multimedia Controls - ActiveX 
control's KeyFrame function call Object (bleeding-exploit.rules)
 2003109 - BLEEDING-EDGE Microsoft Internet Explorer VML Fill Method Attribute 
Overflow (bleeding-exploit.rules)
 2003110 - BLEEDING-EDGE EXPLOIT MSIE WebViewFolderIcon setSlice invalid memory 
copy (bleeding-exploit.rules)
 2003231 - BLEEDING-EDGE EXPLOIT Possible Microsoft IE Install Engine 
Inseng.dll Arbitrary Code Execution (bleeding-exploit.rules)
 2003232 - BLEEDING-EDGE EXPLOIT Possible Microsoft IE Install Engine 
Inseng.dll Arbitrary Code Execution (2) (bleeding-exploit.rules)
 2003233 - BLEEDING-EDGE EXPLOIT Possible Microsoft IE Shell.Application 
ActiveX Arbitrary Command Execution (bleeding-exploit.rules)
 2003234 - BLEEDING-EDGE EXPLOIT Possible Microsoft IE Shell.Application 
ActiveX Arbitrary Command Execution (2) (bleeding-exploit.rules)
 2003337 - BLEEDING-EDGE MALWARE Suspcious User Agent (Autoupdate) 
(bleeding-malware.rules)
 2003362 - BLEEDING-EDGE Malware Freeze.com Spyware/Adware (Pulling Ads) 
(bleeding-malware.rules)
 2400000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2401000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source 
(bleeding-dshield.rules)
 2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING 
(bleeding-dshield-BLOCK.rules)
 2404000 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 1)  
(bleeding-botcc.rules)
 2404001 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 2)  
(bleeding-botcc.rules)
 2404002 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 3)  
(bleeding-botcc.rules)
 2404003 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 4)  
(bleeding-botcc.rules)
 2404004 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 5)  
(bleeding-botcc.rules)
 2404005 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 6)  
(bleeding-botcc.rules)
 2404006 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 7)  
(bleeding-botcc.rules)
 2404007 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 8)  
(bleeding-botcc.rules)
 2405000 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405001 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405002 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405003 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405004 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405005 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405006 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405007 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 8) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)


[---]         Disabled rules:        [---]

 2003106 - BLEEDING-EDGE EXPLOIT Possible MSIE VML Exploit 
(bleeding-exploit.rules)


[---]         Removed rules:         [---]

 2001226 - BLEEDING-EDGE MALWARE Advertising.com Agent (bleeding-malware.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-drop-BLOCK.rules (1):
        #  VERSION 82

     -> Added to bleeding-drop.rules (1):
        #  VERSION 82

     -> Added to bleeding-exploit.rules (17):
        #Blake Hartstein of Demarc
        #Also by Shirkdog
        # Submitted 2006-09-18 by Christian Seifert, updated 2/5/07
        #Commenting out by default. Major threat has passed
        #by Chris Byrd, updated by Christian Siefert 2/5/07
        #Updated by Christian Siefert 2/5/07
        #Updated by Christian Siefert, 2/5/07
        #by Fabien Bourdaire of ECSC Security
        # Re: http://www.internetdefence.net/2007/02/06/Javascript-payload
        # bc d3 c3 d2  c9 d0 d4 <SCRIPT
        # bc f3 e3 f2  e9 f0 f4 <script
        # ae ef f0 e5  ee a0 a2 e7 e5 f4 a2 .open "get"
        # ae cf d0 c5 ce a0 a2  c7 c5 d4 a2 .OPEN "GET"
        #  f3 e8 e5 ec ec e5 f8 e5 e3 f5 f4 e5  shellexecute
        #  d3 c8 c5 cc cc c5 d8 c5 c3 d5 d4 c5
        # f6 e2 f3 e3 f2 e9 f0 f4
        # d6 c2 d3 c3 d2 c9 d0 d4 VBSCRIPT

     -> Added to bleeding-malware.rules (1):
        #By Matt Jonkman from spywarelp data

     -> Added to bleeding-policy.rules (1):
        #This will let you know when McAffee is updating sigs. Not a security 
threat, but could be of interest to folks using mcafee to track updates

     -> Added to bleeding-sid-msg.map (56):
        2003102 || BLEEDING-EDGE EXPLOIT Microsoft Multimedia Controls - 
ActiveX control's spline function call CSLID || cve,2006-4446 || 
url,www.osvdb.org/displayvuln.php?osvdb_id=28841
        2003103 || BLEEDING-EDGE EXPLOIT Microsoft Multimedia Controls - 
ActiveX control's spline function call Object || cve,2006-4446 || url, 
www.osvdb.org/displayvuln.php?osvdb_id=28841
        2003110 || BLEEDING-EDGE EXPLOIT MSIE WebViewFolderIcon setSlice 
invalid memory copy || cve,2006-3730 || url,osvdb.org/27110 || url, 
riosec.com/msie-setslice-vuln
        2003231 || BLEEDING-EDGE EXPLOIT Possible Microsoft IE Install Engine 
Inseng.dll Arbitrary Code Execution || cve,2004-0216 || url, osvdb.org/10705
        2003232 || BLEEDING-EDGE EXPLOIT Possible Microsoft IE Install Engine 
Inseng.dll Arbitrary Code Execution (2) || cve,2004-0216 || url, osvdb.org/10705
        2003233 || BLEEDING-EDGE EXPLOIT Possible Microsoft IE 
Shell.Application ActiveX Arbitrary Command Execution || cve,2004-2291 || url, 
osvdb.org/7913
        2003234 || BLEEDING-EDGE EXPLOIT Possible Microsoft IE 
Shell.Application ActiveX Arbitrary Command Execution (2) || cve,2004-2291 || 
url, osvdb.org/7913
        2003337 || BLEEDING-EDGE MALWARE Suspcious User Agent (Autoupdate)
        2003362 || BLEEDING-EDGE Malware Freeze.com Spyware/Adware (Pulling Ads)
        2003367 || BLEEDING-EDGE MALWARE www.baidu.com Spyware User Agent 
(sobar-post)
        2003368 || BLEEDING-EDGE MALWARE Web-nexus.net Spyware User Agent 
(z_v5.2.7)
        2003369 || BLEEDING-EDGE EXPLOIT CA BrightStor ARCserve Mobile Backup 
LGSERVER.EXE Heap Corruption || cve,2007-0449
        2003370 || BLEEDING-EDGE EXPLOIT Computer Associates Brightstor 
ARCServer Backup RPC Server (Catirpc.dll) DoS || 
url,www.milw0rm.com/exploits/3248
        2003371 || BLEEDING-EDGE WEB PHP Portail Includes.php remote file 
include || bugtraq,22361
        2003372 || BLEEDING-EDGE WEB PHPEventMan remote file include || 
bugtraq,22358
        2003373 || BLEEDING-EDGE CURRENT_EVENTS Generic PWStealer Trojan 
Checking In || url,www.websense.com/securitylabs/alerts/alert.php?AlertID=733
        2003375 || BLEEDING-EDGE MALWARE Spy-Not.com Spyware Pulling Fake Sigs
        2003376 || BLEEDING-EDGE Instafinder.com spyware
        2003377 || BLEEDING-EDGE MALWARE Spy-Not.com Spyware Updating
        2003378 || BLEEDING-EDGE EXPLOIT Computer Associates Mobile Backup 
Service LGSERVER.EXE Stack Overflow || url,www.milw0rm.com/exploits/3244
        2003379 || BLEEDING-EDGE EXPLOIT Computer Associates BrightStor 
ARCserve Backup for Laptops LGServer.exe DoS || 
url,www.securityfocus.com/archive/1/archive/1/458650/100/0/threaded
        2003380 || BLEEDING-EDGE TROJAN Suspicious User-Agent - Possible Trojan 
Downloader
        2003381 || BLEEDING-EDGE POLICY McAfee Update User Agent -NOT HOSTILE- 
(McAfee AutoUpdate)
        2003383 || BLEEDING-EDGE MALWARE Hotbar Tools Spyware User Agent 
(hbtools)
        2003384 || BLEEDING-EDGE MALWARE SpamBlockerUtility Fake Anti-Spyware 
User Agent (SpamBlockerUtility x.x.x)
        2003385 || BLEEDING-EDGE MALWARE sgrunt Dialer User Agent (sgrunt) || 
url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453096347
        2003386 || BLEEDING-EDGE MALWARE snprtz Dialer User Agent (snprtz) || 
url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453096347
        2003387 || BLEEDING-EDGE MALWARE dialno Dialer User Agent (dialno) || 
url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453096347
        2003388 || BLEEDING-EDGE Malware Hotbar Keywords Download || 
url,www.hotbar.com
        2003389 || BLEEDING-EDGE Malware WhenUClick.com Application Version 
Check || url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || 
url,www.whenusearch.com
        2003390 || BLEEDING-EDGE Malware SurfAccuracy.com Spyware Updating || 
url,www.symantec.com/security_response/writeup.jsp?docid=2005-062716-0109-99
        2003391 || BLEEDING-EDGE Malware SurfAccuracy.com Spyware Pulling Ads 
|| url,www.symantec.com/security_response/writeup.jsp?docid=2005-062716-0109-99
        2003392 || BLEEDING-EDGE TROJAN Warezov/Stration Communicating with 
Controller || 
url,www.avira.com/en/threats/section/fulldetails/id_vir/3242/tr_dldr.warezov.df.html
 || url,www.sophos.com/security/analyses/w32strationbo.html
        2003393 || BLEEDING-EDGE Malware My Search Spyware Config Download 3
        2003394 || BLEEDING-EDGE MALWARE User Agent Containing http\:// - 
Possible Spyware
        2003396 || BLEEDING-EDGE MALWARE Mysearch.com/Morpheus Bar Spyware 
User-Agent
        2003397 || BLEEDING-EDGE MALWARE Zango Seekmo Bar Spyware User-Agent 
(Seekmo Toolbar)
        2003398 || BLEEDING-EDGE MALWARE Morpheus Spyware Install User-Agent 
(SmartInstaller)
        2003399 || BLEEDING-EDGE MALWARE Spyhealer Fake Anti-Spyware Install 
User-Agent (SpyHealer)
        2003400 || BLEEDING-EDGE EXPLOIT US-ASCII Obfuscated script || 
url,www.securityfocus.com/archive/1/437948/30/0/threaded || cve,2006-3227 || 
url,www.internetdefence.net/2007/02/06/Javascript-payload
        2003401 || BLEEDING-EDGE EXPLOIT US-ASCII Obfuscated VBScript download 
file || url,www.securityfocus.com/archive/1/437948/30/0/threaded || 
cve,2006-3227 || url,www.internetdefence.net/2007/02/06/Javascript-payload
        2003402 || BLEEDING-EDGE EXPLOIT US-ASCII Obfuscated VBScript execute 
command || url,www.securityfocus.com/archive/1/437948/30/0/threaded || 
cve,2006-3227 || url,www.internetdefence.net/2007/02/06/Javascript-payload
        2003403 || BLEEDING-EDGE EXPLOIT US-ASCII Obfuscated VBScript || 
url,www.securityfocus.com/archive/1/437948/30/0/threaded || cve,2006-3227 || 
url,www.internetdefence.net/2007/02/06/Javascript-payload
        2003404 || BLEEDING-EDGE Malware WhenUClick.com WhenUSave Data 
Retrieval (DataChunksGZ) || 
url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || 
url,www.whenusearch.com
        2003405 || BLEEDING-EDGE MALWARE Freeze.com Spyware User-Agent 
(YourScreen123)
        2003406 || BLEEDING-EDGE MALWARE Mysearch.com Spyware User-Agent 
(iMeshBar)
        2003407 || BLEEDING-EDGE MALWARE searchenginebar.com Spyware User-Agent 
(RX Bar)
        2003408 || BLEEDING-EDGE TROJAN Downloader-1355 Checking In
        2400001 || BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound || 
url,www.spamhaus.org/drop/drop.lasso
        2400002 || BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound || 
url,www.spamhaus.org/drop/drop.lasso
        2400003 || BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound || 
url,www.spamhaus.org/drop/drop.lasso
        2400004 || BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound || 
url,www.spamhaus.org/drop/drop.lasso
        2401001 || BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - 
BLOCKING SOURCE || url,www.spamhaus.org/drop/drop.lasso
        2401002 || BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - 
BLOCKING SOURCE || url,www.spamhaus.org/drop/drop.lasso
        2401003 || BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - 
BLOCKING SOURCE || url,www.spamhaus.org/drop/drop.lasso
        2401004 || BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - 
BLOCKING SOURCE || url,www.spamhaus.org/drop/drop.lasso

     -> Added to bleeding-virus.rules (4):
        #Matt Jonkman, thanks to the Clam guys for the information and sample
        #Sigs for general downloader trojans and worms. Not all get unique names
        #by Matt Jonkman. Saw a downloader appending ver7 to the end of a 
regular UA. No spaces. very unique
        #Matt Jonkman, strangely enough from spyware listening post hits

     -> Added to bleeding.rules (1):
        #Matt Jonkman. As yet unnamed downloader in a few high profile spots

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-drop-BLOCK.rules (1):
        #  VERSION 73

     -> Removed from bleeding-drop.rules (1):
        #  VERSION 73

     -> Removed from bleeding-exploit.rules (2):
        # Submitted 2006-09-18 by Christian Seifert
        #by Chris Byrd

     -> Removed from bleeding-sid-msg.map (10):
        2001226 || BLEEDING-EDGE MALWARE Advertising.com Agent || 
url,securityresponse.symantec.com/avcenter/venc/data/adware.fastseek.html
        2003102 || BLEEDING-EDGE EXPLOIT Microsoft Multimedia Controls - 
ActiveX controls spline function call CSLID || cve,2006-4446 || 
url,www.osvdb.org/displayvuln.php?osvdb_id=28841
        2003103 || BLEEDING-EDGE EXPLOIT Microsoft Multimedia Controls - 
ActiveX control's spline function call Object || cve,2006-4446 || 
url,www.osvdb.org/displayvuln.php?osvdb_id=28841
        2003110 || BLEEDING-EDGE EXPLOIT MSIE WebViewFolderIcon setSlice 
invalid memory copy || cve,2006-3730 || url,osvdb.org/27110 || 
url,riosec.com/msie-setslice-vuln
        2003231 || BLEEDING-EDGE EXPLOIT Possible Microsoft IE Install Engine 
Inseng.dll Arbitrary Code Execution || cve,2004-0216 || url,osvdb.org/10705
        2003232 || BLEEDING-EDGE EXPLOIT Possible Microsoft IE Install Engine 
Inseng.dll Arbitrary Code Execution (2) || cve,2004-0216 || url,osvdb.org/10705
        2003233 || BLEEDING-EDGE EXPLOIT Possible Microsoft IE 
Shell.Application ActiveX Arbitrary Command Execution || cve,2004-2291 || 
url,osvdb.org/7913
        2003234 || BLEEDING-EDGE EXPLOIT Possible Microsoft IE 
Shell.Application ActiveX Arbitrary Command Execution (2) || cve,2004-2291 || 
url,osvdb.org/7913
        2003337 || BLEEDING-EDGE MALWARE www.paretologic.com Suspect 
Anti-Spyware AutoUpdate User Agent (Autoupdate)
        2003362 || BLEEDING-EDGE MALWARE Web-nexus.net Spyware User Agent 
(z_v5.2.7)


-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier.
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Snort-sigs] False positive: MISC MS Terminal Server no encryption session initiation attempt (SID 2418), Russell Fulton
Next by Date:  Re: [Snort-sigs] False positive: MISC MS Terminal Server no encryption session initiation attempt (SID 2418), Matthew Watchinski
Previous by Thread:  [Snort-sigs] False positive: MISC MS Terminal Server no encryption session initiation attempt (SID 2418), Stephan Scholz
Next by Thread:  [Snort-sigs] Bleeding Edge Threats Weekly Signature Changes, bleeding
Indexes:  [Date] [Thread] [Top] [All Lists]