Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] Bleeding Edge Threats Weekly Signature Changes

from [bleeding] Network Security [Permanent Link]
Subject: [Snort-sigs] Bleeding Edge Threats Weekly Signature Changes
Date: Fri, 16 Feb 2007 15:00:05 +0000 (UTC) 

[***] Results from Oinkmaster started Fri Feb 16 15:00:05 2007 [***]

[+++]          Added rules:          [+++]

 2003409 - BLEEDING-EDGE POLICY Majestic-12 Spider Bot User-Agent (MJ12bot) 
(bleeding-policy.rules)
 2003410 - BLEEDING-EDGE POLICY FTP Login Successful (non-anonymous) 
(bleeding-policy.rules)
 2003411 - BLEEDING-EDGE EXPLOIT Solaris telnet USER environment vuln Attack 
inbound (bleeding-exploit.rules)
 2003412 - BLEEDING-EDGE EXPLOIT Solaris telnet USER environment vuln Attack 
outbound (bleeding-exploit.rules)
 2003413 - BLEEDING-EDGE CURRENT EVENTS Guard.zip Backdoor Phish Encoded 
Exploit traveling to client browser (bleeding.rules)
 2003414 - BLEEDING-EDGE MALWARE Epilot.com Spyware Reporting 
(bleeding-malware.rules)
 2003416 - BLEEDING-EDGE MALWARE Epilot.com Spyware Reporting Clicks 
(bleeding-malware.rules)
 2003417 - BLEEDING-EDGE MALWARE CNSMIN (3721.com) Spyware Activity 
(bleeding-malware.rules)
 2003418 - BLEEDING-EDGE MALWARE CNSMIN (3721.com) Spyware Activity 2 
(bleeding-malware.rules)
 2003419 - BLEEDING-EDGE MALWARE CNSMIN (3721.com) Spyware Activity 3 
(bleeding-malware.rules)
 2003420 - BLEEDING-EDGE MALWARE Weatherbug Activity (bleeding-malware.rules)
 2003421 - BLEEDING-EDGE MALWARE Weatherbug Design60 Upload Activity 
(bleeding-malware.rules)
 2003422 - BLEEDING-EDGE MALWARE Weatherbug Command Activity 
(bleeding-malware.rules)
 2003423 - BLEEDING-EDGE MALWARE Weatherbug Design60 Upload Activity 
(bleeding-malware.rules)


[///]     Modified active rules:     [///]

 2001720 - BLEEDING-EDGE EXPLOIT CAN-2004-0597 PNG with indexed color 
(bleeding-exploit.rules)
 2003401 - BLEEDING-EDGE EXPLOIT US-ASCII Obfuscated VBScript download file 
(bleeding-exploit.rules)
 2003402 - BLEEDING-EDGE EXPLOIT US-ASCII Obfuscated VBScript execute command 
(bleeding-exploit.rules)
 2400000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2400001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2400002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2400003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2400004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2401000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2401001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2401002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2401003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2401004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source 
(bleeding-dshield.rules)
 2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING 
(bleeding-dshield-BLOCK.rules)
 2404000 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 1)  
(bleeding-botcc.rules)
 2404001 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 2)  
(bleeding-botcc.rules)
 2404002 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 3)  
(bleeding-botcc.rules)
 2404003 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 4)  
(bleeding-botcc.rules)
 2404004 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 5)  
(bleeding-botcc.rules)
 2404005 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 6)  
(bleeding-botcc.rules)
 2404006 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 7)  
(bleeding-botcc.rules)
 2404007 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 8)  
(bleeding-botcc.rules)
 2405000 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405001 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405002 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405003 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405004 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405005 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405006 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405007 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 8) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)


[---]         Disabled rules:        [---]

 2001267 - BLEEDING-EDGE MALWARE Weatherbug Capture (bleeding-malware.rules)
 2001386 - BLEEDING-EDGE INAPPROPRIATE Kiddy Porn pthc 
(bleeding-inappropriate.rules)
 2001387 - BLEEDING-EDGE INAPPROPRIATE Kiddy Porn zeps 
(bleeding-inappropriate.rules)
 2001388 - BLEEDING-EDGE INAPPROPRIATE Kiddy Porn r@ygold 
(bleeding-inappropriate.rules)
 2001389 - BLEEDING-EDGE INAPPROPRIATE Kiddy Porn childlover 
(bleeding-inappropriate.rules)
 2002364 - BLEEDING-EDGE MALWARE Weatherbug Wxbug Capture 
(bleeding-malware.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-dos.rules (1):
        # hit on pmtu frames with next-hop mtu not 0 (old RFC shortcut) and 
(added this so the sig wouldn't trigger missing reference:url, search errors)

     -> Added to bleeding-drop-BLOCK.rules (1):
        #  VERSION 88

     -> Added to bleeding-drop.rules (1):
        #  VERSION 88

     -> Added to bleeding-exploit.rules (1):
        # Submitted 2007-02-12 by Chris Byrd

     -> Added to bleeding-inappropriate.rules (1):
        #Commenting out by default. Enable these if needed

     -> Added to bleeding-malware.rules (1):
        #from spywarelp data, by Matt Jonkman

     -> Added to bleeding-policy.rules (2):
        #By CunningPike
        #by Stephen Nesman at Monster.com

     -> Added to bleeding-sid-msg.map (14):
        2003409 || BLEEDING-EDGE POLICY Majestic-12 Spider Bot User-Agent 
(MJ12bot) || url,www.majestic12.co.uk/
        2003410 || BLEEDING-EDGE POLICY FTP Login Successful (non-anonymous)
        2003411 || BLEEDING-EDGE EXPLOIT Solaris telnet USER environment vuln 
Attack inbound || url,isc.sans.org/diary.html?n&storyid=2220 || 
url,riosec.com/solaris-telnet-0-day
        2003412 || BLEEDING-EDGE EXPLOIT Solaris telnet USER environment vuln 
Attack outbound || url,isc.sans.org/diary.html?n&storyid=2220 || 
url,riosec.com/solaris-telnet-0-day
        2003413 || BLEEDING-EDGE CURRENT EVENTS Guard.zip Backdoor Phish 
Encoded Exploit traveling to client browser
        2003414 || BLEEDING-EDGE MALWARE Epilot.com Spyware Reporting || 
url,www.intermute.com/spysubtract/researchcenter/ClientMan.html
        2003416 || BLEEDING-EDGE MALWARE Epilot.com Spyware Reporting Clicks || 
url,www.intermute.com/spysubtract/researchcenter/ClientMan.html
        2003417 || BLEEDING-EDGE MALWARE CNSMIN (3721.com) Spyware Activity || 
url,www.spyany.com/program/article_spy_rm_CnsMin.html
        2003418 || BLEEDING-EDGE MALWARE CNSMIN (3721.com) Spyware Activity 2 
|| url,www.spyany.com/program/article_spy_rm_CnsMin.html
        2003419 || BLEEDING-EDGE MALWARE CNSMIN (3721.com) Spyware Activity 3 
|| url,www.spyany.com/program/article_spy_rm_CnsMin.html
        2003420 || BLEEDING-EDGE MALWARE Weatherbug Activity
        2003421 || BLEEDING-EDGE MALWARE Weatherbug Design60 Upload Activity
        2003422 || BLEEDING-EDGE MALWARE Weatherbug Command Activity
        2003423 || BLEEDING-EDGE MALWARE Weatherbug Design60 Upload Activity

     -> Added to bleeding.rules (3):
        #This is being sent to many victims under the pretense of being a 
securityt audit script for colocated customers
        #These should catch it in it's current form. More information coming 
soon
        #Analysis by Jose Nazario

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-dos.rules (1):
        # alert on pmtu frames with next-hop mtu not 0 (old RFC shortcut) and 
(added this so the sig wouldn't trigger missing reference:url, search errors)

     -> Removed from bleeding-drop-BLOCK.rules (1):
        #  VERSION 82

     -> Removed from bleeding-drop.rules (1):
        #  VERSION 82


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-sigs] Bleeding Edge Threats Daily Signature Changes, bleeding
Next by Date:  [Snort-sigs] Bleeding Edge Threats Daily Signature Changes, bleeding
Previous by Thread:  [Snort-sigs] Bleeding Edge Threats Weekly Signature Changes, bleeding
Indexes:  [Date] [Thread] [Top] [All Lists]