[***] Results from Oinkmaster started Fri May 4 18:00:06 2007 [***]
[+++] Added rules: [+++]
2003617 - BLEEDING-EDGE Malware MyWebSearch Toolbar Posting Activity Report
(bleeding-malware.rules)
2003619 - BLEEDING-EDGE MALWARE Alexa Spyware Redirecting User
(bleeding-malware.rules)
2003620 - BLEEDING-EDGE MALWARE 51yes.com Spyware Reporting User Activity
(bleeding-malware.rules)
2003621 - BLEEDING-EDGE Malware MyWay Spyware Posting Activity Report - Dell
Related (bleeding-malware.rules)
2003622 - BLEEDING-EDGE MALWARE Suspicious User-Agent (bot)
(bleeding-malware.rules)
2003623 - BLEEDING-EDGE POLICY Centralops.net Domain Dossier Utility Probe
(bleeding-policy.rules)
2003624 - BLEEDING-EDGE MALWARE Trafficadvance.net Spyware User-Agent
(Internet 1.0) (bleeding-malware.rules)
2003625 - BLEEDING-EDGE MALWARE dns-look-up.com Spyware User-Agent (KRSystem)
(bleeding-malware.rules)
2003626 - BLEEDING-EDGE MALWARE Suspicious Double User-Agent (User-Agent\:
User-Agent\: ) (bleeding-malware.rules)
2003627 - BLEEDING-EDGE MALWARE Internet-optimizer.com Related Spyware
User-Agent (SexTrackerWSI) (bleeding-malware.rules)
2003630 - BLEEDING-EDGE MALWARE Baidu.com Spyware Sobar Bar Activity
(bleeding-malware.rules)
2003631 - BLEEDING-EDGE POLICY Centralops.net Probe (bleeding-policy.rules)
2003632 - BLEEDING-EDGE VIRUS Zlob User Agent - updating (internetsecurity)
(bleeding-virus.rules)
2003633 - BLEEDING-EDGE CURRENT EVENTS Traffic with a window of 55808 -
Unknown likely hostile scanning - Please report hits to Bleeding Edge or ISC
(bleeding.rules)
2003634 - BLEEDING-EDGE WEB Suspicious User-Agent - get-minimal - Possible
Vuln Scan (bleeding-web.rules)
2003635 - BLEEDING-EDGE TROJAN Generic Password Stealer User Agent Detected
(bleeding-virus.rules)
2003636 - BLEEDING-EDGE Sality Virus User Agent Detected (KUKU v3.09)
(bleeding-virus.rules)
2003637 - BLEEDING-EDGE TROJAN Inject.BV Trojan User Agent Detected (faserx)
(bleeding-virus.rules)
2003639 - BLEEDING-EDGE MALWARE Adload.Generic Spyware User-Agent (ProxyDown)
(bleeding-malware.rules)
2003640 - BLEEDING-EDGE MALWARE Adload.Generic Spyware User-Agent
(91castInstallKernel) (bleeding-malware.rules)
2003641 - BLEEDING-EDGE TROJAN Downloader.Small User Agent Detected (NetScafe)
(bleeding-virus.rules)
2003642 - BLEEDING-EDGE TROJAN Downloader.Affill User Agent Detected (lol)
(bleeding-virus.rules)
[///] Modified active rules: [///]
2002682 - BLEEDING-EDGE EXPLOIT Microsoft Internet Explorer Window() Possible
Code Execution (bleeding-exploit.rules)
2002734 - BLEEDING-EDGE EXPLOIT WMF Exploit (bleeding-exploit.rules)
2002860 - BLEEDING-EDGE EXPLOIT Internet Explorer createTextRange Code
Execution (bleeding-exploit.rules)
2003109 - BLEEDING-EDGE EXPLOIT Microsoft Internet Explorer VML Fill Method
Attribute Overflow (bleeding-exploit.rules)
2003425 - BLEEDING-EDGE MALWARE clickspring.com Spyware Install User-Agent (CS
Fingerprint Module) (bleeding-malware.rules)
2003587 - BLEEDING-EDGE CURRENT EVENTS MS DNS DCE-RPC Temporary Rule -
Possible Attack (bleeding.rules)
2003592 - BLEEDING-EDGE CURRENT EVENTS Vulnerable DNS RPC Bind (bleeding.rules)
2003593 - BLEEDING-EDGE CURRENT EVENTS DNS RPC Exploit (specific to Metasploit
Module) (bleeding.rules)
2003594 - BLEEDING-EDGE CURRENT EVENTS DNS RPC Exploit big endian (specific to
Metasploit Module) (bleeding.rules)
2400000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound
(bleeding-drop.rules)
2400001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound
(bleeding-drop.rules)
2400002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound
(bleeding-drop.rules)
2400003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound
(bleeding-drop.rules)
2400004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound
(bleeding-drop.rules)
2401000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING
SOURCE (bleeding-drop-BLOCK.rules)
2401001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING
SOURCE (bleeding-drop-BLOCK.rules)
2401002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING
SOURCE (bleeding-drop-BLOCK.rules)
2401003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING
SOURCE (bleeding-drop-BLOCK.rules)
2401004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING
SOURCE (bleeding-drop-BLOCK.rules)
2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source
(bleeding-dshield.rules)
2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING
(bleeding-dshield-BLOCK.rules)
2404000 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 1)
(bleeding-botcc.rules)
2404001 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 2)
(bleeding-botcc.rules)
2404002 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 3)
(bleeding-botcc.rules)
2404003 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 4)
(bleeding-botcc.rules)
2404004 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 5)
(bleeding-botcc.rules)
2404005 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 6)
(bleeding-botcc.rules)
2404006 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 7)
(bleeding-botcc.rules)
2405000 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405001 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405002 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405003 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405004 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405005 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405006 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
[///] Modified inactive rules: [///]
2002909 - BLEEDING-EDGE EXPLOIT Internet Explorer Cryptomathic ActiveX
createPKCS10 Access (bleeding-exploit.rules)
[---] Disabled rules: [---]
2001915 - BLEEDING-EDGE EXPLOIT Ethereal SIP Dissector Overflow (Request-TCP)
(bleeding-exploit.rules)
2001916 - BLEEDING-EDGE EXPLOIT Ethereal SIP Dissector Overflow (Response-TCP)
(bleeding-exploit.rules)
2001917 - BLEEDING-EDGE EXPLOIT Ethereal SIP Dissector Overflow (Request-UDP)
(bleeding-exploit.rules)
2001918 - BLEEDING-EDGE EXPLOIT Ethereal SIP Dissector Overflow (Response-UDP)
(bleeding-exploit.rules)
2003584 - BLEEDING-EDGE MALWARE Suspicious User-Agent (Updater)
(bleeding-malware.rules)
[+++] Added non-rule lines: [+++]
-> Added to bleeding-drop-BLOCK.rules (1):
# VERSION 173
-> Added to bleeding-drop.rules (1):
# VERSION 173
-> Added to bleeding-malware.rules (2):
#from spyware listening post data, by matt Jonkman
#from castlecops research
-> Added to bleeding-policy.rules (1):
#online tools
-> Added to bleeding-sid-msg.map (27):
2002682 || BLEEDING-EDGE EXPLOIT Microsoft Internet Explorer Window()
Possible Code Execution || cve,2005-1790 ||
url,www.computerterrorism.com/research/ie/ct21-11-2005 ||
url,secunia.com/advisories/15546
2002734 || BLEEDING-EDGE EXPLOIT WMF Exploit ||
url,www.frsirt.com/exploits/20051228.ie_xp_pfv_metafile.pm.php
2002860 || BLEEDING-EDGE EXPLOIT Internet Explorer createTextRange Code
Execution || cve,2006-1359 || bugtraq,17196
2002909 || BLEEDING-EDGE EXPLOIT Internet Explorer Cryptomathic ActiveX
createPKCS10 Access || bugtraq,17852 || cve,2006-1172
2003109 || BLEEDING-EDGE EXPLOIT Microsoft Internet Explorer VML Fill
Method Attribute Overflow || bugtraq,20096 || cve,2006-4868
2003617 || BLEEDING-EDGE Malware MyWebSearch Toolbar Posting Activity
Report
2003619 || BLEEDING-EDGE MALWARE Alexa Spyware Redirecting User
2003620 || BLEEDING-EDGE MALWARE 51yes.com Spyware Reporting User
Activity
2003621 || BLEEDING-EDGE Malware MyWay Spyware Posting Activity Report
- Dell Related
2003622 || BLEEDING-EDGE MALWARE Suspicious User-Agent (bot)
2003623 || BLEEDING-EDGE POLICY Centralops.net Domain Dossier Utility
Probe || url,centralops.net
2003624 || BLEEDING-EDGE MALWARE Trafficadvance.net Spyware User-Agent
(Internet 1.0)
2003625 || BLEEDING-EDGE MALWARE dns-look-up.com Spyware User-Agent
(KRSystem)
2003626 || BLEEDING-EDGE MALWARE Suspicious Double User-Agent
(User-Agent\: User-Agent\: )
2003627 || BLEEDING-EDGE MALWARE Internet-optimizer.com Related Spyware
User-Agent (SexTrackerWSI)
2003630 || BLEEDING-EDGE MALWARE Baidu.com Spyware Sobar Bar Activity
|| url,www.pctools.com/mrc/infections/id/BaiDu/
2003631 || BLEEDING-EDGE POLICY Centralops.net Probe ||
url,centralops.net
2003632 || BLEEDING-EDGE VIRUS Zlob User Agent - updating
(internetsecurity) || url,secubox.aldria.com/topic-post1618.html#post1618
2003633 || BLEEDING-EDGE CURRENT EVENTS Traffic with a window of 55808
- Unknown likely hostile scanning - Please report hits to Bleeding Edge or ISC
|| url,www.cert.org/current/archive/2003/06/25/archive.html ||
url,isc.sans.org/diary.html?n&storyid=2717
2003634 || BLEEDING-EDGE WEB Suspicious User-Agent - get-minimal -
Possible Vuln Scan
2003635 || BLEEDING-EDGE TROJAN Generic Password Stealer User Agent
Detected
2003636 || BLEEDING-EDGE Sality Virus User Agent Detected (KUKU v3.09)
2003637 || BLEEDING-EDGE TROJAN Inject.BV Trojan User Agent Detected
(faserx)
2003639 || BLEEDING-EDGE MALWARE Adload.Generic Spyware User-Agent
(ProxyDown)
2003640 || BLEEDING-EDGE MALWARE Adload.Generic Spyware User-Agent
(91castInstallKernel)
2003641 || BLEEDING-EDGE TROJAN Downloader.Small User Agent Detected
(NetScafe)
2003642 || BLEEDING-EDGE TROJAN Downloader.Affill User Agent Detected
(lol)
-> Added to bleeding-virus.rules (5):
#from castlecops research, http://www.castlecops.com, sig by Matt
Jonkman
#from castlecops research, http://www.castlecops.com, sig by Matt
Jonkman
#from castlecops research, http://www.castlecops.com, sig by Matt
Jonkman
#from castlecops research, http://www.castlecops.com, sig by Matt
Jonkman
#by axn jxn
-> Added to bleeding-web.rules (2):
#Seen being used for vuln scanning.
# The original script it's modified from is legitimate, so there may be
some falses
-> Added to bleeding.rules (2):
#by Matt Jonkman
#From ISC post here: isc.sans.org/diary.html?n&storyid=2717
[---] Removed non-rule lines: [---]
-> Removed from bleeding-drop-BLOCK.rules (1):
# VERSION 166
-> Removed from bleeding-drop.rules (1):
# VERSION 166
-> Removed from bleeding-sid-msg.map (5):
2002682 || BLEEDING-EDGE CURRENT EVENTS Microsoft Internet Explorer
Window() Possible Code Execution || cve,2005-1790 ||
url,www.computerterrorism.com/research/ie/ct21-11-2005 ||
url,secunia.com/advisories/15546
2002734 || BLEEDING-EDGE CURRENT WMF Exploit ||
url,www.frsirt.com/exploits/20051228.ie_xp_pfv_metafile.pm.php
2002860 || BLEEDING-EDGE WEB CLIENT Internet Explorer createTextRange
Code Execution || cve,2006-1359 || bugtraq,17196
2002909 || BLEEDING-EDGE WEB CLIENT Internet Explorer Cryptomathic
ActiveX createPKCS10 Access || bugtraq,17852 || cve,2006-1172
2003109 || BLEEDING-EDGE Microsoft Internet Explorer VML Fill Method
Attribute Overflow || bugtraq,20096 || cve,2006-4868
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
