Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] Bleeding Edge Threats Daily Signature Changes

from [bleeding] Network Security [Permanent Link]
Subject: [Snort-sigs] Bleeding Edge Threats Daily Signature Changes
Date: Fri, 3 Aug 2007 00:00:15 +0000 (UTC) 

[***] Results from Oinkmaster started Fri Aug  3 00:00:15 2007 [***]

[+++]          Added rules:          [+++]

 2006547 - BLEEDING-EDGE WEB NetClassifieds Premium Edition SQL Injection 
Attempt -- ViewCat.php s_user_id SELECT (bleeding-web.rules)
 2006548 - BLEEDING-EDGE WEB NetClassifieds Premium Edition SQL Injection 
Attempt -- ViewCat.php s_user_id UNION SELECT (bleeding-web.rules)
 2006549 - BLEEDING-EDGE WEB NetClassifieds Premium Edition SQL Injection 
Attempt -- ViewCat.php s_user_id INSERT (bleeding-web.rules)
 2006550 - BLEEDING-EDGE WEB NetClassifieds Premium Edition SQL Injection 
Attempt -- ViewCat.php s_user_id DELETE (bleeding-web.rules)
 2006551 - BLEEDING-EDGE WEB NetClassifieds Premium Edition SQL Injection 
Attempt -- ViewCat.php s_user_id ASCII (bleeding-web.rules)
 2006552 - BLEEDING-EDGE WEB NetClassifieds Premium Edition SQL Injection 
Attempt -- ViewCat.php s_user_id UPDATE (bleeding-web.rules)
 2006553 - BLEEDING-EDGE MALWARE Cpushpop.com Spyware User Agent 
(CPUSH_UPDATER) (bleeding-malware.rules)


[///]     Modified active rules:     [///]

 2001882 - BLEEDING-EDGE DOS ICMP Path MTU lowered below acceptable threshold 
(bleeding-dos.rules)
 2006381 - BLEEDING-EDGE MALWARE Ask.com Toolbar/Spyware User Agent 
(bleeding-malware.rules)
 2006386 - BLEEDING-EDGE MALWARE Deepdo.com Toolbar/Spyware User Agent 
(DeepdoUpdate) (bleeding-malware.rules)
 2006388 - BLEEDING-EDGE MALWARE Suspicious User Agent (006) 
(bleeding-malware.rules)
 2006392 - BLEEDING-EDGE MALWARE Win-touch.com Spyware User Agent (WTRecover) 
(bleeding-malware.rules)
 2006393 - BLEEDING-EDGE MALWARE Win-touch.com Spyware User Agent (WTInstaller) 
(bleeding-malware.rules)
 2006413 - BLEEDING-EDGE MALWARE Mycashbank.co.kr Spyware User Agent 
(pint_agency) (bleeding-malware.rules)
 2006418 - BLEEDING-EDGE MALWARE Vaccineprogram.co.kr Related Spyware User 
Agent (Museon) (bleeding-malware.rules)
 2006419 - BLEEDING-EDGE MALWARE Vaccineprogram.co.kr Related Spyware User 
Agent (anycleaner) (bleeding-malware.rules)
 2006420 - BLEEDING-EDGE MALWARE Vaccineprogram.co.kr Related Spyware User 
Agent (pcsafe) (bleeding-malware.rules)
 2006421 - BLEEDING-EDGE MALWARE Doctorvaccine.co.kr Related Spyware User Agent 
(DoctorVaccine) (bleeding-malware.rules)
 2006422 - BLEEDING-EDGE MALWARE Platinumreward.co.kr Spyware User Agent 
(WT_GET_COMM) (bleeding-malware.rules)
 2006423 - BLEEDING-EDGE MALWARE Doctorpro.co.kr Related Spyware User Agent 
(doctorpro1) (bleeding-malware.rules)
 2006424 - BLEEDING-EDGE MALWARE Karine.co.kr Related Spyware User Agent 
(WebUpdate) (bleeding-malware.rules)
 2006429 - BLEEDING-EDGE MALWARE Karine.co.kr Related Spyware User Agent (chk 
Profile) (bleeding-malware.rules)
 2006430 - BLEEDING-EDGE MALWARE Karine.co.kr Related Spyware User Agent 
(Access down) (bleeding-malware.rules)
 2400000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2400001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2400002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2400003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2400004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2401000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2401001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2401002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2401003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2401004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source 
(bleeding-dshield.rules)
 2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING 
(bleeding-dshield-BLOCK.rules)
 2404000 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 1)  
(bleeding-botcc.rules)
 2404001 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 2)  
(bleeding-botcc.rules)
 2404002 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 3)  
(bleeding-botcc.rules)
 2404003 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 4)  
(bleeding-botcc.rules)
 2404004 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 5)  
(bleeding-botcc.rules)
 2404005 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 6)  
(bleeding-botcc.rules)
 2404006 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 7)  
(bleeding-botcc.rules)
 2404007 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 8)  
(bleeding-botcc.rules)
 2404008 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 9)  
(bleeding-botcc.rules)
 2404009 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 10)  
(bleeding-botcc.rules)
 2405000 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405001 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405002 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405003 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405004 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405005 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405006 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405007 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 8) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405008 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 9) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405009 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 10) - BLOCKING 
SOURCE (bleeding-botcc-BLOCK.rules)


[///]    Modified inactive rules:    [///]

 2002474 - BLEEDING-EDGE POLICY SMTP DSM-IV Code (bleeding-policy.rules)
 2002558 - BLEEDING-EDGE POLICY HTTP - DSM-IV Code (bleeding-policy.rules)
 2002639 - BLEEDING-EDGE POLICY High Ports -  DSM-IV Code 
(bleeding-policy.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-dos.rules (1):
        #Updated to be 6 in the byte test as per Shane Castle

     -> Added to bleeding-drop-BLOCK.rules (1):
        #  VERSION 264

     -> Added to bleeding-drop.rules (1):
        #  VERSION 264

     -> Added to bleeding-malware.rules (1):
        #from spyware lp

     -> Added to bleeding-sid-msg.map (7):
        2006547 || BLEEDING-EDGE WEB NetClassifieds Premium Edition SQL 
Injection Attempt -- ViewCat.php s_user_id SELECT || 
url,www.securityfocus.com/bid/24584 || cve,CVE-2007-3354
        2006548 || BLEEDING-EDGE WEB NetClassifieds Premium Edition SQL 
Injection Attempt -- ViewCat.php s_user_id UNION SELECT || 
url,www.securityfocus.com/bid/24584 || cve,CVE-2007-3354
        2006549 || BLEEDING-EDGE WEB NetClassifieds Premium Edition SQL 
Injection Attempt -- ViewCat.php s_user_id INSERT || 
url,www.securityfocus.com/bid/24584 || cve,CVE-2007-3354
        2006550 || BLEEDING-EDGE WEB NetClassifieds Premium Edition SQL 
Injection Attempt -- ViewCat.php s_user_id DELETE || 
url,www.securityfocus.com/bid/24584 || cve,CVE-2007-3354
        2006551 || BLEEDING-EDGE WEB NetClassifieds Premium Edition SQL 
Injection Attempt -- ViewCat.php s_user_id ASCII || 
url,www.securityfocus.com/bid/24584 || cve,CVE-2007-3354
        2006552 || BLEEDING-EDGE WEB NetClassifieds Premium Edition SQL 
Injection Attempt -- ViewCat.php s_user_id UPDATE || 
url,www.securityfocus.com/bid/24584 || cve,CVE-2007-3354
        2006553 || BLEEDING-EDGE MALWARE Cpushpop.com Spyware User Agent 
(CPUSH_UPDATER)

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-drop-BLOCK.rules (1):
        #  VERSION 263

     -> Removed from bleeding-drop.rules (1):
        #  VERSION 263


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Snort-sigs] FPs for SMTP SSLv3 openssl get shared ciphers overflow attempt 8435, Matthew Watchinski
Next by Date:  [Snort-sigs] False positive on "DDOS mstream handler to client", Christiaan Ehlers
Previous by Thread:  [Snort-sigs] Bleeding Edge Threats Daily Signature Changes, bleeding
Next by Thread:  [Snort-sigs] Bleeding Edge Threats Daily Signature Changes, bleeding
Indexes:  [Date] [Thread] [Top] [All Lists]