Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] Bleeding Edge Threats Daily Signature Changes

from [bleeding] Network Security [Permanent Link]
Subject: [Snort-sigs] Bleeding Edge Threats Daily Signature Changes
Date: Tue, 9 Oct 2007 00:00:15 +0000 (UTC) 

[***] Results from Oinkmaster started Tue Oct  9 00:00:14 2007 [***]

[+++]          Added rules:          [+++]

 2007627 - BLEEDING-EDGE POLICY Hyves Login Attempt (bleeding-policy.rules)
 2007628 - BLEEDING-EDGE POLICY Hyves Inbox Access (bleeding-policy.rules)
 2007629 - BLEEDING-EDGE POLICY Hyves Message Access (bleeding-policy.rules)
 2007630 - BLEEDING-EDGE POLICY Hyves Compose Message (bleeding-policy.rules)
 2007631 - BLEEDING-EDGE POLICY Hyves Message Submit (bleeding-policy.rules)


[///]     Modified active rules:     [///]

 2003649 - BLEEDING-EDGE TROJAN Hupinon User Agent Detected (SykO) 
(bleeding-virus.rules)
 2003932 - BLEEDING-EDGE TROJAN Hupinon User Agent Detected (IE_7.0) 
(bleeding-virus.rules)
 2007592 - BLEEDING-EDGE TROJAN Hupinon URL Infection Checkin Detected 
(bleeding-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-policy.rules (3):
        #Dutch myspace style social networking site. Not a security threat, 
just a generally not permissable thing for the workplace
        # by Cees Elzinga
        # Both hyves.nl and hyves.net are used, so check for "hyves."

     -> Added to bleeding-sid-msg.map (32):
        2003649 || BLEEDING-EDGE TROJAN Hupinon User Agent Detected (SykO)
        2003932 || BLEEDING-EDGE TROJAN Hupinon User Agent Detected (IE_7.0)
        2007592 || BLEEDING-EDGE TROJAN Hupinon URL Infection Checkin Detected
        2007627 || BLEEDING-EDGE POLICY Hyves Login Attempt
        2007628 || BLEEDING-EDGE POLICY Hyves Inbox Access
        2007629 || BLEEDING-EDGE POLICY Hyves Message Access
        2007630 || BLEEDING-EDGE POLICY Hyves Compose Message
        2007631 || BLEEDING-EDGE POLICY Hyves Message Submit
        2500602 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (603) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500603 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (604) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500604 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (605) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500605 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (606) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500606 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (607) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500607 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (608) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500608 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (609) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500609 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (610) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500610 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (611) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500611 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (612) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500612 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (613) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500613 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (614) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510602 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (603) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510603 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (604) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510604 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (605) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510605 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (606) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510606 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (607) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510607 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (608) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510608 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (609) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510609 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (610) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510610 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (611) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510611 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (612) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510612 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (613) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510613 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (614) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (3):
        2003649 || BLEEDING-EDGE TROJAN Hupingon User Agent Detected (SykO)
        2003932 || BLEEDING-EDGE TROJAN Hupingon User Agent Detected (IE_7.0)
        2007592 || BLEEDING-EDGE TROJAN Hupingon URL Infection Checkin Detected


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-sigs] Bleeding Edge Threats Daily Signature Changes, bleeding
Next by Date:  [Snort-sigs] Sourcefire VRT Certified Snort Rules Update, research
Previous by Thread:  [Snort-sigs] Bleeding Edge Threats Daily Signature Changes, bleeding
Next by Thread:  [Snort-sigs] Bleeding Edge Threats Daily Signature Changes, bleeding
Indexes:  [Date] [Thread] [Top] [All Lists]