Network Security: Detailed info on [Snort-sigs] Bleeding Edge Threats Daily Signature Changes

Subject:	[Snort-sigs] Bleeding Edge Threats Daily Signature Changes
Date:	Sun, 28 Oct 2007 20:00:12 +0000 (UTC)

[***] Results from Oinkmaster started Sun Oct 28 20:00:12 2007 [***]

[---]         Disabled rules:        [---]

 2006436 - BLEEDING-EDGE CURRENT_EVENTS FireFox Remote Command EXE Mailto Link 
Detected (bleeding.rules)
 2006437 - BLEEDING-EDGE CURRENT_EVENTS FireFox Remote Command EXE News Link 
Detected (bleeding.rules)
 2006438 - BLEEDING-EDGE CURRENT_EVENTS FireFox Remote Command EXE Nntp Link 
Detected (bleeding.rules)
 2006439 - BLEEDING-EDGE CURRENT_EVENTS FireFox Remote Command EXE Snews Link 
Detected (bleeding.rules)
 2006440 - BLEEDING-EDGE CURRENT_EVENTS FireFox Remote Command EXE Telnet Link 
Detected (bleeding.rules)
 2007342 - BLEEDING-EDGE CURRENT_EVENTS Vulnerable MS FlashPix ActiveX Control 
in Use (bleeding.rules)


[---]         Removed rules:         [---]

 2003169 - BLEEDING-EDGE CURRENT EVENTS Microsoft XMLHTTPD CLSID in use - 
Possible Attack (bleeding.rules)
 2003588 - BLEEDING-EDGE CURRENT EVENTS Worm.Pyks HTTP C&C Traffic (User-Agent 
skw00001) (bleeding.rules)
 2003589 - BLEEDING-EDGE CURRENT EVENTS Worm.Pyks HTTP C&C Post Traffic 
(User-Agent h9tslbw0) (bleeding.rules)
 2006358 - BLEEDING-EDGE CURRENT_EVENTS Unknown Bot initial connection open 
(bleeding.rules)
 2006359 - BLEEDING-EDGE CURRENT_EVENTS Unknown Bot connection second step 
(bleeding.rules)
 2006360 - BLEEDING-EDGE CURRENT_EVENTS Unknown Bot C&C Channel -- Please 
report to bleeding@bleedingthreats.net (bleeding.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (190):
        2500077 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (78) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500078 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (79) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500079 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (80) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500080 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (81) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500081 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (82) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500082 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (83) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500083 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (84) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500084 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (85) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500085 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (86) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500086 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (87) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500087 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (88) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500088 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (89) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500089 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (90) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500090 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (91) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500091 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (92) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500092 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (93) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500093 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (94) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500094 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (95) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500095 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (96) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500096 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (97) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500097 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (98) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500098 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (99) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500099 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (100) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500100 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (101) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500101 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (102) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500102 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (103) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500103 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (104) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500104 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (105) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500105 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (106) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500106 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (107) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500107 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (108) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500108 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (109) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500109 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (110) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500110 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (111) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500111 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (112) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500112 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (113) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500113 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (114) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500114 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (115) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500115 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (116) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500116 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (117) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500117 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (118) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500118 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (119) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500119 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (120) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500120 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (121) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500121 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (122) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500122 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (123) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500123 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (124) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500124 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (125) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500125 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (126) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500126 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (127) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500127 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (128) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500128 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (129) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500129 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (130) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500130 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (131) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500131 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (132) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500132 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (133) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500133 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (134) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500134 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (135) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500135 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (136) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500136 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (137) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500137 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (138) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500138 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (139) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500139 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (140) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500140 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (141) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500141 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (142) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500142 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (143) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500143 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (144) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500144 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (145) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500145 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (146) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500146 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (147) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500147 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (148) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500148 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (149) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500149 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (150) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500150 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (151) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500151 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (152) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500152 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (153) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500153 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (154) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500154 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (155) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500155 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (156) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500156 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (157) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500157 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (158) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500158 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (159) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500159 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (160) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500160 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (161) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500161 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (162) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500162 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (163) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500163 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (164) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500164 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (165) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500165 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (166) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500166 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (167) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500167 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (168) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500168 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (169) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500169 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (170) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500170 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (171) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500171 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (172) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510077 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (78) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510078 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (79) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510079 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (80) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510080 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (81) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510081 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (82) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510082 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (83) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510083 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (84) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510084 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (85) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510085 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (86) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510086 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (87) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510087 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (88) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510088 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (89) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510089 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (90) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510090 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (91) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510091 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (92) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510092 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (93) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510093 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (94) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510094 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (95) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510095 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (96) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510096 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (97) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510097 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (98) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510098 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (99) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510099 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (100) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510100 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (101) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510101 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (102) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510102 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (103) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510103 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (104) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510104 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (105) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510105 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (106) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510106 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (107) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510107 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (108) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510108 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (109) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510109 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (110) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510110 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (111) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510111 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (112) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510112 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (113) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510113 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (114) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510114 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (115) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510115 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (116) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510116 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (117) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510117 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (118) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510118 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (119) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510119 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (120) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510120 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (121) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510121 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (122) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510122 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (123) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510123 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (124) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510124 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (125) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510125 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (126) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510126 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (127) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510127 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (128) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510128 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (129) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510129 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (130) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510130 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (131) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510131 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (132) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510132 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (133) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510133 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (134) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510134 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (135) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510135 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (136) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510136 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (137) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510137 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (138) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510138 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (139) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510139 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (140) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510140 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (141) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510141 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (142) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510142 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (143) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510143 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (144) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510144 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (145) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510145 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (146) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510146 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (147) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510147 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (148) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510148 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (149) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510149 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (150) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510150 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (151) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510151 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (152) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510152 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (153) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510153 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (154) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510154 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (155) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510155 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (156) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510156 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (157) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510157 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (158) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510158 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (159) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510159 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (160) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510160 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (161) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510161 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (162) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510162 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (163) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510163 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (164) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510164 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (165) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510165 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (166) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510166 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (167) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510167 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (168) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510168 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (169) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510169 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (170) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510170 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (171) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510171 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (172) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts

     -> Added to bleeding.rules (1):
        #threat passed, too high load to keep for long term. To be removed soon

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (6):
        2003169 || BLEEDING-EDGE CURRENT EVENTS Microsoft XMLHTTPD CLSID in use 
- Possible Attack || cve,2006-5745 || 
url,www.microsoft.com/technet/security/Bulletin/MS06-071.mspx || 
url,www.microsoft.com/technet/security/advisory/927892.mspx || 
url,www.frsirt.com/english/advisories/2006/4334
        2003588 || BLEEDING-EDGE CURRENT EVENTS Worm.Pyks HTTP C&C Traffic 
(User-Agent skw00001) || url,doc.bleedingthreats.net/2003588
        2003589 || BLEEDING-EDGE CURRENT EVENTS Worm.Pyks HTTP C&C Post Traffic 
(User-Agent h9tslbw0) || url,doc.bleedingthreats.net/2003589
        2006358 || BLEEDING-EDGE CURRENT_EVENTS Unknown Bot initial connection 
open
        2006359 || BLEEDING-EDGE CURRENT_EVENTS Unknown Bot connection second 
step
        2006360 || BLEEDING-EDGE CURRENT_EVENTS Unknown Bot C&C Channel -- 
Please report to bleeding@bleedingthreats.net

     -> Removed from bleeding.rules (9):
        #may not last long, so putting this in current events until more 
information and a better sig is available.
        #matt Jonkman
        #set for deletion
        #by matt jonkman
        # some new bot. uses some new C&C method, this should detect it. 
Haven't decrypted the comunication yet
        # AV does not have a name for it yet
        #by matt Jonkman, sample submitted anonymously
        # I'm putting these sigs in current events because the worm will likely 
morph quickly making them obsolete.
        # If it doesn't we'll move these into a permanent ruleset


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
<Prev in Thread]	Current Thread	[Next in Thread>
[Snort-sigs] Bleeding Edge Threats Daily Signature Changes, (continued) [Snort-sigs] Bleeding Edge Threats Daily Signature Changes, bleeding [Snort-sigs] Bleeding Edge Threats Daily Signature Changes, bleeding [Snort-sigs] Bleeding Edge Threats Daily Signature Changes, bleeding [Snort-sigs] Bleeding Edge Threats Daily Signature Changes, bleeding [Snort-sigs] Bleeding Edge Threats Daily Signature Changes, bleeding [Snort-sigs] Bleeding Edge Threats Daily Signature Changes, bleeding [Snort-sigs] Bleeding Edge Threats Daily Signature Changes, bleeding [Snort-sigs] Bleeding Edge Threats Daily Signature Changes, bleeding [Snort-sigs] Bleeding Edge Threats Daily Signature Changes, bleeding [Snort-sigs] Bleeding Edge Threats Daily Signature Changes, bleeding [Snort-sigs] Bleeding Edge Threats Daily Signature Changes, bleeding <= [Snort-sigs] Bleeding Edge Threats Daily Signature Changes, bleeding [Snort-sigs] Bleeding Edge Threats Daily Signature Changes, bleeding [Snort-sigs] Bleeding Edge Threats Daily Signature Changes, bleeding
Previous by Date:	[Snort-sigs] Sourcefire VRT Certified Snort Rules Update, research
Next by Date:	[Snort-sigs] Bleeding Edge Threats Daily Signature Changes, bleeding
Previous by Thread:	[Snort-sigs] Bleeding Edge Threats Daily Signature Changes, bleeding
Next by Thread:	[Snort-sigs] Bleeding Edge Threats Daily Signature Changes, bleeding
Indexes:	[Date] [Thread] [Top] [All Lists]