Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] Emerging Threats Daily Signature Changes

from [emerging] Network Security [Permanent Link]
Subject: [Snort-sigs] Emerging Threats Daily Signature Changes
Date: Thu, 10 Jan 2008 17:00:06 -0500 (EST) 

[***] Results from Oinkmaster started Thu Jan 10 17:00:06 2008 [***]

[+++]          Added rules:          [+++]

 2007650 - BLEEDING-EDGE TROJAN Mac Trojan HTTP Checkin (accept-language 
violation) (bleeding-virus.rules)
 2007746 - BLEEDING-EDGE POLICY Gold VIP Club Casino Client in Use 
(bleeding-policy.rules)
 2007747 - BLEEDING-EDGE TROJAN MBR Trojan (Sinowal/Mebroot/) Phoning Home 
(bleeding-virus.rules)
 2007748 - BLEEDING-EDGE TROJAN NPRC Malicious POST Request Possible DOJ or DOT 
Malware (bleeding-virus.rules)


[///]     Modified active rules:     [///]

 2004115 - BLEEDING-EDGE CURRENT EVENTS MS IIS Auth Bypass Attempt 
(bleeding.rules)
 2007673 - BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DNS Activity TCP (1) 
(bleeding.rules)
 2007674 - BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DNS Activity TCP (2) 
(bleeding.rules)
 2007675 - BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DNS Activity TCP (3) 
(bleeding.rules)
 2007676 - BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DNS Activity TCP (4) 
(bleeding.rules)
 2007677 - BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DNS Activity TCP (5) 
(bleeding.rules)
 2007678 - BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DNS Activity UDP (1) 
(bleeding.rules)
 2007679 - BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DNS Activity UDP (2) 
(bleeding.rules)
 2007680 - BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DNS Activity UDP (3) 
(bleeding.rules)
 2007681 - BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DNS Activity UDP (4) 
(bleeding.rules)
 2007682 - BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DNS Activity UDP (5) 
(bleeding.rules)
 2007683 - BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 HTTP Activity 1 
(bleeding.rules)
 2007684 - BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 HTTP Activity 2 
(bleeding.rules)
 2007685 - BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 HTTP Activity 3 
(bleeding.rules)
 2007686 - BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DDoS HTTP Activity OUTBOUND 
(bleeding.rules)
 2007687 - BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DDoS HTTP Activity INBOUND 
(bleeding.rules)
 2007729 - BLEEDING-EDGE CURRENT EVENTS Likely Zlob Binary Requested 
(VideoAccessCodecInstall.exe) (bleeding.rules)
 2007730 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(codecultra1123.exe) (bleeding.rules)
 2007731 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(codecultra1123.dmg) (bleeding.rules)
 2007732 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(codecnice1126.exe) (bleeding.rules)
 2007733 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(codecnice1126.dmg) (bleeding.rules)
 2007734 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(Install_video_3913230.exe) (bleeding.rules)
 2007735 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(virusranger.exe) (bleeding.rules)
 2007736 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(vrsvc.exe) (bleeding.rules)
 2007737 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(stripshow.exe) (bleeding.rules)
 2007738 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(happy2008.exe) (bleeding.rules)
 2007739 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(fck2008.exe) (bleeding.rules)
 2007740 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(happy_2008.exe) (bleeding.rules)
 2007741 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(sony.exe) (bleeding.rules)
 2406005 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains 
(1) (bleeding-rbn.rules)
 2406006 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains 
(2) (bleeding-rbn.rules)
 2406007 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains 
(3) (bleeding-rbn.rules)
 2406008 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains 
(4) (bleeding-rbn.rules)
 2407005 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains - 
BLOCKING (1) (bleeding-rbn-BLOCK.rules)
 2407006 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains - 
BLOCKING (2) (bleeding-rbn-BLOCK.rules)
 2407007 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains - 
BLOCKING (3) (bleeding-rbn-BLOCK.rules)
 2407008 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains - 
BLOCKING (4) (bleeding-rbn-BLOCK.rules)


[///]    Modified inactive rules:    [///]

 2006436 - BLEEDING-EDGE CURRENT EVENTS FireFox Remote Command EXE Mailto Link 
Detected (bleeding.rules)
 2006437 - BLEEDING-EDGE CURRENT EVENTS FireFox Remote Command EXE News Link 
Detected (bleeding.rules)
 2006438 - BLEEDING-EDGE CURRENT EVENTS FireFox Remote Command EXE Nntp Link 
Detected (bleeding.rules)
 2006439 - BLEEDING-EDGE CURRENT EVENTS FireFox Remote Command EXE Snews Link 
Detected (bleeding.rules)
 2006440 - BLEEDING-EDGE CURRENT EVENTS FireFox Remote Command EXE Telnet Link 
Detected (bleeding.rules)
 2007342 - BLEEDING-EDGE CURRENT EVENTS Vulnerable MS FlashPix ActiveX Control 
in Use (bleeding.rules)


[---]         Removed rules:         [---]

 2007650 - BLEEDING-EDGE CURRENT_EVENTS Mac Trojan HTTP Checkin 
(accept-language violation) (bleeding.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-policy.rules (2):
        #by Matt Jonkman, sandnetted binary
        #  App on port 2000 for this casino stuff. Not malicious, but likely 
not allowed in most environments

     -> Added to bleeding-rbn-BLOCK.rules (2):
        #  VERSION 25
        #  Updated 2008-01-09 17:42:11

     -> Added to bleeding-rbn.rules (2):
        #  VERSION 25
        #  Updated 2008-01-09 17:42:11

     -> Added to bleeding-sid-msg.map (165):
        2004115 || BLEEDING-EDGE CURRENT EVENTS MS IIS Auth Bypass Attempt || 
url,support.microsoft.com/kb/328832
        2006436 || BLEEDING-EDGE CURRENT EVENTS FireFox Remote Command EXE 
Mailto Link Detected || url,xs-sniper.com/blog/remote-command-exec-firefox-2005/
        2006437 || BLEEDING-EDGE CURRENT EVENTS FireFox Remote Command EXE News 
Link Detected || url,xs-sniper.com/blog/remote-command-exec-firefox-2005/
        2006438 || BLEEDING-EDGE CURRENT EVENTS FireFox Remote Command EXE Nntp 
Link Detected || url,xs-sniper.com/blog/remote-command-exec-firefox-2005/
        2006439 || BLEEDING-EDGE CURRENT EVENTS FireFox Remote Command EXE 
Snews Link Detected || url,xs-sniper.com/blog/remote-command-exec-firefox-2005/
        2006440 || BLEEDING-EDGE CURRENT EVENTS FireFox Remote Command EXE 
Telnet Link Detected || url,xs-sniper.com/blog/remote-command-exec-firefox-2005/
        2007342 || BLEEDING-EDGE CURRENT EVENTS Vulnerable MS FlashPix ActiveX 
Control in Use || url,secunia.com/advisories/26426/
        2007650 || BLEEDING-EDGE TROJAN Mac Trojan HTTP Checkin 
(accept-language violation)
        2007673 || BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DNS Activity TCP 
(1) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007674 || BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DNS Activity TCP 
(2) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007675 || BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DNS Activity TCP 
(3) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007676 || BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DNS Activity TCP 
(4) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007677 || BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DNS Activity TCP 
(5) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007678 || BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DNS Activity UDP 
(1) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007679 || BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DNS Activity UDP 
(2) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007680 || BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DNS Activity UDP 
(3) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007681 || BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DNS Activity UDP 
(4) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007682 || BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DNS Activity UDP 
(5) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007683 || BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 HTTP Activity 1 || 
url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007684 || BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 HTTP Activity 2 || 
url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007685 || BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 HTTP Activity 3 || 
url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007686 || BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DDoS HTTP Activity 
OUTBOUND || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007687 || BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DDoS HTTP Activity 
INBOUND || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007729 || BLEEDING-EDGE CURRENT EVENTS Likely Zlob Binary Requested 
(VideoAccessCodecInstall.exe)
        2007730 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(codecultra1123.exe)
        2007731 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(codecultra1123.dmg)
        2007732 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(codecnice1126.exe)
        2007733 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(codecnice1126.dmg)
        2007734 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(Install_video_3913230.exe)
        2007735 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(virusranger.exe)
        2007736 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(vrsvc.exe)
        2007737 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(stripshow.exe)
        2007738 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(happy2008.exe)
        2007739 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(fck2008.exe)
        2007740 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(happy_2008.exe)
        2007741 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(sony.exe)
        2007746 || BLEEDING-EDGE POLICY Gold VIP Club Casino Client in Use
        2007747 || BLEEDING-EDGE TROJAN MBR Trojan (Sinowal/Mebroot/) Phoning 
Home
        2007748 || BLEEDING-EDGE TROJAN NPRC Malicious POST Request Possible 
DOJ or DOT Malware || 
url,www.websense.com/securitylabs/alerts/alert.php?AlertID=835
        2500001 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (2) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500002 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (3) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500003 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (4) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500004 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (5) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500005 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (6) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500006 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (7) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500007 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (8) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500008 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (9) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500009 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (10) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500010 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (11) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500011 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (12) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500012 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (13) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500013 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (14) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500014 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (15) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500015 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (16) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500016 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (17) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500017 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (18) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500018 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (19) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500019 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (20) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500020 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (21) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500021 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (22) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500022 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (23) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500023 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (24) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500024 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (25) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500025 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (26) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500026 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (27) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500027 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (28) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500028 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (29) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500029 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (30) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500030 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (31) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500031 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (32) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500032 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (33) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500033 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (34) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500034 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (35) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500035 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (36) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500036 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (37) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500037 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (38) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500038 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (39) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500039 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (40) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500040 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (41) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500041 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (42) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500042 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (43) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500043 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (44) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500044 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (45) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500045 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (46) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500046 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (47) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500047 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (48) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500048 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (49) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500049 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (50) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500050 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (51) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500051 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (52) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500052 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (53) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500053 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (54) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500054 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (55) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500055 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (56) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500056 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (57) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500057 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (58) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500058 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (59) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500059 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (60) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500060 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (61) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500061 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (62) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500062 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (63) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500063 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic (64) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510001 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (2) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510002 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (3) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510003 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (4) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510004 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (5) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510005 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (6) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510006 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (7) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510007 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (8) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510008 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (9) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510009 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (10) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510010 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (11) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510011 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (12) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510012 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (13) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510013 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (14) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510014 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (15) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510015 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (16) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510016 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (17) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510017 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (18) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510018 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (19) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510019 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (20) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510020 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (21) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510021 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (22) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510022 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (23) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510023 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (24) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510024 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (25) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510025 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (26) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510026 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (27) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510027 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (28) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510028 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (29) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510029 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (30) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510030 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (31) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510031 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (32) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510032 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (33) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510033 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (34) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510034 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (35) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510035 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (36) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510036 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (37) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510037 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (38) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510038 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (39) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510039 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (40) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510040 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (41) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510041 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (42) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510042 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (43) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510043 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (44) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510044 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (45) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510045 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (46) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510046 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (47) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510047 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (48) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510048 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (49) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510049 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (50) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510050 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (51) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510051 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (52) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510052 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (53) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510053 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (54) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510054 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (55) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510055 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (56) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510056 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (57) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510057 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (58) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510058 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (59) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510059 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (60) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510060 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (61) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510061 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (62) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510062 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (63) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510063 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host 
Traffic - BLOCKING (64) || 
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts

     -> Added to bleeding-virus.rules (4):
        #by Matt Jonkman, MBR Virus related
        #info from Bojan at ISC and Russell Fulton
        # sig by Russell and Matt Jonkman
        #from Matt Richard with Verisign Security Services / iDefense

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-rbn-BLOCK.rules (2):
        #  VERSION 24
        #  Updated 2008-01-08 12:32:31

     -> Removed from bleeding-rbn.rules (2):
        #  VERSION 24
        #  Updated 2008-01-08 12:32:31

     -> Removed from bleeding-sid-msg.map (36):
        2004115 || BLEEDING-EDGE CURRENT_EVENTS MS IIS Auth Bypass Attempt || 
url,support.microsoft.com/kb/328832
        2006436 || BLEEDING-EDGE CURRENT_EVENTS FireFox Remote Command EXE 
Mailto Link Detected || url,xs-sniper.com/blog/remote-command-exec-firefox-2005/
        2006437 || BLEEDING-EDGE CURRENT_EVENTS FireFox Remote Command EXE News 
Link Detected || url,xs-sniper.com/blog/remote-command-exec-firefox-2005/
        2006438 || BLEEDING-EDGE CURRENT_EVENTS FireFox Remote Command EXE Nntp 
Link Detected || url,xs-sniper.com/blog/remote-command-exec-firefox-2005/
        2006439 || BLEEDING-EDGE CURRENT_EVENTS FireFox Remote Command EXE 
Snews Link Detected || url,xs-sniper.com/blog/remote-command-exec-firefox-2005/
        2006440 || BLEEDING-EDGE CURRENT_EVENTS FireFox Remote Command EXE 
Telnet Link Detected || url,xs-sniper.com/blog/remote-command-exec-firefox-2005/
        2007342 || BLEEDING-EDGE CURRENT_EVENTS Vulnerable MS FlashPix ActiveX 
Control in Use || url,secunia.com/advisories/26426/
        2007650 || BLEEDING-EDGE CURRENT_EVENTS Mac Trojan HTTP Checkin 
(accept-language violation)
        2007673 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity TCP 
(1) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007674 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity TCP 
(2) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007675 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity TCP 
(3) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007676 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity TCP 
(4) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007677 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity TCP 
(5) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007678 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity UDP 
(1) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007679 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity UDP 
(2) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007680 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity UDP 
(3) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007681 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity UDP 
(4) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007682 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity UDP 
(5) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007683 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 HTTP Activity 1 || 
url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007684 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 HTTP Activity 2 || 
url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007685 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 HTTP Activity 3 || 
url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007686 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DDoS HTTP Activity 
OUTBOUND || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007687 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DDoS HTTP Activity 
INBOUND || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007729 || BLEEDING-EDGE CURRENT_EVENTS Likely Zlob Binary Requested 
(VideoAccessCodecInstall.exe)
        2007730 || BLEEDING-EDGE CURRENT_EVENTS Likely Storm Binary Requested 
(codecultra1123.exe)
        2007731 || BLEEDING-EDGE CURRENT_EVENTS Likely Storm Binary Requested 
(codecultra1123.dmg)
        2007732 || BLEEDING-EDGE CURRENT_EVENTS Likely Storm Binary Requested 
(codecnice1126.exe)
        2007733 || BLEEDING-EDGE CURRENT_EVENTS Likely Storm Binary Requested 
(codecnice1126.dmg)
        2007734 || BLEEDING-EDGE CURRENT_EVENTS Likely Storm Binary Requested 
(Install_video_3913230.exe)
        2007735 || BLEEDING-EDGE CURRENT_EVENTS Likely Storm Binary Requested 
(virusranger.exe)
        2007736 || BLEEDING-EDGE CURRENT_EVENTS Likely Storm Binary Requested 
(vrsvc.exe)
        2007737 || BLEEDING-EDGE CURRENT_EVENTS Likely Storm Binary Requested 
(stripshow.exe)
        2007738 || BLEEDING-EDGE CURRENT_EVENTS Likely Storm Binary Requested 
(happy2008.exe)
        2007739 || BLEEDING-EDGE CURRENT_EVENTS Likely Storm Binary Requested 
(fck2008.exe)
        2007740 || BLEEDING-EDGE CURRENT_EVENTS Likely Storm Binary Requested 
(happy_2008.exe)
        2007741 || BLEEDING-EDGE CURRENT_EVENTS Likely Storm Binary Requested 
(sony.exe)

     -> Removed from bleeding.rules (3):
        #needs a better name
        #info from Bojan at ISC and Russell Fulton
        # sig by Russell and Matt Jonkman


-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-sigs] NTMLSSP or NTLMSSP sigs ?, rmkml
Next by Date:  [Snort-sigs] Sourcefire VRT Certified Snort Rules Update, research
Previous by Thread:  [Snort-sigs] Emerging Threats Daily Signature Changes, emerging
Next by Thread:  [Snort-sigs] Emerging Threats Daily Signature Changes, emerging
Indexes:  [Date] [Thread] [Top] [All Lists]