Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] Emerging Threats Weekly Signature Changes

from [emerging] Network Security [Permanent Link]
Subject: [Snort-sigs] Emerging Threats Weekly Signature Changes
Date: Sat, 19 Jan 2008 19:00:07 -0500 (EST) 

[***] Results from Oinkmaster started Sat Jan 19 19:00:07 2008 [***]

[+++]          Added rules:          [+++]

 2007758 - BLEEDING-EDGE TROJAN Eldorado.BHO User-Agent Detected 
(bleeding-virus.rules)
 2007759 - BLEEDING-EDGE MALWARE Alfaantivirus.com Fake Anti-Virus User Agent 
(IM Download) (bleeding-malware.rules)
 2007760 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(withlove.exe) (bleeding.rules)
 2007761 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(with_love.exe) (bleeding.rules)
 2007762 - BLEEDING-EDGE POLICY Majestic-12 Spider Bot User-Agent Inbound 
(MJ12bot) (bleeding-policy.rules)
 2007763 - BLEEDING-EDGE POLICY CBS Streaming Video (bleeding-policy.rules)
 2007764 - BLEEDING-EDGE POLICY NBC Streaming Video (bleeding-policy.rules)
 2007765 - BLEEDING-EDGE POLICY Logmein.com Host List Download 
(bleeding-policy.rules)
 2007766 - BLEEDING-EDGE POLICY Logmein.com Update Activity 
(bleeding-policy.rules)
 2007767 - BLEEDING-EDGE TROJAN Pakes User-Agent Detected (bleeding-virus.rules)


[///]     Modified active rules:     [///]

 2003224 - BLEEDING-EDGE MALWARE Megaupload Spyware User Agent 
(bleeding-malware.rules)
 2007697 - BLEEDING-EDGE MALWARE Antivirgear.com Fake Anti-Spyware User Agent 
(AntiVirGear) (bleeding-malware.rules)
 2007744 - BLEEDING-EDGE MALWARE Guard-Center.com Fake AntiVirus Post-Install 
Checkin (bleeding-malware.rules)
 2400000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2400001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2400002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2400003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2400004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2401000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2401001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2401002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2401003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2401004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source 
(bleeding-dshield.rules)
 2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING 
(bleeding-dshield-BLOCK.rules)
 2404000 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 1)  
(bleeding-botcc.rules)
 2404001 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 2)  
(bleeding-botcc.rules)
 2404002 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 3)  
(bleeding-botcc.rules)
 2404003 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 4)  
(bleeding-botcc.rules)
 2404004 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 5)  
(bleeding-botcc.rules)
 2404005 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 6)  
(bleeding-botcc.rules)
 2404006 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 7)  
(bleeding-botcc.rules)
 2404007 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 8)  
(bleeding-botcc.rules)
 2404008 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 9)  
(bleeding-botcc.rules)
 2404009 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 10)  
(bleeding-botcc.rules)
 2404010 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 11)  
(bleeding-botcc.rules)
 2404011 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 12)  
(bleeding-botcc.rules)
 2404012 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 13)  
(bleeding-botcc.rules)
 2404013 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 14)  
(bleeding-botcc.rules)
 2404014 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 15)  
(bleeding-botcc.rules)
 2404015 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 16)  
(bleeding-botcc.rules)
 2404016 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 17)  
(bleeding-botcc.rules)
 2405000 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405001 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405002 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405003 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405004 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405005 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405006 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405007 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 8) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405008 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 9) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405009 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 10) - BLOCKING 
SOURCE (bleeding-botcc-BLOCK.rules)
 2405010 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 11) - BLOCKING 
SOURCE (bleeding-botcc-BLOCK.rules)
 2405011 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 12) - BLOCKING 
SOURCE (bleeding-botcc-BLOCK.rules)
 2405012 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 13) - BLOCKING 
SOURCE (bleeding-botcc-BLOCK.rules)
 2405013 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 14) - BLOCKING 
SOURCE (bleeding-botcc-BLOCK.rules)
 2405014 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 15) - BLOCKING 
SOURCE (bleeding-botcc-BLOCK.rules)
 2405015 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 16) - BLOCKING 
SOURCE (bleeding-botcc-BLOCK.rules)
 2405016 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 17) - BLOCKING 
SOURCE (bleeding-botcc-BLOCK.rules)
 2406000 - BLEEDING-EDGE RBN Known Russian Business Network Traffic - Hosting 
Nets (bleeding-rbn.rules)
 2406001 - BLEEDING-EDGE RBN Known Russian Business Network Traffic - 
Individual Hosts (bleeding-rbn.rules)
 2406002 - BLEEDING-EDGE RBN Known Russian Business Network Traffic - Chinese 
Nets (bleeding-rbn.rules)
 2406003 - BLEEDING-EDGE RBN Known Russian Business Network Traffic - Known 
Trojan C&Cs (bleeding-rbn.rules)
 2406004 - BLEEDING-EDGE RBN Known Russian Business Network Traffic - Central 
American Nets (bleeding-rbn.rules)
 2406005 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains 
(1) (bleeding-rbn.rules)
 2406006 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains 
(2) (bleeding-rbn.rules)
 2406007 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains 
(3) (bleeding-rbn.rules)
 2406008 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains 
(4) (bleeding-rbn.rules)
 2407000 - BLEEDING-EDGE RBN Known Russian Business Network Traffic - Hosting 
Nets - BLOCKING (bleeding-rbn-BLOCK.rules)
 2407001 - BLEEDING-EDGE RBN Known Russian Business Network Traffic - 
Individual Hosts - BLOCKING (bleeding-rbn-BLOCK.rules)
 2407002 - BLEEDING-EDGE RBN Known Russian Business Network Traffic - Chinese 
Nets - BLOCKING (bleeding-rbn-BLOCK.rules)
 2407003 - BLEEDING-EDGE RBN Known Russian Business Network Traffic - Known 
Trojan C&Cs - BLOCKING (bleeding-rbn-BLOCK.rules)
 2407004 - BLEEDING-EDGE RBN Known Russian Business Network Traffic - Central 
American Nets (bleeding-rbn-BLOCK.rules)
 2407005 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains - 
BLOCKING (1) (bleeding-rbn-BLOCK.rules)
 2407006 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains - 
BLOCKING (2) (bleeding-rbn-BLOCK.rules)
 2407007 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains - 
BLOCKING (3) (bleeding-rbn-BLOCK.rules)
 2407008 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains - 
BLOCKING (4) (bleeding-rbn-BLOCK.rules)


[---]         Removed rules:         [---]

 2007730 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(codecultra1123.exe) (bleeding.rules)
 2007731 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(codecultra1123.dmg) (bleeding.rules)
 2007732 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(codecnice1126.exe) (bleeding.rules)
 2007733 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(codecnice1126.dmg) (bleeding.rules)
 2007734 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(Install_video_3913230.exe) (bleeding.rules)
 2007735 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(virusranger.exe) (bleeding.rules)
 2007736 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(vrsvc.exe) (bleeding.rules)
 2007737 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(stripshow.exe) (bleeding.rules)
 2007738 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(happy2008.exe) (bleeding.rules)
 2007739 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(fck2008.exe) (bleeding.rules)
 2007740 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(happy_2008.exe) (bleeding.rules)
 2007741 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(sony.exe) (bleeding.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-botcc-BLOCK.rules (4):
        # Emerging Threats Botnet Command and Control drop rules.
        # More information available at www.emergingthreats.net
        # Please submit any custom rules or ideas to 
emerging@emergingthreats.net or the emerging-sigs mailing list
        #  Copyright (c) 2003-2008, Emerging Threats

     -> Added to bleeding-botcc.rules (4):
        # Emerging Threats Botnet Command and Control drop rules.
        # More information available at www.emergingthreats.net
        # Please submit any custom rules or ideas to 
emerging@emergingthreats.net or the emerging-sigs mailing list
        #  Copyright (c) 2003-2008, Emerging Threats

     -> Added to bleeding-drop-BLOCK.rules (7):
        # $Id: bleeding-drop.rules $
        # Emerging Threats Spamhaus DROP List rules.
        # More information available at www.emergingthreats.net
        # Please submit any feedback or ideas to emerging@emergingthreats.net 
or the emerging-sigs mailing list
        #  Copyright (c) 2003-2008, Emerging Threats
        #  VERSION 1032
        #  Generated 2008-01-19 01:03:03 EDT

     -> Added to bleeding-drop.rules (7):
        # $Id: bleeding-drop.rules $
        # Emerging Threats Spamhaus DROP List rules.
        # More information available at www.emergingthreats.net
        # Please submit any feedback or ideas to emerging@emergingthreats.net 
or the emerging-sigs mailing list
        #  Copyright (c) 2003-2008, Emerging Threats
        #  VERSION 1032
        #  Generated 2008-01-19 01:03:03 EDT

     -> Added to bleeding-dshield-BLOCK.rules (6):
        # $Id: bleeding-dshield.rules $
        # Emerging Threats Dshield rules.
        # Rules to block Dshield identified Top Attackers (www.dshield.org)
        # More information available at www.emergingthreats.net
        # Please submit any feedback or ideas to emerging@emergingthreats.net 
or the emerging-sigs mailing list
        #  Copyright (c) 2003-2008, Emerging Threats

     -> Added to bleeding-dshield.rules (6):
        # $Id: bleeding-dshield.rules $
        # Emerging Threats Dshield rules.
        # Rules to block Dshield identified Top Attackers (www.dshield.org)
        # More information available at www.emergingthreats.net
        # Please submit any feedback or ideas to emerging@emergingthreats.net 
or the emerging-sigs mailing list
        #  Copyright (c) 2003-2008, Emerging Threats

     -> Added to bleeding-malware.rules (1):
        #by matt jonkman, from sandnet analysis re 
200c2baf2b23e8db5f7145941548c69d

     -> Added to bleeding-policy.rules (2):
        #by William Metcalf
        #by cunningpike

     -> Added to bleeding-rbn-BLOCK.rules (7):
        # $Id: bleeding-rbn-BLOCK.rules $
        # Emerging Threats RBN rules.
        # More information available at 
doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
        # Please submit any feedback or ideas to emerging@emergingthreats.net 
or the emerging-sigs mailing list
        #  Copyright (c) 2003-2008, Emerging Threats
        #  VERSION 26
        #  Updated 2008-01-16 09:06:08

     -> Added to bleeding-rbn.rules (7):
        # $Id: bleeding-rbn.rules $
        # Emerging Threats RBN rules.
        # More information available at 
doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
        # Please submit any feedback or ideas to emerging@emergingthreats.net 
or the emerging-sigs mailing list
        #  Copyright (c) 2003-2008, Emerging Threats
        #  VERSION 26
        #  Updated 2008-01-16 09:06:08

     -> Added to bleeding-sid-msg.map (20):
        2007758 || BLEEDING-EDGE TROJAN Eldorado.BHO User-Agent Detected
        2007759 || BLEEDING-EDGE MALWARE Alfaantivirus.com Fake Anti-Virus User 
Agent (IM Download)
        2007760 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(withlove.exe) || 
url,asert.arbornetworks.com/2008/01/storm-loves-you-new-campaign-valentines-day-theme/
        2007761 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(with_love.exe) || 
url,asert.arbornetworks.com/2008/01/storm-loves-you-new-campaign-valentines-day-theme/
        2007762 || BLEEDING-EDGE POLICY Majestic-12 Spider Bot User-Agent 
Inbound (MJ12bot) || url,www.majestic12.co.uk/
        2007763 || BLEEDING-EDGE POLICY CBS Streaming Video
        2007764 || BLEEDING-EDGE POLICY NBC Streaming Video
        2007765 || BLEEDING-EDGE POLICY Logmein.com Host List Download
        2007766 || BLEEDING-EDGE POLICY Logmein.com Update Activity
        2007767 || BLEEDING-EDGE TROJAN Pakes User-Agent Detected
        2406000 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - 
Hosting Nets || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
        2406001 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - 
Individual Hosts || 
url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
        2406002 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - 
Chinese Nets || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
        2406003 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - 
Known Trojan C&Cs || 
url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
        2406004 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - 
Central American Nets || 
url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407000 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - 
Hosting Nets - BLOCKING || 
url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407001 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - 
Individual Hosts - BLOCKING || 
url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407002 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - 
Chinese Nets - BLOCKING || 
url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407003 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - 
Known Trojan C&Cs - BLOCKING || 
url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407004 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - 
Central American Nets || 
url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork

     -> Added to bleeding-virus.rules (1):
        #by Matt Jonkman, Pakes.bwp update check

     -> Added to bleeding.rules (1):
        #keeping this, still getting reports of hits

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-botcc-BLOCK.rules (4):
        # Bleeding Edge Threats Botnet Command and Control drop rules.
        # More information available at www.bleedingthreats.net
        # Please submit any custom rules or ideas to 
bleeding@bleedingthreats.net or the bleeding-sigs mailing list
        #  Copyright (c) 2003-2007, Bleeding Edge Threats

     -> Removed from bleeding-botcc.rules (4):
        # Bleeding Edge Threats Botnet Command and Control drop rules.
        # More information available at www.bleedingthreats.net
        # Please submit any custom rules or ideas to 
bleeding@bleedingthreats.net or the bleeding-sigs mailing list
        #  Copyright (c) 2003-2007, Bleeding Edge Threats

     -> Removed from bleeding-drop-BLOCK.rules (5):
        # More information available at www.bleedingthreats.net
        # Please submit any feedback or ideas to bleeding@bleedingthreats.net 
or the bleeding-sigs mailing list
        #  Copyright (c) 2003-2007, Bleeding Edge Threats
        #  VERSION 1024
        #  Generated 2008-01-11 01:03:03 EDT

     -> Removed from bleeding-drop.rules (5):
        # More information available at www.bleedingthreats.net
        # Please submit any feedback or ideas to bleeding@bleedingthreats.net 
or the bleeding-sigs mailing list
        #  Copyright (c) 2003-2007, Bleeding Edge Threats
        #  VERSION 1024
        #  Generated 2008-01-11 01:03:03 EDT

     -> Removed from bleeding-dshield-BLOCK.rules (4):
        # Rules to block Dshield identified Top Attackers (www.shield.org)
        # More information available at www.bleedingthreats.net
        # Please submit any feedback or ideas to bleeding@bleedingthreats.net 
or the bleeding-sigs mailing list
        #  Copyright (c) 2003-2007, Bleeding Edge Threats

     -> Removed from bleeding-dshield.rules (4):
        # Rules to block Dshield identified Top Attackers (www.shield.org)
        # More information available at www.bleedingthreats.net
        # Please submit any feedback or ideas to bleeding@bleedingthreats.net 
or the bleeding-sigs mailing list
        #  Copyright (c) 2003-2007, Bleeding Edge Threats

     -> Removed from bleeding-rbn-BLOCK.rules (5):
        # More information available at 
doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        # Please submit any feedback or ideas to bleeding@bleedingthreats.net 
or the bleeding-sigs mailing list
        #  Copyright (c) 2003-2007, Bleeding Edge Threats
        #  VERSION 25
        #  Updated 2008-01-09 17:42:11

     -> Removed from bleeding-rbn.rules (5):
        # More information available at 
doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        # Please submit any feedback or ideas to bleeding@bleedingthreats.net 
or the bleeding-sigs mailing list
        #  Copyright (c) 2003-2007, Bleeding Edge Threats
        #  VERSION 25
        #  Updated 2008-01-09 17:42:11

     -> Removed from bleeding-sid-msg.map (22):
        2007730 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(codecultra1123.exe)
        2007731 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(codecultra1123.dmg)
        2007732 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(codecnice1126.exe)
        2007733 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(codecnice1126.dmg)
        2007734 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(Install_video_3913230.exe)
        2007735 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(virusranger.exe)
        2007736 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(vrsvc.exe)
        2007737 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(stripshow.exe)
        2007738 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(happy2008.exe)
        2007739 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(fck2008.exe)
        2007740 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(happy_2008.exe)
        2007741 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested 
(sony.exe)
        2406000 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - 
Hosting Nets || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2406001 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - 
Individual Hosts || 
url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2406002 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - 
Chinese Nets || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2406003 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - 
Known Trojan C&Cs || 
url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2406004 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - 
Central American Nets || 
url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407000 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - 
Hosting Nets - BLOCKING || 
url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407001 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - 
Individual Hosts - BLOCKING || 
url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407002 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - 
Chinese Nets - BLOCKING || 
url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407003 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - 
Known Trojan C&Cs - BLOCKING || 
url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407004 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - 
Central American Nets || 
url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork

     -> Removed from bleeding.rules (2):
        # these may only be good for a few days, but considering the volume of 
infections and the high-profile
        #  plaves at blogspot, it's worth pushing these sigs out for a few days

[+] Added files (consider updating your snort.conf to include them if needed): 
[+]

    -> bleeding-sid-msg.map.txt


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Snort-sigs] Emerging Threats Weekly Signature Changes, emerging <=
Previous by Date:  [Snort-sigs] Emerging Threats Daily Signature Changes, emerging
Next by Date:  [Snort-sigs] Emerging Threats Daily Signature Changes, emerging
Previous by Thread:  [Snort-sigs] NTMLSSP or NTLMSSP sigs ?, rmkml
Indexes:  [Date] [Thread] [Top] [All Lists]