[***] Results from Oinkmaster started Mon Jan 21 17:00:08 2008 [***]
[+++] Added rules: [+++]
2007770 - BLEEDING-EDGE TROJAN Tear Application User-Agent Detected
(bleeding-virus.rules)
2007771 - BLEEDING-EDGE TROJAN Pakes/Cutwall/Kobcka Update URL Detected
(bleeding-virus.rules)
[+++] Added non-rule lines: [+++]
-> Added to bleeding-sid-msg.map (4):
2007770 || BLEEDING-EDGE TROJAN Tear Application User-Agent Detected
2007771 || BLEEDING-EDGE TROJAN Pakes/Cutwall/Kobcka Update URL Detected
2404017 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 18)
|| url,www.shadowserver.org
2405017 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 18) -
BLOCKING SOURCE || url,www.shadowserver.org
-> Added to bleeding-sid-msg.map.txt (4):
2007770 || BLEEDING-EDGE TROJAN Tear Application User-Agent Detected
2007771 || BLEEDING-EDGE TROJAN Pakes/Cutwall/Kobcka Update URL Detected
2404017 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 18)
|| url,www.shadowserver.org
2405017 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 18) -
BLOCKING SOURCE || url,www.shadowserver.org
-> Added to bleeding-virus.rules (2):
#Matt Jonkman, found in the sandnet
#seeing this pattern from several named trojans, from the sandnet
[---] Removed non-rule lines: [---]
-> Removed from bleeding-attack_response.rules (1):
# $Id: bleeding-attack_response.rules $
-> Removed from bleeding-dos.rules (1):
# $Id: bleeding-dos.rules $
-> Removed from bleeding-exploit.rules (1):
# $Id: bleeding-exploit.rules $
-> Removed from bleeding-game.rules (1):
# $Id: bleeding-game.rules $
-> Removed from bleeding-inappropriate.rules (1):
# $Id: bleeding-inappropriate.rules $
-> Removed from bleeding-malware.rules (1):
# $Id: bleeding-malware.rules $
-> Removed from bleeding-p2p.rules (1):
# $Id: bleeding-p2p.rules $
-> Removed from bleeding-policy.rules (1):
# $Id: bleeding-policy.rules $
-> Removed from bleeding-scan.rules (1):
# $Id: bleeding-scan.rules $
-> Removed from bleeding-virus.rules (1):
# $Id: bleeding-virus.rules $
-> Removed from bleeding-voip.rules (1):
# $Id: bleeding-voip.rules $
-> Removed from bleeding-web.rules (1):
# $Id: bleeding-web.rules $
-> Removed from bleeding-web_sql_injection.rules (1):
# $Id: bleeding-web_sql_injection.rules $
-> Removed from bleeding.rules (1):
# $Id: bleeding.rules $
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
