Network Security: Detailed info on [Snort-sigs] Emerging Threats Daily Signature Changes

Subject:	[Snort-sigs] Emerging Threats Daily Signature Changes
Date:	Wed, 30 Jan 2008 17:00:07 -0500 (EST)


[***] Results from Oinkmaster started Wed Jan 30 17:00:07 2008 [***]

[+++]          Added rules:          [+++]

 2007803 - ET TROJAN Win32.Inject.ql Checkin Post (bleeding-virus.rules)


[///]     Modified active rules:     [///]

 2001711 - ET MALWARE Likely Spambot Web-based Control Traffic 
(bleeding-malware.rules)
 2002988 - ET MALWARE Possible Spambot Checking in to Spam 
(bleeding-malware.rules)
 2002989 - ET MALWARE Possible Spambot getting new exe url 
(bleeding-malware.rules)
 2002990 - ET MALWARE Possible Spambot Pulling IP List to Spam 
(bleeding-malware.rules)
 2002991 - ET MALWARE Possible Spambot getting new exe (bleeding-malware.rules)
 2006425 - ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware Install Checkin 
(bleeding-malware.rules)
 2006426 - ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware Checkin 
(bleeding-malware.rules)
 2006427 - ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware Mac Check 
(bleeding-malware.rules)
 2006428 - ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware Checkin (open) 
(bleeding-malware.rules)
 2006431 - ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware Post 
(bleeding-malware.rules)
 2006432 - ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware Checkin (ret) 
(bleeding-malware.rules)
 2006433 - ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware Post 
(api_result) (bleeding-malware.rules)
 2007642 - ET MALWARE Viruscheck.co.kr Related Fake Anti-Spyware Post (chkvs) 
(bleeding-malware.rules)
 2007771 - BLEEDING-EDGE TROJAN Pakes/Cutwall/Kobcka Update URL Detected 
(bleeding-virus.rules)
 2007773 - BLEEDING-EDGE TROJAN Pakes/Cutwall/Kobcka Update URL Detected 
(bleeding-virus.rules)


[///]    Modified inactive rules:    [///]

 2001815 - ET Spambot Suspicious 220 Banner on Local Port 
(bleeding-malware.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (15):
        2001711 || ET MALWARE Likely Spambot Web-based Control Traffic
        2001815 || ET Spambot Suspicious 220 Banner on Local Port
        2002988 || ET MALWARE Possible Spambot Checking in to Spam
        2002989 || ET MALWARE Possible Spambot getting new exe url
        2002990 || ET MALWARE Possible Spambot Pulling IP List to Spam
        2002991 || ET MALWARE Possible Spambot getting new exe
        2006425 || ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware Install 
Checkin
        2006426 || ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware Checkin
        2006427 || ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware Mac 
Check
        2006428 || ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware Checkin 
(open)
        2006431 || ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware Post
        2006432 || ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware Checkin 
(ret)
        2006433 || ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware Post 
(api_result)
        2007642 || ET MALWARE Viruscheck.co.kr Related Fake Anti-Spyware Post 
(chkvs)
        2007803 || ET TROJAN Win32.Inject.ql Checkin Post

     -> Added to bleeding-sid-msg.map.txt (15):
        2001711 || ET MALWARE Likely Spambot Web-based Control Traffic
        2001815 || ET Spambot Suspicious 220 Banner on Local Port
        2002988 || ET MALWARE Possible Spambot Checking in to Spam
        2002989 || ET MALWARE Possible Spambot getting new exe url
        2002990 || ET MALWARE Possible Spambot Pulling IP List to Spam
        2002991 || ET MALWARE Possible Spambot getting new exe
        2006425 || ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware Install 
Checkin
        2006426 || ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware Checkin
        2006427 || ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware Mac 
Check
        2006428 || ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware Checkin 
(open)
        2006431 || ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware Post
        2006432 || ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware Checkin 
(ret)
        2006433 || ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware Post 
(api_result)
        2007642 || ET MALWARE Viruscheck.co.kr Related Fake Anti-Spyware Post 
(chkvs)
        2007803 || ET TROJAN Win32.Inject.ql Checkin Post

     -> Added to bleeding-virus.rules (2):
        #kind of a general inject win32 kinda thing, but seeing it frequently
        # such as 7438b695c0f32cb5c3a0a89485a362c1, by matt jonkman

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (14):
        2001711 || "ET MALWARE Likely Spambot Web-based Control Traffic
        2001815 || "ET Spambot Suspicious 220 Banner on Local Port
        2002988 || "ET MALWARE Possible Spambot Checking in to Spam
        2002989 || "ET MALWARE Possible Spambot getting new exe url
        2002990 || "ET MALWARE Possible Spambot Pulling IP List to Spam
        2002991 || "ET MALWARE Possible Spambot getting new exe
        2006425 || "ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware 
Install Checkin
        2006426 || "ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware Checkin
        2006427 || "ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware Mac 
Check
        2006428 || "ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware 
Checkin (open)
        2006431 || "ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware Post
        2006432 || "ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware 
Checkin (ret)
        2006433 || "ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware Post 
(api_result)
        2007642 || "ET MALWARE Viruscheck.co.kr Related Fake Anti-Spyware Post 
(chkvs)

     -> Removed from bleeding-sid-msg.map.txt (14):
        2001711 || "ET MALWARE Likely Spambot Web-based Control Traffic
        2001815 || "ET Spambot Suspicious 220 Banner on Local Port
        2002988 || "ET MALWARE Possible Spambot Checking in to Spam
        2002989 || "ET MALWARE Possible Spambot getting new exe url
        2002990 || "ET MALWARE Possible Spambot Pulling IP List to Spam
        2002991 || "ET MALWARE Possible Spambot getting new exe
        2006425 || "ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware 
Install Checkin
        2006426 || "ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware Checkin
        2006427 || "ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware Mac 
Check
        2006428 || "ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware 
Checkin (open)
        2006431 || "ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware Post
        2006432 || "ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware 
Checkin (ret)
        2006433 || "ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware Post 
(api_result)
        2007642 || "ET MALWARE Viruscheck.co.kr Related Fake Anti-Spyware Post 
(chkvs)


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

<Prev in Thread]	Current Thread	[Next in Thread>
[Snort-sigs] Emerging Threats Daily Signature Changes, (continued) [Snort-sigs] Emerging Threats Daily Signature Changes, emerging [Snort-sigs] Emerging Threats Daily Signature Changes, emerging [Snort-sigs] Emerging Threats Daily Signature Changes, emerging [Snort-sigs] Emerging Threats Daily Signature Changes, emerging [Snort-sigs] Emerging Threats Daily Signature Changes, emerging [Snort-sigs] Emerging Threats Daily Signature Changes, emerging [Snort-sigs] Emerging Threats Daily Signature Changes, emerging [Snort-sigs] Emerging Threats Daily Signature Changes, emerging [Snort-sigs] Emerging Threats Daily Signature Changes, emerging [Snort-sigs] Emerging Threats Daily Signature Changes, emerging [Snort-sigs] Emerging Threats Daily Signature Changes, emerging <=

Previous by Date:	[Snort-sigs] Sourcefire VRT Certified Snort Rules Update, research
Previous by Thread:	[Snort-sigs] Emerging Threats Daily Signature Changes, emerging
Next by Thread:	[Snort-sigs] About the connection in the alert of BackDoor, Sun
Indexes:	[Date] [Thread] [Top] [All Lists]