[***] Results from Oinkmaster started Mon Feb 11 17:00:09 2008 [***]
[+++] Added rules: [+++]
2007833 - ET TROJAN Eldorado.BHO User-Agent Detected (MSIE 5.5)
(bleeding-virus.rules)
2007834 - ET TROJAN Renos/ssd.com HTTP Checkin (bleeding-virus.rules)
2007835 - ET CURRENT EVENTS Likely Storm Binary Requested (valentine.exe)
(bleeding.rules)
2007836 - ET TROJAN Downloader General Bot Checking In - Possible
Win32.Small.htz related (bleeding-virus.rules)
2007837 - ET TROJAN Suspicious User-Agent - Possible Trojan Downloader
(WinInet) (bleeding-virus.rules)
2007838 - ET TROJAN Delf HTTP Checkin (1) (bleeding-virus.rules)
[///] Modified active rules: [///]
2007758 - ET TROJAN Eldorado.BHO User-Agent Detected (netcfg)
(bleeding-virus.rules)
[+++] Added non-rule lines: [+++]
-> Added to bleeding-sid-msg.map (7):
2007758 || ET TROJAN Eldorado.BHO User-Agent Detected (netcfg)
2007833 || ET TROJAN Eldorado.BHO User-Agent Detected (MSIE 5.5)
2007834 || ET TROJAN Renos/ssd.com HTTP Checkin
2007835 || ET CURRENT EVENTS Likely Storm Binary Requested
(valentine.exe)
2007836 || ET TROJAN Downloader General Bot Checking In - Possible
Win32.Small.htz related
2007837 || ET TROJAN Suspicious User-Agent - Possible Trojan Downloader
(WinInet)
2007838 || ET TROJAN Delf HTTP Checkin (1)
-> Added to bleeding-sid-msg.map.txt (7):
2007758 || ET TROJAN Eldorado.BHO User-Agent Detected (netcfg)
2007833 || ET TROJAN Eldorado.BHO User-Agent Detected (MSIE 5.5)
2007834 || ET TROJAN Renos/ssd.com HTTP Checkin
2007835 || ET CURRENT EVENTS Likely Storm Binary Requested
(valentine.exe)
2007836 || ET TROJAN Downloader General Bot Checking In - Possible
Win32.Small.htz related
2007837 || ET TROJAN Suspicious User-Agent - Possible Trojan Downloader
(WinInet)
2007838 || ET TROJAN Delf HTTP Checkin (1)
-> Added to bleeding-virus.rules (3):
#yet another c&c method, by matt jonkman
#matt jonkman, sample marked Trojan-Downloader.Win32.Small.htz by
fsecure
#Matt Jonkman, Kaspersky Trojan-Proxy.Win32.Agent.ty
[---] Removed non-rule lines: [---]
-> Removed from bleeding-sid-msg.map (3):
2007758 || ET TROJAN Eldorado.BHO User-Agent Detected
2404017 || ET DROP Known Bot C&C Server Traffic (group 18) ||
url,www.shadowserver.org
2405017 || ET DROP Known Bot C&C Traffic (group 18) - BLOCKING SOURCE
|| url,www.shadowserver.org
-> Removed from bleeding-sid-msg.map.txt (3):
2007758 || ET TROJAN Eldorado.BHO User-Agent Detected
2404017 || ET DROP Known Bot C&C Server Traffic (group 18) ||
url,www.shadowserver.org
2405017 || ET DROP Known Bot C&C Traffic (group 18) - BLOCKING SOURCE
|| url,www.shadowserver.org
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
