Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-sigs] [Emerging-Sigs] Emerging Threats Weekly Signature Chang

from [Matt Jonkman] Network Security [Permanent Link]
Subject: Re: [Snort-sigs] [Emerging-Sigs] Emerging Threats Weekly Signature Changes
Date: Mon, 25 Feb 2008 09:51:28 -0500 
You are correct Jackie, fixing now...

Thanks for the note!

Matt

Jackie Lai wrote:

 207873 - ET WEB WinIPDS Directory Traversal Vulnerabilities POST
(bleeding-web.rules)


The SID seems to be a typo error? I think it should be 2007873.

========================
Jackie Lai, CISSP
mailto: gclai [at] draytek [dot] com
========================
----- Original Message ----- ???: <emerging@emergingthreats.net>
???: <snort-sigs@lists.sourceforge.net>;
<emerging-sigs@emergingthreats.net>
????: 2008?2?24? ?? 08:00
??: [Emerging-Sigs] Emerging Threats Weekly Signature Changes




[***] Results from Oinkmaster started Sat Feb 23 19:00:09 2008 [***]

[+++]          Added rules:          [+++]

 207873 - ET WEB WinIPDS Directory Traversal Vulnerabilities POST
(bleeding-web.rules)
2007855 - ET MALWARE OneStepSearch Host Activity (bleeding-malware.rules)
2007856 - ET MALWARE System-defender.com Fake AV Install Checkin
(bleeding-malware.rules)
2007858 - ET TROJAN Delf Keylog FTP Upload (bleeding-virus.rules)
2007859 - ET MALWARE Suspicious User Agent - Possible Trojan
Downloader (microsoft) (bleeding-malware.rules)
2007860 - ET MALWARE Suspicious User Agent - Possible Trojan
Downloader (Internet Explorer 6.0) (bleeding-malware.rules)
2007861 - ET MALWARE Softcashier.com Spyware Install Checkin
(bleeding-malware.rules)
2007862 - ET TROJAN LDPinch Checkin (3) (bleeding-virus.rules)
2007863 - ET TROJAN Banload HTTP Checkin (bleeding-virus.rules)
2007864 - ET TROJAN Banload HTTP Checkin Detected (bleeding-virus.rules)
2007865 - ET MALWARE Winreanimator.com Fake AV Install Attempt
(bleeding-malware.rules)
2007866 - ET TROJAN Gadu-Gadu.pl Related Trojan Reporting via HTTP
(bleeding-virus.rules)
2007867 - ET TROJAN Delf HTTP Post Checkin (1) (bleeding-virus.rules)
2007868 - ET MALWARE Suspicious User Agent - Possible Trojan
Downloader (Firefox) (bleeding-malware.rules)
2007869 - ET MALWARE Vombanetwork Spyware User Agent
(VombaProductsInstaller) (bleeding-malware.rules)
2007870 - ET MALWARE Vombanetworks.com Spyware Installer Checkin
(bleeding-malware.rules)
2007871 - ET WEB Philips VOIP841 Web Server Directory Traversal
(bleeding-web.rules)
2007872 - ET WEB WinIPDS Directory Traversal Vulnerabilities GET
(bleeding-web.rules)
2007874 - ET EXPLOIT Now SMS/MMS Gateway HTTP BOF Vulnerability
(bleeding-exploit.rules)
2007875 - ET EXPLOIT Now SMS/MMS Gateway SMPP BOF Vulnerability
(bleeding-exploit.rules)
2007876 - ET EXPLOIT ExtremeZ-IP File and Print Server Multiple
Vulnerabilities - udp (bleeding-exploit.rules)
2007877 - ET EXPLOIT ExtremeZ-IP File and Print Server Multiple
Vulnerabilities - tcp (bleeding-exploit.rules)
2007878 - ET WEB Apple QuickTime <= 7.4.1 QTPlugin.ocx Multiple Remote
Stack Overflow (bleeding-web.rules)
2007879 - ET EXPLOIT Cyan Soft Products Format String Vulnerability
(bleeding-exploit.rules)


[///]     Modified active rules:     [///]

2002157 - ET POLICY Skype User-Agent detected (bleeding-policy.rules)
2003070 - ET WORM Korgo.U Reporting (bleeding-virus.rules)
2003330 - ET POLICY Possible Spambot -- Host DNS MX Query High Count
(bleeding-policy.rules)
2400000 - ET DROP Spamhaus DROP Listed Traffic Inbound
(bleeding-drop.rules)
2400001 - ET DROP Spamhaus DROP Listed Traffic Inbound
(bleeding-drop.rules)
2400002 - ET DROP Spamhaus DROP Listed Traffic Inbound
(bleeding-drop.rules)
2400003 - ET DROP Spamhaus DROP Listed Traffic Inbound
(bleeding-drop.rules)
2400004 - ET DROP Spamhaus DROP Listed Traffic Inbound
(bleeding-drop.rules)
2401000 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING
SOURCE (bleeding-drop-BLOCK.rules)
2401001 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING
SOURCE (bleeding-drop-BLOCK.rules)
2401002 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING
SOURCE (bleeding-drop-BLOCK.rules)
2401003 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING
SOURCE (bleeding-drop-BLOCK.rules)
2401004 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING
SOURCE (bleeding-drop-BLOCK.rules)
2402000 - ET DROP Dshield Block Listed Source (bleeding-dshield.rules)
2403000 - ET DROP Dshield Block Listed Source - BLOCKING
(bleeding-dshield-BLOCK.rules)
2404000 - ET DROP Known Bot C&C Server Traffic (group 1)
(bleeding-botcc.rules)
2404001 - ET DROP Known Bot C&C Server Traffic (group 2)
(bleeding-botcc.rules)
2404002 - ET DROP Known Bot C&C Server Traffic (group 3)
(bleeding-botcc.rules)
2404003 - ET DROP Known Bot C&C Server Traffic (group 4)
(bleeding-botcc.rules)
2404004 - ET DROP Known Bot C&C Server Traffic (group 5)
(bleeding-botcc.rules)
2404005 - ET DROP Known Bot C&C Server Traffic (group 6)
(bleeding-botcc.rules)
2404006 - ET DROP Known Bot C&C Server Traffic (group 7)
(bleeding-botcc.rules)
2404007 - ET DROP Known Bot C&C Server Traffic (group 8)
(bleeding-botcc.rules)
2404008 - ET DROP Known Bot C&C Server Traffic (group 9)
(bleeding-botcc.rules)
2404009 - ET DROP Known Bot C&C Server Traffic (group 10)
(bleeding-botcc.rules)
2404010 - ET DROP Known Bot C&C Server Traffic (group 11)
(bleeding-botcc.rules)
2404011 - ET DROP Known Bot C&C Server Traffic (group 12)
(bleeding-botcc.rules)
2404012 - ET DROP Known Bot C&C Server Traffic (group 13)
(bleeding-botcc.rules)
2404013 - ET DROP Known Bot C&C Server Traffic (group 14)
(bleeding-botcc.rules)
2404014 - ET DROP Known Bot C&C Server Traffic (group 15)
(bleeding-botcc.rules)
2404015 - ET DROP Known Bot C&C Server Traffic (group 16)
(bleeding-botcc.rules)
2404016 - ET DROP Known Bot C&C Server Traffic (group 17)
(bleeding-botcc.rules)
2404017 - ET DROP Known Bot C&C Server Traffic (group 18)
(bleeding-botcc.rules)
2405000 - ET DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405001 - ET DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405002 - ET DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405003 - ET DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405004 - ET DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405005 - ET DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405006 - ET DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405007 - ET DROP Known Bot C&C Traffic (group 8) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405008 - ET DROP Known Bot C&C Traffic (group 9) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405009 - ET DROP Known Bot C&C Traffic (group 10) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405010 - ET DROP Known Bot C&C Traffic (group 11) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405011 - ET DROP Known Bot C&C Traffic (group 12) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405012 - ET DROP Known Bot C&C Traffic (group 13) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405013 - ET DROP Known Bot C&C Traffic (group 14) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405014 - ET DROP Known Bot C&C Traffic (group 15) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405015 - ET DROP Known Bot C&C Traffic (group 16) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405016 - ET DROP Known Bot C&C Traffic (group 17) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405017 - ET DROP Known Bot C&C Traffic (group 18) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2406005 - ET RBN Known Russian Business Network Monitored Domains (1)
(bleeding-rbn.rules)
2406006 - ET RBN Known Russian Business Network Monitored Domains (2)
(bleeding-rbn.rules)
2406007 - ET RBN Known Russian Business Network Monitored Domains (3)
(bleeding-rbn.rules)
2406008 - ET RBN Known Russian Business Network Monitored Domains (4)
(bleeding-rbn.rules)
2406009 - ET RBN Known Russian Business Network Monitored Domains (5)
(bleeding-rbn.rules)
2406010 - ET RBN Known Russian Business Network Monitored Domains (6)
(bleeding-rbn.rules)
2406011 - ET RBN Known Russian Business Network Monitored Domains (7)
(bleeding-rbn.rules)
2406012 - ET RBN Known Russian Business Network Monitored Domains (8)
(bleeding-rbn.rules)
2406013 - ET RBN Known Russian Business Network Monitored Domains (9)
(bleeding-rbn.rules)
2406014 - ET RBN Known Russian Business Network Monitored Domains (10)
(bleeding-rbn.rules)
2406015 - ET RBN Known Russian Business Network Monitored Domains (11)
(bleeding-rbn.rules)
2406016 - ET RBN Known Russian Business Network Monitored Domains (12)
(bleeding-rbn.rules)
2406017 - ET RBN Known Russian Business Network Monitored Domains (13)
(bleeding-rbn.rules)
2406018 - ET RBN Known Russian Business Network Monitored Domains (14)
(bleeding-rbn.rules)
2406019 - ET RBN Known Russian Business Network Monitored Domains (15)
(bleeding-rbn.rules)
2406020 - ET RBN Known Russian Business Network Monitored Domains (16)
(bleeding-rbn.rules)
2406021 - ET RBN Known Russian Business Network Monitored Domains (17)
(bleeding-rbn.rules)
2406022 - ET RBN Known Russian Business Network Monitored Domains (18)
(bleeding-rbn.rules)
2406023 - ET RBN Known Russian Business Network Monitored Domains (19)
(bleeding-rbn.rules)
2406024 - ET RBN Known Russian Business Network Monitored Domains (20)
(bleeding-rbn.rules)
2406025 - ET RBN Known Russian Business Network Monitored Domains (21)
(bleeding-rbn.rules)
2406026 - ET RBN Known Russian Business Network Monitored Domains (22)
(bleeding-rbn.rules)
2406027 - ET RBN Known Russian Business Network Monitored Domains (23)
(bleeding-rbn.rules)
2406028 - ET RBN Known Russian Business Network Monitored Domains (24)
(bleeding-rbn.rules)
2406029 - ET RBN Known Russian Business Network Monitored Domains (25)
(bleeding-rbn.rules)
2406030 - ET RBN Known Russian Business Network Monitored Domains (26)
(bleeding-rbn.rules)
2406031 - ET RBN Known Russian Business Network Monitored Domains (27)
(bleeding-rbn.rules)
2406032 - ET RBN Known Russian Business Network Monitored Domains (28)
(bleeding-rbn.rules)
2406033 - ET RBN Known Russian Business Network Monitored Domains (29)
(bleeding-rbn.rules)
2406034 - ET RBN Known Russian Business Network Monitored Domains (30)
(bleeding-rbn.rules)
2407005 - ET RBN Known Russian Business Network Monitored Domains -
BLOCKING (1) (bleeding-rbn-BLOCK.rules)
2407006 - ET RBN Known Russian Business Network Monitored Domains -
BLOCKING (2) (bleeding-rbn-BLOCK.rules)
2407007 - ET RBN Known Russian Business Network Monitored Domains -
BLOCKING (3) (bleeding-rbn-BLOCK.rules)
2407008 - ET RBN Known Russian Business Network Monitored Domains -
BLOCKING (4) (bleeding-rbn-BLOCK.rules)
2407009 - ET RBN Known Russian Business Network Monitored Domains -
BLOCKING (5) (bleeding-rbn-BLOCK.rules)
2407010 - ET RBN Known Russian Business Network Monitored Domains -
BLOCKING (6) (bleeding-rbn-BLOCK.rules)
2407011 - ET RBN Known Russian Business Network Monitored Domains -
BLOCKING (7) (bleeding-rbn-BLOCK.rules)
2407012 - ET RBN Known Russian Business Network Monitored Domains -
BLOCKING (8) (bleeding-rbn-BLOCK.rules)
2407013 - ET RBN Known Russian Business Network Monitored Domains -
BLOCKING (9) (bleeding-rbn-BLOCK.rules)
2407014 - ET RBN Known Russian Business Network Monitored Domains -
BLOCKING (10) (bleeding-rbn-BLOCK.rules)
2407015 - ET RBN Known Russian Business Network Monitored Domains -
BLOCKING (11) (bleeding-rbn-BLOCK.rules)
2407016 - ET RBN Known Russian Business Network Monitored Domains -
BLOCKING (12) (bleeding-rbn-BLOCK.rules)
2407017 - ET RBN Known Russian Business Network Monitored Domains -
BLOCKING (13) (bleeding-rbn-BLOCK.rules)
2407018 - ET RBN Known Russian Business Network Monitored Domains -
BLOCKING (14) (bleeding-rbn-BLOCK.rules)
2407019 - ET RBN Known Russian Business Network Monitored Domains -
BLOCKING (15) (bleeding-rbn-BLOCK.rules)
2407020 - ET RBN Known Russian Business Network Monitored Domains -
BLOCKING (16) (bleeding-rbn-BLOCK.rules)
2407021 - ET RBN Known Russian Business Network Monitored Domains -
BLOCKING (17) (bleeding-rbn-BLOCK.rules)
2407022 - ET RBN Known Russian Business Network Monitored Domains -
BLOCKING (18) (bleeding-rbn-BLOCK.rules)
2407023 - ET RBN Known Russian Business Network Monitored Domains -
BLOCKING (19) (bleeding-rbn-BLOCK.rules)
2407024 - ET RBN Known Russian Business Network Monitored Domains -
BLOCKING (20) (bleeding-rbn-BLOCK.rules)
2407025 - ET RBN Known Russian Business Network Monitored Domains -
BLOCKING (21) (bleeding-rbn-BLOCK.rules)
2407026 - ET RBN Known Russian Business Network Monitored Domains -
BLOCKING (22) (bleeding-rbn-BLOCK.rules)
2407027 - ET RBN Known Russian Business Network Monitored Domains -
BLOCKING (23) (bleeding-rbn-BLOCK.rules)
2407028 - ET RBN Known Russian Business Network Monitored Domains -
BLOCKING (24) (bleeding-rbn-BLOCK.rules)
2407029 - ET RBN Known Russian Business Network Monitored Domains -
BLOCKING (25) (bleeding-rbn-BLOCK.rules)
2407030 - ET RBN Known Russian Business Network Monitored Domains -
BLOCKING (26) (bleeding-rbn-BLOCK.rules)
2407031 - ET RBN Known Russian Business Network Monitored Domains -
BLOCKING (27) (bleeding-rbn-BLOCK.rules)
2407032 - ET RBN Known Russian Business Network Monitored Domains -
BLOCKING (28) (bleeding-rbn-BLOCK.rules)
2407033 - ET RBN Known Russian Business Network Monitored Domains -
BLOCKING (29) (bleeding-rbn-BLOCK.rules)
2407034 - ET RBN Known Russian Business Network Monitored Domains -
BLOCKING (30) (bleeding-rbn-BLOCK.rules)


[+++]      Added non-rule lines:     [+++]

    -> Added to bleeding-drop-BLOCK.rules (2):
       #  VERSION 1066
       #  Generated 2008-02-22 01:03:00 EDT

    -> Added to bleeding-drop.rules (2):
       #  VERSION 1066
       #  Generated 2008-02-22 01:03:00 EDT

    -> Added to bleeding-exploit.rules (3):
       #by Akash Mahajan
       #by Akash Mahajan
       #by Akash Mahajan

    -> Added to bleeding-malware.rules (2):
       #by Will Metcalf
       #fake av, sig by matt jonkman

    -> Added to bleeding-rbn-BLOCK.rules (2):
       #  VERSION 36
       #  Updated 2008-02-21 10:21:51

    -> Added to bleeding-rbn.rules (2):
       #  VERSION 36
       #  Updated 2008-02-21 10:21:51

    -> Added to bleeding-sid-msg.map (24):
       207873 || ET WEB WinIPDS Directory Traversal Vulnerabilities
POST || bugtraq,27757 || url,aluigi.altervista.org/adv/winipds-adv.txt
       2007855 || ET MALWARE OneStepSearch Host Activity
       2007856 || ET MALWARE System-defender.com Fake AV Install
Checkin || url,www.system-defender.com
       2007858 || ET TROJAN Delf Keylog FTP Upload
       2007859 || ET MALWARE Suspicious User Agent - Possible Trojan
Downloader (microsoft)
       2007860 || ET MALWARE Suspicious User Agent - Possible Trojan
Downloader (Internet Explorer 6.0)
       2007861 || ET MALWARE Softcashier.com Spyware Install Checkin
       2007862 || ET TROJAN LDPinch Checkin (3)
       2007863 || ET TROJAN Banload HTTP Checkin
       2007864 || ET TROJAN Banload HTTP Checkin Detected
       2007865 || ET MALWARE Winreanimator.com Fake AV Install Attempt
|| url,www.winreanimator.com
       2007866 || ET TROJAN Gadu-Gadu.pl Related Trojan Reporting via
HTTP
       2007867 || ET TROJAN Delf HTTP Post Checkin (1)
       2007868 || ET MALWARE Suspicious User Agent - Possible Trojan
Downloader (Firefox)
       2007869 || ET MALWARE Vombanetwork Spyware User Agent
(VombaProductsInstaller)
       2007870 || ET MALWARE Vombanetworks.com Spyware Installer Checkin
       2007871 || ET WEB Philips VOIP841 Web Server Directory
Traversal || bugtraq,27790 || url,www.milw0rm.com/exploits/5113
       2007872 || ET WEB WinIPDS Directory Traversal Vulnerabilities
GET || bugtraq,27757 || url,aluigi.altervista.org/adv/winipds-adv.txt
       2007874 || ET EXPLOIT Now SMS/MMS Gateway HTTP BOF
Vulnerability || url,aluigi.altervista.org/adv/nowsmsz-adv.txt ||
bugtraq,27896
       2007875 || ET EXPLOIT Now SMS/MMS Gateway SMPP BOF
Vulnerability || url,aluigi.altervista.org/adv/nowsmsz-adv.txt ||
bugtraq,27896
       2007876 || ET EXPLOIT ExtremeZ-IP File and Print Server
Multiple Vulnerabilities - udp || cve,CVE-2008-0767 ||
url,aluigi.altervista.org/adv/ezipirla-adv.txt || bugtraq,27718
       2007877 || ET EXPLOIT ExtremeZ-IP File and Print Server
Multiple Vulnerabilities - tcp || cve,CVE-2008-0759 ||
url,aluigi.altervista.org/adv/ezipirla-adv.txt || bugtraq,27718
       2007878 || ET WEB Apple QuickTime <= 7.4.1 QTPlugin.ocx
Multiple Remote Stack Overflow || url,www.milw0rm.com/exploits/5110 ||
cve,CVE-2008-0778 || bugtraq,27769
       2007879 || ET EXPLOIT Cyan Soft Products Format String
Vulnerability || url,aluigi.altervista.org/adv/cyanuro-adv.txt ||
bugtraq,27728 || cve,CVE-2008-0755

    -> Added to bleeding-sid-msg.map.txt (24):
       207873 || ET WEB WinIPDS Directory Traversal Vulnerabilities
POST || bugtraq,27757 || url,aluigi.altervista.org/adv/winipds-adv.txt
       2007855 || ET MALWARE OneStepSearch Host Activity
       2007856 || ET MALWARE System-defender.com Fake AV Install
Checkin || url,www.system-defender.com
       2007858 || ET TROJAN Delf Keylog FTP Upload
       2007859 || ET MALWARE Suspicious User Agent - Possible Trojan
Downloader (microsoft)
       2007860 || ET MALWARE Suspicious User Agent - Possible Trojan
Downloader (Internet Explorer 6.0)
       2007861 || ET MALWARE Softcashier.com Spyware Install Checkin
       2007862 || ET TROJAN LDPinch Checkin (3)
       2007863 || ET TROJAN Banload HTTP Checkin
       2007864 || ET TROJAN Banload HTTP Checkin Detected
       2007865 || ET MALWARE Winreanimator.com Fake AV Install Attempt
|| url,www.winreanimator.com
       2007866 || ET TROJAN Gadu-Gadu.pl Related Trojan Reporting via
HTTP
       2007867 || ET TROJAN Delf HTTP Post Checkin (1)
       2007868 || ET MALWARE Suspicious User Agent - Possible Trojan
Downloader (Firefox)
       2007869 || ET MALWARE Vombanetwork Spyware User Agent
(VombaProductsInstaller)
       2007870 || ET MALWARE Vombanetworks.com Spyware Installer Checkin
       2007871 || ET WEB Philips VOIP841 Web Server Directory
Traversal || bugtraq,27790 || url,www.milw0rm.com/exploits/5113
       2007872 || ET WEB WinIPDS Directory Traversal Vulnerabilities
GET || bugtraq,27757 || url,aluigi.altervista.org/adv/winipds-adv.txt
       2007874 || ET EXPLOIT Now SMS/MMS Gateway HTTP BOF
Vulnerability || url,aluigi.altervista.org/adv/nowsmsz-adv.txt ||
bugtraq,27896
       2007875 || ET EXPLOIT Now SMS/MMS Gateway SMPP BOF
Vulnerability || url,aluigi.altervista.org/adv/nowsmsz-adv.txt ||
bugtraq,27896
       2007876 || ET EXPLOIT ExtremeZ-IP File and Print Server
Multiple Vulnerabilities - udp || cve,CVE-2008-0767 ||
url,aluigi.altervista.org/adv/ezipirla-adv.txt || bugtraq,27718
       2007877 || ET EXPLOIT ExtremeZ-IP File and Print Server
Multiple Vulnerabilities - tcp || cve,CVE-2008-0759 ||
url,aluigi.altervista.org/adv/ezipirla-adv.txt || bugtraq,27718
       2007878 || ET WEB Apple QuickTime <= 7.4.1 QTPlugin.ocx
Multiple Remote Stack Overflow || url,www.milw0rm.com/exploits/5110 ||
cve,CVE-2008-0778 || bugtraq,27769
       2007879 || ET EXPLOIT Cyan Soft Products Format String
Vulnerability || url,aluigi.altervista.org/adv/cyanuro-adv.txt ||
bugtraq,27728 || cve,CVE-2008-0755

    -> Added to bleeding-virus.rules (2):
       #delf keylog upload, kinda flimsy but works
       #spyware/trojan/backdoors all reported here. sig by matt jonkman

    -> Added to bleeding-web.rules (3):
       #by Akash Mahajan
       #by Akash Mahajan
       #by Akash Mahajan

[---]     Removed non-rule lines:    [---]

    -> Removed from bleeding-drop-BLOCK.rules (2):
       #  VERSION 1060
       #  Generated 2008-02-16 01:03:00 EDT

    -> Removed from bleeding-drop.rules (2):
       #  VERSION 1060
       #  Generated 2008-02-16 01:03:00 EDT

    -> Removed from bleeding-rbn-BLOCK.rules (2):
       #  VERSION 35
       #  Updated 2008-02-08 16:03:09

    -> Removed from bleeding-rbn.rules (2):
       #  VERSION 35
       #  Updated 2008-02-08 16:03:09

_______________________________________________
Emerging-sigs mailing list
Emerging-sigs@emergingthreats.net
http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


-- 
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.516 / Virus Database: 269.20.9/1293 - Release Date:
2008/2/22 ¤W¤È 09:21







-- 
--------------------------------------------
Matthew Jonkman
Emerging Threats
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
--------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc



-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Snort-sigs] [Emerging-Sigs] Emerging Threats Weekly Signature Changes, Jackie Lai
Next by Date:  [Snort-sigs] Emerging Threats Daily Signature Changes, emerging
Previous by Thread:  Re: [Snort-sigs] [Emerging-Sigs] Emerging Threats Weekly Signature Changes, Jackie Lai
Indexes:  [Date] [Thread] [Top] [All Lists]