[***] Results from Oinkmaster started Wed Feb 27 17:00:10 2008 [***]
[+++] Added rules: [+++]
2007885 - ET MALWARE Suspicious User Agent (downloader)
(bleeding-malware.rules)
2007886 - ET MALWARE Anti-virus-pro.com Fake AV Checkin
(bleeding-malware.rules)
2007887 - ET CURRENT_EVENTS Possible Comodo AntiVirus 2.0 ExecuteStr() Remote
Command Execution Vulnerability (bleeding.rules)
2007888 - ET CURRENT_EVENTS Rising Online Scanner Insecure Method
Vulnerability (bleeding.rules)
2007889 - ET WEB Cacti SQL Injection Vulnerability -- graph_view graph_list
UNION SELECT (bleeding-web.rules)
2007890 - ET WEB Cacti SQL Injection Vulnerability -- graph_view graph_list
INSERT (bleeding-web.rules)
2007891 - ET WEB Cacti SQL Injection Vulnerability -- graph_view graph_list
DELETE (bleeding-web.rules)
2007892 - ET WEB Cacti SQL Injection Vulnerability -- graph_view graph_list
UPDATE (bleeding-web.rules)
2007893 - ET WEB Cacti SQL Injection Vulnerability -- tree.php leaf_id SELECT
(bleeding-web.rules)
2007894 - ET WEB Cacti SQL Injection Vulnerability -- tree.php leaf_id UNION
SELECT (bleeding-web.rules)
2007895 - ET WEB Cacti SQL Injection Vulnerability -- tree.php leaf_id INSERT
(bleeding-web.rules)
2007896 - ET WEB Cacti SQL Injection Vulnerability -- tree.php leaf_id DELETE
(bleeding-web.rules)
2007897 - ET WEB Cacti SQL Injection Vulnerability -- tree.php leaf_id UPDATE
(bleeding-web.rules)
2007898 - ET TROJAN Sohanad Checkin via HTTP (bleeding-virus.rules)
[+++] Added non-rule lines: [+++]
-> Added to bleeding-malware.rules (1):
#fake antispyware package, sig by matt jonkman
-> Added to bleeding-sid-msg.map (16):
2007885 || ET MALWARE Suspicious User Agent (downloader)
2007886 || ET MALWARE Anti-virus-pro.com Fake AV Checkin
2007887 || ET CURRENT_EVENTS Possible Comodo AntiVirus 2.0 ExecuteStr()
Remote Command Execution Vulnerability || url,www.milw0rm.com/exploits/4974 ||
bugtraq,27424 || cve,CVE-2008-0470
2007888 || ET CURRENT_EVENTS Rising Online Scanner Insecure Method
Vulnerability || url,www.milw0rm.com/exploits/5188 || bugtraq,27997
2007889 || ET WEB Cacti SQL Injection Vulnerability -- graph_view
graph_list UNION SELECT || bugtraq,27749 || cve,CVE-2008-0785
2007890 || ET WEB Cacti SQL Injection Vulnerability -- graph_view
graph_list INSERT || bugtraq,27749 || cve,CVE-2008-0785
2007891 || ET WEB Cacti SQL Injection Vulnerability -- graph_view
graph_list DELETE || bugtraq,27749 || cve,CVE-2008-0785
2007892 || ET WEB Cacti SQL Injection Vulnerability -- graph_view
graph_list UPDATE || bugtraq,27749 || cve,CVE-2008-0785
2007893 || ET WEB Cacti SQL Injection Vulnerability -- tree.php leaf_id
SELECT || bugtraq,27749 || cve,CVE-2008-0785
2007894 || ET WEB Cacti SQL Injection Vulnerability -- tree.php leaf_id
UNION SELECT || bugtraq,27749 || cve,CVE-2008-0785
2007895 || ET WEB Cacti SQL Injection Vulnerability -- tree.php leaf_id
INSERT || bugtraq,27749 || cve,CVE-2008-0785
2007896 || ET WEB Cacti SQL Injection Vulnerability -- tree.php leaf_id
DELETE || bugtraq,27749 || cve,CVE-2008-0785
2007897 || ET WEB Cacti SQL Injection Vulnerability -- tree.php leaf_id
UPDATE || bugtraq,27749 || cve,CVE-2008-0785
2007898 || ET TROJAN Sohanad Checkin via HTTP
2404018 || ET DROP Known Bot C&C Server Traffic (group 19) ||
url,www.shadowserver.org
2405018 || ET DROP Known Bot C&C Traffic (group 19) - BLOCKING SOURCE
|| url,www.shadowserver.org
-> Added to bleeding-sid-msg.map.txt (16):
2007885 || ET MALWARE Suspicious User Agent (downloader)
2007886 || ET MALWARE Anti-virus-pro.com Fake AV Checkin
2007887 || ET CURRENT_EVENTS Possible Comodo AntiVirus 2.0 ExecuteStr()
Remote Command Execution Vulnerability || url,www.milw0rm.com/exploits/4974 ||
bugtraq,27424 || cve,CVE-2008-0470
2007888 || ET CURRENT_EVENTS Rising Online Scanner Insecure Method
Vulnerability || url,www.milw0rm.com/exploits/5188 || bugtraq,27997
2007889 || ET WEB Cacti SQL Injection Vulnerability -- graph_view
graph_list UNION SELECT || bugtraq,27749 || cve,CVE-2008-0785
2007890 || ET WEB Cacti SQL Injection Vulnerability -- graph_view
graph_list INSERT || bugtraq,27749 || cve,CVE-2008-0785
2007891 || ET WEB Cacti SQL Injection Vulnerability -- graph_view
graph_list DELETE || bugtraq,27749 || cve,CVE-2008-0785
2007892 || ET WEB Cacti SQL Injection Vulnerability -- graph_view
graph_list UPDATE || bugtraq,27749 || cve,CVE-2008-0785
2007893 || ET WEB Cacti SQL Injection Vulnerability -- tree.php leaf_id
SELECT || bugtraq,27749 || cve,CVE-2008-0785
2007894 || ET WEB Cacti SQL Injection Vulnerability -- tree.php leaf_id
UNION SELECT || bugtraq,27749 || cve,CVE-2008-0785
2007895 || ET WEB Cacti SQL Injection Vulnerability -- tree.php leaf_id
INSERT || bugtraq,27749 || cve,CVE-2008-0785
2007896 || ET WEB Cacti SQL Injection Vulnerability -- tree.php leaf_id
DELETE || bugtraq,27749 || cve,CVE-2008-0785
2007897 || ET WEB Cacti SQL Injection Vulnerability -- tree.php leaf_id
UPDATE || bugtraq,27749 || cve,CVE-2008-0785
2007898 || ET TROJAN Sohanad Checkin via HTTP
2404018 || ET DROP Known Bot C&C Server Traffic (group 19) ||
url,www.shadowserver.org
2405018 || ET DROP Known Bot C&C Traffic (group 19) - BLOCKING SOURCE
|| url,www.shadowserver.org
-> Added to bleeding-web.rules (1):
#by Akash Mahajan of stillsecure
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
