Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] Emerging Threats Weekly Signature Changes

from [emerging] Network Security [Permanent Link]
Subject: [Snort-sigs] Emerging Threats Weekly Signature Changes
Date: Sat, 1 Mar 2008 19:00:08 -0500 (EST) 

[***] Results from Oinkmaster started Sat Mar  1 19:00:08 2008 [***]

[+++]          Added rules:          [+++]

 2007873 - ET WEB WinIPDS Directory Traversal Vulnerabilities POST 
(bleeding-web.rules)
 2007880 - ET TROJAN Suspicious User-Agent - Possible Trojan Downloader (-) 
(bleeding-virus.rules)
 2007881 - ET MALWARE Mycomclean.com Spyware User Agent (HTTP_GET_COMM) 
(bleeding-malware.rules)
 2007882 - ET MALWARE Mycomclean.com Spyware User Agent (SHINI) 
(bleeding-malware.rules)
 2007883 - ET MALWARE Virusheat.com Fake Anti-Spyware User Agent (VirusHeat 
4.3) (bleeding-malware.rules)
 2007884 - ET MALWARE Suspicious User Agent (Example) (bleeding-malware.rules)
 2007885 - ET MALWARE Suspicious User Agent (downloader) 
(bleeding-malware.rules)
 2007886 - ET MALWARE Anti-virus-pro.com Fake AV Checkin 
(bleeding-malware.rules)
 2007887 - ET CURRENT_EVENTS Possible Comodo AntiVirus 2.0 ExecuteStr() Remote 
Command Execution Vulnerability (bleeding.rules)
 2007888 - ET CURRENT_EVENTS Rising Online Scanner Insecure Method 
Vulnerability (bleeding.rules)
 2007889 - ET WEB Cacti SQL Injection Vulnerability -- graph_view graph_list 
UNION SELECT (bleeding-web.rules)
 2007890 - ET WEB Cacti SQL Injection Vulnerability -- graph_view graph_list 
INSERT (bleeding-web.rules)
 2007891 - ET WEB Cacti SQL Injection Vulnerability -- graph_view graph_list 
DELETE (bleeding-web.rules)
 2007892 - ET WEB Cacti SQL Injection Vulnerability -- graph_view graph_list 
UPDATE (bleeding-web.rules)
 2007893 - ET WEB Cacti SQL Injection Vulnerability -- tree.php leaf_id SELECT 
(bleeding-web.rules)
 2007894 - ET WEB Cacti SQL Injection Vulnerability -- tree.php leaf_id UNION 
SELECT (bleeding-web.rules)
 2007895 - ET WEB Cacti SQL Injection Vulnerability -- tree.php leaf_id INSERT 
(bleeding-web.rules)
 2007896 - ET WEB Cacti SQL Injection Vulnerability -- tree.php leaf_id DELETE 
(bleeding-web.rules)
 2007897 - ET WEB Cacti SQL Injection Vulnerability -- tree.php leaf_id UPDATE 
(bleeding-web.rules)
 2007898 - ET TROJAN Sohanad Checkin via HTTP (bleeding-virus.rules)
 2007899 - ET MALWARE Suspicious User Agent (HTTP_CONNECT) 
(bleeding-malware.rules)
 2007900 - ET MALWARE Kpang.com Spyware User Agent (auctionplusup) 
(bleeding-malware.rules)
 2007901 - ET TROJAN Banker.OPX HTTP Checkin (bleeding-virus.rules)
 2404018 - ET DROP Known Bot C&C Server Traffic (group 19)  
(bleeding-botcc.rules)
 2405018 - ET DROP Known Bot C&C Traffic (group 19) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)


[///]     Modified active rules:     [///]

 2003392 - ET TROJAN Warezov/Stration Communicating with Controller 
(bleeding-virus.rules)
 2003436 - ET TROJAN Warezov/Stration Communicating with Controller 2 
(bleeding-virus.rules)
 2007591 - ET TROJAN Win32 Agent.ALT C&C Checkin Connection in Progress 
(bleeding-virus.rules)
 2007695 - ET POLICY Windows 98 User-Agent Detected - Possible Malware or 
Non-Updated System (bleeding-policy.rules)
 2400000 - ET DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400001 - ET DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400002 - ET DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400003 - ET DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400004 - ET DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2401000 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE 
(bleeding-drop-BLOCK.rules)
 2401001 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE 
(bleeding-drop-BLOCK.rules)
 2401002 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE 
(bleeding-drop-BLOCK.rules)
 2401003 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE 
(bleeding-drop-BLOCK.rules)
 2401004 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE 
(bleeding-drop-BLOCK.rules)
 2402000 - ET DROP Dshield Block Listed Source (bleeding-dshield.rules)
 2403000 - ET DROP Dshield Block Listed Source - BLOCKING 
(bleeding-dshield-BLOCK.rules)
 2404000 - ET DROP Known Bot C&C Server Traffic (group 1)  
(bleeding-botcc.rules)
 2404001 - ET DROP Known Bot C&C Server Traffic (group 2)  
(bleeding-botcc.rules)
 2404002 - ET DROP Known Bot C&C Server Traffic (group 3)  
(bleeding-botcc.rules)
 2404003 - ET DROP Known Bot C&C Server Traffic (group 4)  
(bleeding-botcc.rules)
 2404004 - ET DROP Known Bot C&C Server Traffic (group 5)  
(bleeding-botcc.rules)
 2404005 - ET DROP Known Bot C&C Server Traffic (group 6)  
(bleeding-botcc.rules)
 2404006 - ET DROP Known Bot C&C Server Traffic (group 7)  
(bleeding-botcc.rules)
 2404007 - ET DROP Known Bot C&C Server Traffic (group 8)  
(bleeding-botcc.rules)
 2404008 - ET DROP Known Bot C&C Server Traffic (group 9)  
(bleeding-botcc.rules)
 2404009 - ET DROP Known Bot C&C Server Traffic (group 10)  
(bleeding-botcc.rules)
 2404010 - ET DROP Known Bot C&C Server Traffic (group 11)  
(bleeding-botcc.rules)
 2404011 - ET DROP Known Bot C&C Server Traffic (group 12)  
(bleeding-botcc.rules)
 2404012 - ET DROP Known Bot C&C Server Traffic (group 13)  
(bleeding-botcc.rules)
 2404013 - ET DROP Known Bot C&C Server Traffic (group 14)  
(bleeding-botcc.rules)
 2404014 - ET DROP Known Bot C&C Server Traffic (group 15)  
(bleeding-botcc.rules)
 2404015 - ET DROP Known Bot C&C Server Traffic (group 16)  
(bleeding-botcc.rules)
 2404016 - ET DROP Known Bot C&C Server Traffic (group 17)  
(bleeding-botcc.rules)
 2404017 - ET DROP Known Bot C&C Server Traffic (group 18)  
(bleeding-botcc.rules)
 2405000 - ET DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405001 - ET DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405002 - ET DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405003 - ET DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405004 - ET DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405005 - ET DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405006 - ET DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405007 - ET DROP Known Bot C&C Traffic (group 8) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405008 - ET DROP Known Bot C&C Traffic (group 9) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405009 - ET DROP Known Bot C&C Traffic (group 10) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405010 - ET DROP Known Bot C&C Traffic (group 11) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405011 - ET DROP Known Bot C&C Traffic (group 12) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405012 - ET DROP Known Bot C&C Traffic (group 13) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405013 - ET DROP Known Bot C&C Traffic (group 14) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405014 - ET DROP Known Bot C&C Traffic (group 15) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405015 - ET DROP Known Bot C&C Traffic (group 16) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405016 - ET DROP Known Bot C&C Traffic (group 17) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405017 - ET DROP Known Bot C&C Traffic (group 18) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)


[---]         Disabled rules:        [---]

 2007634 - ET TROJAN Storm Worm Encrypted Traffic Outbound - Likely Search by 
md5 (bleeding-virus.rules)
 2007635 - ET TROJAN Storm Worm Encrypted Traffic Inbound - Likely Connect Ack 
(bleeding-virus.rules)
 2007637 - ET TROJAN Storm Worm Encrypted Traffic Outbound - Likely Connect Ack 
(bleeding-virus.rules)


[---]         Removed rules:         [---]

  207873 - ET WEB WinIPDS Directory Traversal Vulnerabilities POST 
(bleeding-web.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-drop-BLOCK.rules (2):
        #  VERSION 1073
        #  Generated 2008-02-29 01:03:00 EDT

     -> Added to bleeding-drop.rules (2):
        #  VERSION 1073
        #  Generated 2008-02-29 01:03:00 EDT

     -> Added to bleeding-malware.rules (2):
        #fake antispyware package, sig by matt jonkman
        #check.mycomclean.com, by matt jonkman

     -> Added to bleeding-sid-msg.map (25):
        2007873 || ET WEB WinIPDS Directory Traversal Vulnerabilities POST || 
bugtraq,27757 || url,aluigi.altervista.org/adv/winipds-adv.txt
        2007880 || ET TROJAN Suspicious User-Agent - Possible Trojan Downloader 
(-)
        2007881 || ET MALWARE Mycomclean.com Spyware User Agent (HTTP_GET_COMM)
        2007882 || ET MALWARE Mycomclean.com Spyware User Agent (SHINI)
        2007883 || ET MALWARE Virusheat.com Fake Anti-Spyware User Agent 
(VirusHeat 4.3)
        2007884 || ET MALWARE Suspicious User Agent (Example)
        2007885 || ET MALWARE Suspicious User Agent (downloader)
        2007886 || ET MALWARE Anti-virus-pro.com Fake AV Checkin
        2007887 || ET CURRENT_EVENTS Possible Comodo AntiVirus 2.0 ExecuteStr() 
Remote Command Execution Vulnerability || url,www.milw0rm.com/exploits/4974 || 
bugtraq,27424 || cve,CVE-2008-0470
        2007888 || ET CURRENT_EVENTS Rising Online Scanner Insecure Method 
Vulnerability || url,www.milw0rm.com/exploits/5188 || bugtraq,27997
        2007889 || ET WEB Cacti SQL Injection Vulnerability -- graph_view 
graph_list UNION SELECT || bugtraq,27749 || cve,CVE-2008-0785
        2007890 || ET WEB Cacti SQL Injection Vulnerability -- graph_view 
graph_list INSERT || bugtraq,27749 || cve,CVE-2008-0785
        2007891 || ET WEB Cacti SQL Injection Vulnerability -- graph_view 
graph_list DELETE || bugtraq,27749 || cve,CVE-2008-0785
        2007892 || ET WEB Cacti SQL Injection Vulnerability -- graph_view 
graph_list UPDATE || bugtraq,27749 || cve,CVE-2008-0785
        2007893 || ET WEB Cacti SQL Injection Vulnerability -- tree.php leaf_id 
SELECT || bugtraq,27749 || cve,CVE-2008-0785
        2007894 || ET WEB Cacti SQL Injection Vulnerability -- tree.php leaf_id 
UNION SELECT || bugtraq,27749 || cve,CVE-2008-0785
        2007895 || ET WEB Cacti SQL Injection Vulnerability -- tree.php leaf_id 
INSERT || bugtraq,27749 || cve,CVE-2008-0785
        2007896 || ET WEB Cacti SQL Injection Vulnerability -- tree.php leaf_id 
DELETE || bugtraq,27749 || cve,CVE-2008-0785
        2007897 || ET WEB Cacti SQL Injection Vulnerability -- tree.php leaf_id 
UPDATE || bugtraq,27749 || cve,CVE-2008-0785
        2007898 || ET TROJAN Sohanad Checkin via HTTP
        2007899 || ET MALWARE Suspicious User Agent (HTTP_CONNECT)
        2007900 || ET MALWARE Kpang.com Spyware User Agent (auctionplusup)
        2007901 || ET TROJAN Banker.OPX HTTP Checkin
        2404018 || ET DROP Known Bot C&C Server Traffic (group 19)  || 
url,www.shadowserver.org
        2405018 || ET DROP Known Bot C&C Traffic (group 19) - BLOCKING SOURCE 
|| url,www.shadowserver.org

     -> Added to bleeding-sid-msg.map.txt (25):
        2007873 || ET WEB WinIPDS Directory Traversal Vulnerabilities POST || 
bugtraq,27757 || url,aluigi.altervista.org/adv/winipds-adv.txt
        2007880 || ET TROJAN Suspicious User-Agent - Possible Trojan Downloader 
(-)
        2007881 || ET MALWARE Mycomclean.com Spyware User Agent (HTTP_GET_COMM)
        2007882 || ET MALWARE Mycomclean.com Spyware User Agent (SHINI)
        2007883 || ET MALWARE Virusheat.com Fake Anti-Spyware User Agent 
(VirusHeat 4.3)
        2007884 || ET MALWARE Suspicious User Agent (Example)
        2007885 || ET MALWARE Suspicious User Agent (downloader)
        2007886 || ET MALWARE Anti-virus-pro.com Fake AV Checkin
        2007887 || ET CURRENT_EVENTS Possible Comodo AntiVirus 2.0 ExecuteStr() 
Remote Command Execution Vulnerability || url,www.milw0rm.com/exploits/4974 || 
bugtraq,27424 || cve,CVE-2008-0470
        2007888 || ET CURRENT_EVENTS Rising Online Scanner Insecure Method 
Vulnerability || url,www.milw0rm.com/exploits/5188 || bugtraq,27997
        2007889 || ET WEB Cacti SQL Injection Vulnerability -- graph_view 
graph_list UNION SELECT || bugtraq,27749 || cve,CVE-2008-0785
        2007890 || ET WEB Cacti SQL Injection Vulnerability -- graph_view 
graph_list INSERT || bugtraq,27749 || cve,CVE-2008-0785
        2007891 || ET WEB Cacti SQL Injection Vulnerability -- graph_view 
graph_list DELETE || bugtraq,27749 || cve,CVE-2008-0785
        2007892 || ET WEB Cacti SQL Injection Vulnerability -- graph_view 
graph_list UPDATE || bugtraq,27749 || cve,CVE-2008-0785
        2007893 || ET WEB Cacti SQL Injection Vulnerability -- tree.php leaf_id 
SELECT || bugtraq,27749 || cve,CVE-2008-0785
        2007894 || ET WEB Cacti SQL Injection Vulnerability -- tree.php leaf_id 
UNION SELECT || bugtraq,27749 || cve,CVE-2008-0785
        2007895 || ET WEB Cacti SQL Injection Vulnerability -- tree.php leaf_id 
INSERT || bugtraq,27749 || cve,CVE-2008-0785
        2007896 || ET WEB Cacti SQL Injection Vulnerability -- tree.php leaf_id 
DELETE || bugtraq,27749 || cve,CVE-2008-0785
        2007897 || ET WEB Cacti SQL Injection Vulnerability -- tree.php leaf_id 
UPDATE || bugtraq,27749 || cve,CVE-2008-0785
        2007898 || ET TROJAN Sohanad Checkin via HTTP
        2007899 || ET MALWARE Suspicious User Agent (HTTP_CONNECT)
        2007900 || ET MALWARE Kpang.com Spyware User Agent (auctionplusup)
        2007901 || ET TROJAN Banker.OPX HTTP Checkin
        2404018 || ET DROP Known Bot C&C Server Traffic (group 19)  || 
url,www.shadowserver.org
        2405018 || ET DROP Known Bot C&C Traffic (group 19) - BLOCKING SOURCE 
|| url,www.shadowserver.org

     -> Added to bleeding-virus.rules (2):
        #Banker.OPX, by Matt Jonkman
        #disabling by default. 2007701 and 2007702 are more reliable. These 
tend to hit on skype and game traffic

     -> Added to bleeding-web.rules (1):
        #by Akash Mahajan of stillsecure

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-drop-BLOCK.rules (2):
        #  VERSION 1066
        #  Generated 2008-02-22 01:03:00 EDT

     -> Removed from bleeding-drop.rules (2):
        #  VERSION 1066
        #  Generated 2008-02-22 01:03:00 EDT

     -> Removed from bleeding-sid-msg.map (1):
        207873 || ET WEB WinIPDS Directory Traversal Vulnerabilities POST || 
bugtraq,27757 || url,aluigi.altervista.org/adv/winipds-adv.txt

     -> Removed from bleeding-sid-msg.map.txt (1):
        207873 || ET WEB WinIPDS Directory Traversal Vulnerabilities POST || 
bugtraq,27757 || url,aluigi.altervista.org/adv/winipds-adv.txt


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-sigs] Emerging Threats Daily Signature Changes, emerging
Next by Date:  [Snort-sigs] Emerging Threats Daily Signature Changes, emerging
Previous by Thread:  [Snort-sigs] Emerging Threats Daily Signature Changes, emerging
Next by Thread:  [Snort-sigs] Emerging Threats Weekly Signature Changes, emerging
Indexes:  [Date] [Thread] [Top] [All Lists]