Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] Emerging Threats Daily Signature Changes

from [emerging] Network Security [Permanent Link]
Subject: [Snort-sigs] Emerging Threats Daily Signature Changes
Date: Sun, 9 Mar 2008 17:00:07 -0400 (EDT) 

[***] Results from Oinkmaster started Sun Mar  9 17:00:07 2008 [***]

[+++]          Added rules:          [+++]

 2007611 - ET MALWARE Possible Infection Report Mail - Indy Mail lib and No 
Message Body - Priority 1 (bleeding-virus.rules)
 2007612 - ET MALWARE Possible Infection Report Mail - Indy Mail lib and No 
Message Body - Priority 3 (bleeding-virus.rules)
 2007613 - ET MALWARE Possible Infection Report Mail - Indy Mail lib and MAC 
Message Body - Priority 1 (bleeding-virus.rules)
 2007614 - ET MALWARE Possible Infection Report Mail - Indy Mail lib and MAC 
Message Body - Priority 3 (bleeding-virus.rules)
 2007949 - ET TROJAN Medbod UDP Phone Home Packet - Please report hits to 
emerging@emergingthreats.net for analysis (bleeding-virus.rules)
 2007950 - ET MALWARE Possible Infection Report Mail - Indy Mail lib and Nome 
do Computador in Body (bleeding-virus.rules)
 2007951 - ET MALWARE Hex Encoded IP HTTP Request - Likely Malware 
(bleeding-malware.rules)
 2007952 - ET TROJAN Downloader.49651 Checkin (bleeding-virus.rules)
 2007953 - ET TROJAN Downloader.49651 Install Report (bleeding-virus.rules)
 2007954 - ET TROJAN Downloader.49651 Online Report (bleeding-virus.rules)
 2007955 - ET TROJAN Cygo Checkin (bleeding-virus.rules)
 2007956 - ET MALWARE Snoopstick.net Related Spyware User-Agent (SnoopStick 
Updater) (bleeding-malware.rules)
 2007957 - ET TROJAN Banker.ike UDP C&C (bleeding-virus.rules)
 2007958 - ET MALWARE Msconfig.co.kr Related User Agent (BACKMAN) 
(bleeding-malware.rules)
 2007959 - ET MALWARE Msconfig.co.kr Related User Agent (GLOBALx) 
(bleeding-malware.rules)


[///]     Modified active rules:     [///]

 2000035 - ET POLICY Hotmail Inbox Access (bleeding-policy.rules)
 2000036 - ET POLICY Hotmail Message Access (bleeding-policy.rules)
 2000037 - ET POLICY Hotmail Compose Message Access (bleeding-policy.rules)
 2000038 - ET POLICY Hotmail Compose Message Submit (bleeding-policy.rules)
 2000039 - ET POLICY Hotmail Compose Message Submit Data (bleeding-policy.rules)
 2001197 - ET WEB_SPECIFIC PHPNuke SQL injection attempt 
(bleeding-web_sql_injection.rules)
 2001202 - ET WEB_SPECIFIC PHPNuke general SQL injection attempt 
(bleeding-web_sql_injection.rules)
 2001218 - ET WEB_SPECIFIC PHPNuke general XSS attempt 
(bleeding-web_sql_injection.rules)
 2001342 - ET WEB IIS ASP.net Auth Bypass / Canonicalization 
(bleeding-web.rules)
 2001343 - ET WEB IIS ASP.net Auth Bypass / Canonicalization % 5 C 
(bleeding-web.rules)
 2001344 - ET WEB PHP EasyDynamicPages exploit (bleeding-web.rules)
 2002160 - ET MALWARE CoolWebSearch Spyware (Feat) (bleeding-malware.rules)
 2002164 - ET MALWARE Hotbar Spyware User-Agent (bleeding-malware.rules)
 2002166 - ET MALWARE Alexa Search Toolbar User-Agent (Alexa Toolbar) 
(bleeding-malware.rules)
 2002167 - ET MALWARE Possible Malware - Wise User Agent (Wise) 
(bleeding-malware.rules)
 2002169 - ET MALWARE iWon Spyware (iWonSearchAssistant) 
(bleeding-malware.rules)
 2002394 - ET MALWARE Adwave/MarketScore User Agent (WTA) 
(bleeding-malware.rules)
 2002395 - ET MALWARE Miva User Agent (TPSystem) (bleeding-malware.rules)
 2002396 - ET MALWARE Miva Spyware User Agent (Travel Update) 
(bleeding-malware.rules)
 2002397 - ET MALWARE Precision Targeting User Agent (XC) 
(bleeding-malware.rules)
 2002398 - ET MALWARE DelFin Project User Agent (Dpi) (bleeding-malware.rules)
 2002399 - ET MALWARE DelFin Project User Agent (PromulGate) 
(bleeding-malware.rules)
 2002401 - ET MALWARE Web Search User Agent (ST3PS) (bleeding-malware.rules)
 2002402 - ET MALWARE Suspicious Spyware Related User Agent (UtilMind HTTPGet) 
(bleeding-malware.rules)
 2002403 - ET MALWARE Context Plus User Agent (PTS) (bleeding-malware.rules)
 2002404 - ET MALWARE Movies etc User Agent (IOInstall) (bleeding-malware.rules)
 2002405 - ET MALWARE Internet Optimizer User Agent (ROGUE) 
(bleeding-malware.rules)
 2002731 - ET WEB PHP Generic phpbb arbitrary command attempt 
(bleeding-web_sql_injection.rules)
 2002996 - ET WEB PHP GeekLog Remote File Include Vulnerability 
(bleeding-web_sql_injection.rules)
 2003474 - ET VOIP Asterisk Register with no URI or Version DOS Attempt 
(bleeding-voip.rules)
 2007712 - ET TROJAN Srizbi requesting template (bleeding-virus.rules)
 2007729 - ET CURRENT EVENTS Likely Zlob Binary Requested 
(VideoAccessCodecInstall.exe) (bleeding.rules)
 2007742 - ET TROJAN Storm C&C with typo'd User-Agent (Windoss) 
(bleeding-virus.rules)
 2007781 - ET TROJAN Zapchast Bot User-Agent (bleeding-virus.rules)
 2007906 - ET GAMES Ourgame GLWorld 2.x hgs_startNotify()/hgs_startGame() 
ActiveX BoF (bleeding-game.rules)
 2007924 - ET TROJAN Suspicious User-Agent - Possible Trojan Downloader 
(downloaded) (bleeding-virus.rules)
 2007925 - ET TROJAN Suspicious User-Agent - Possible Trojan Downloader 
(wnames) (bleeding-virus.rules)
 2007926 - ET TROJAN Suspicious User-Agent - Possible Trojan Downloader 
(cv_v5.0.0) (bleeding-virus.rules)


[///]    Modified inactive rules:    [///]

 2001328 - ET POLICY SSN Detected in Clear Text (bleeding-policy.rules)
 2001375 - ET POLICY Credit Card Number Detected in Clear (16 digit spaced) 
(bleeding-policy.rules)
 2001376 - ET POLICY Credit Card Number Detected in Clear (16 digit dashed) 
(bleeding-policy.rules)
 2001377 - ET POLICY Credit Card Number Detected in Clear (16 digit) 
(bleeding-policy.rules)
 2001378 - ET POLICY Credit Card Number Detected in Clear (15 digit) 
(bleeding-policy.rules)
 2001379 - ET POLICY Credit Card Number Detected in Clear (15 digit spaced) 
(bleeding-policy.rules)
 2001380 - ET POLICY Credit Card Number Detected in Clear (15 digit dashed) 
(bleeding-policy.rules)
 2001381 - ET POLICY Credit Card Number Detected in Clear (14 digit) 
(bleeding-policy.rules)
 2001382 - ET POLICY Credit Card Number Detected in Clear (14 digit spaced) 
(bleeding-policy.rules)
 2001383 - ET POLICY Credit Card Number Detected in Clear (14 digit dashed) 
(bleeding-policy.rules)
 2001384 - ET POLICY SSN Detected in Clear Text (bleeding-policy.rules)


[---]         Removed rules:         [---]

 2002161 - ET MALWARE CoolWebSearch Spyware (feat2) (bleeding-malware.rules)
 2002163 - ET MALWARE Ezula Update Engine (bleeding-malware.rules)
 2002165 - ET MALWARE IESearch Spyware (bleeding-malware.rules)
 2002168 - ET MALWARE Svcmm Parasite (bleeding-malware.rules)
 2007611 - ET POLICY Possible Infection Report Mail - Indy Mail lib and No 
Message Body - Priority 1 (bleeding-policy.rules)
 2007612 - ET POLICY Possible Infection Report Mail - Indy Mail lib and No 
Message Body - Priority 3 (bleeding-policy.rules)
 2007613 - ET POLICY Possible Infection Report Mail - Indy Mail lib and MAC 
Message Body - Priority 1 (bleeding-policy.rules)
 2007614 - ET POLICY Possible Infection Report Mail - Indy Mail lib and MAC 
Message Body - Priority 3 (bleeding-policy.rules)
 2007941 - ET MALWARE Invalid HTTP GET Request - Often Malware Related 
(bleeding-malware.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-malware.rules (1):
        #many malware packages use hex to obscure an IP

     -> Added to bleeding-sid-msg.map (53):
        2000035 || ET POLICY Hotmail Inbox Access
        2000036 || ET POLICY Hotmail Message Access
        2000037 || ET POLICY Hotmail Compose Message Access
        2000038 || ET POLICY Hotmail Compose Message Submit
        2000039 || ET POLICY Hotmail Compose Message Submit Data
        2001197 || ET WEB_SPECIFIC PHPNuke SQL injection attempt || 
url,www.waraxe.us/index.php?modname=sa&id=35
        2001202 || ET WEB_SPECIFIC PHPNuke general SQL injection attempt || 
url,www.waraxe.us/?modname=sa&id=036 || url,www.waraxe.us/?modname=sa&id=030
        2001218 || ET WEB_SPECIFIC PHPNuke general XSS attempt || 
url,www.waraxe.us/?modname=sa&id=030
        2001342 || ET WEB IIS ASP.net Auth Bypass / Canonicalization
        2001343 || ET WEB IIS ASP.net Auth Bypass / Canonicalization % 5 C
        2001344 || ET WEB PHP EasyDynamicPages exploit || cve,CAN-2004-0073 || 
url,www.securitytracker.com/alerts/2004/Jan/1008584.html
        2001375 || ET POLICY Credit Card Number Detected in Clear (16 digit 
spaced) || url,www.beachnet.com/~hstiles/cardtype.html
        2001376 || ET POLICY Credit Card Number Detected in Clear (16 digit 
dashed) || url,www.beachnet.com/~hstiles/cardtype.html
        2001377 || ET POLICY Credit Card Number Detected in Clear (16 digit) || 
url,www.beachnet.com/~hstiles/cardtype.html
        2001378 || ET POLICY Credit Card Number Detected in Clear (15 digit) || 
url,www.beachnet.com/~hstiles/cardtype.html
        2001379 || ET POLICY Credit Card Number Detected in Clear (15 digit 
spaced) || url,www.beachnet.com/~hstiles/cardtype.html
        2001380 || ET POLICY Credit Card Number Detected in Clear (15 digit 
dashed) || url,www.beachnet.com/~hstiles/cardtype.html
        2001381 || ET POLICY Credit Card Number Detected in Clear (14 digit) || 
url,www.beachnet.com/~hstiles/cardtype.html
        2001382 || ET POLICY Credit Card Number Detected in Clear (14 digit 
spaced) || url,www.beachnet.com/~hstiles/cardtype.html
        2001383 || ET POLICY Credit Card Number Detected in Clear (14 digit 
dashed) || url,www.beachnet.com/~hstiles/cardtype.html
        2002164 || ET MALWARE Hotbar Spyware User-Agent || 
url,www.pchell.com/support/hotbar.shtml || 
url,www.doxdesk.com/parasite/Hotbar.html
        2002166 || ET MALWARE Alexa Search Toolbar User-Agent (Alexa Toolbar) 
|| url,www.spywareguide.com/product_show.php?id=418
        2002167 || ET MALWARE Possible Malware - Wise User Agent (Wise) || 
url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453076771
        2002169 || ET MALWARE iWon Spyware (iWonSearchAssistant) || 
url,www.spywareguide.com/product_show.php?id=461
        2002394 || ET MALWARE Adwave/MarketScore User Agent (WTA) || 
url,www.marketscore.com || url,www.adwave.com/our_mission.aspx
        2002395 || ET MALWARE Miva User Agent (TPSystem) || 
url,www.findwhat.com || url,www.miva.com
        2002396 || ET MALWARE Miva Spyware User Agent (Travel Update) || 
url,www.miva.com
        2002397 || ET MALWARE Precision Targeting User Agent (XC) || 
url,www.precisiontargeting.com
        2002398 || ET MALWARE DelFin Project User Agent (Dpi) || 
url,www.delfinproject.com
        2002399 || ET MALWARE DelFin Project User Agent (PromulGate) || 
url,www.delfinproject.com
        2002401 || ET MALWARE Web Search User Agent (ST3PS) || 
url,www.websearch.com
        2002402 || ET MALWARE Suspicious Spyware Related User Agent (UtilMind 
HTTPGet) || url,www.websearch.com
        2002403 || ET MALWARE Context Plus User Agent (PTS) || 
url,www.contextplus.net
        2002404 || ET MALWARE Movies etc User Agent (IOInstall) || 
url,www.movies-etc.com
        2002405 || ET MALWARE Internet Optimizer User Agent (ROGUE) || 
url,www.internet-optimizer.com
        2002731 || ET WEB PHP Generic phpbb arbitrary command attempt || 
url,cve.mitre.org/cgi-bin/cvekey.cgi?keyword=phpbb_root_path
        2002996 || ET WEB PHP GeekLog Remote File Include Vulnerability || 
url,securitydot.net/xpl/exploits/vulnerabilities/articles/1122/exploit.html
        2007611 || ET MALWARE Possible Infection Report Mail - Indy Mail lib 
and No Message Body - Priority 1
        2007612 || ET MALWARE Possible Infection Report Mail - Indy Mail lib 
and No Message Body - Priority 3
        2007613 || ET MALWARE Possible Infection Report Mail - Indy Mail lib 
and MAC Message Body - Priority 1
        2007614 || ET MALWARE Possible Infection Report Mail - Indy Mail lib 
and MAC Message Body - Priority 3
        2007906 || ET GAMES Ourgame GLWorld 2.x 
hgs_startNotify()/hgs_startGame() ActiveX BoF || 
url,www.symantec.com/enterprise/security_response/weblog/2008/02/zeroday_exploit_for_lianzong_g.html
 || cve,CVE-2008-0647 || bugtraq,27626 || url,www.milw0rm.com/exploits/5153
        2007949 || ET TROJAN Medbod UDP Phone Home Packet - Please report hits 
to emerging@emergingthreats.net for analysis
        2007950 || ET MALWARE Possible Infection Report Mail - Indy Mail lib 
and Nome do Computador in Body
        2007951 || ET MALWARE Hex Encoded IP HTTP Request - Likely Malware
        2007952 || ET TROJAN Downloader.49651 Checkin
        2007953 || ET TROJAN Downloader.49651 Install Report
        2007954 || ET TROJAN Downloader.49651 Online Report
        2007955 || ET TROJAN Cygo Checkin
        2007956 || ET MALWARE Snoopstick.net Related Spyware User-Agent 
(SnoopStick Updater)
        2007957 || ET TROJAN Banker.ike UDP C&C
        2007958 || ET MALWARE Msconfig.co.kr Related User Agent (BACKMAN)
        2007959 || ET MALWARE Msconfig.co.kr Related User Agent (GLOBALx)

     -> Added to bleeding-sid-msg.map.txt (53):
        2000035 || ET POLICY Hotmail Inbox Access
        2000036 || ET POLICY Hotmail Message Access
        2000037 || ET POLICY Hotmail Compose Message Access
        2000038 || ET POLICY Hotmail Compose Message Submit
        2000039 || ET POLICY Hotmail Compose Message Submit Data
        2001197 || ET WEB_SPECIFIC PHPNuke SQL injection attempt || 
url,www.waraxe.us/index.php?modname=sa&id=35
        2001202 || ET WEB_SPECIFIC PHPNuke general SQL injection attempt || 
url,www.waraxe.us/?modname=sa&id=036 || url,www.waraxe.us/?modname=sa&id=030
        2001218 || ET WEB_SPECIFIC PHPNuke general XSS attempt || 
url,www.waraxe.us/?modname=sa&id=030
        2001342 || ET WEB IIS ASP.net Auth Bypass / Canonicalization
        2001343 || ET WEB IIS ASP.net Auth Bypass / Canonicalization % 5 C
        2001344 || ET WEB PHP EasyDynamicPages exploit || cve,CAN-2004-0073 || 
url,www.securitytracker.com/alerts/2004/Jan/1008584.html
        2001375 || ET POLICY Credit Card Number Detected in Clear (16 digit 
spaced) || url,www.beachnet.com/~hstiles/cardtype.html
        2001376 || ET POLICY Credit Card Number Detected in Clear (16 digit 
dashed) || url,www.beachnet.com/~hstiles/cardtype.html
        2001377 || ET POLICY Credit Card Number Detected in Clear (16 digit) || 
url,www.beachnet.com/~hstiles/cardtype.html
        2001378 || ET POLICY Credit Card Number Detected in Clear (15 digit) || 
url,www.beachnet.com/~hstiles/cardtype.html
        2001379 || ET POLICY Credit Card Number Detected in Clear (15 digit 
spaced) || url,www.beachnet.com/~hstiles/cardtype.html
        2001380 || ET POLICY Credit Card Number Detected in Clear (15 digit 
dashed) || url,www.beachnet.com/~hstiles/cardtype.html
        2001381 || ET POLICY Credit Card Number Detected in Clear (14 digit) || 
url,www.beachnet.com/~hstiles/cardtype.html
        2001382 || ET POLICY Credit Card Number Detected in Clear (14 digit 
spaced) || url,www.beachnet.com/~hstiles/cardtype.html
        2001383 || ET POLICY Credit Card Number Detected in Clear (14 digit 
dashed) || url,www.beachnet.com/~hstiles/cardtype.html
        2002164 || ET MALWARE Hotbar Spyware User-Agent || 
url,www.pchell.com/support/hotbar.shtml || 
url,www.doxdesk.com/parasite/Hotbar.html
        2002166 || ET MALWARE Alexa Search Toolbar User-Agent (Alexa Toolbar) 
|| url,www.spywareguide.com/product_show.php?id=418
        2002167 || ET MALWARE Possible Malware - Wise User Agent (Wise) || 
url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453076771
        2002169 || ET MALWARE iWon Spyware (iWonSearchAssistant) || 
url,www.spywareguide.com/product_show.php?id=461
        2002394 || ET MALWARE Adwave/MarketScore User Agent (WTA) || 
url,www.marketscore.com || url,www.adwave.com/our_mission.aspx
        2002395 || ET MALWARE Miva User Agent (TPSystem) || 
url,www.findwhat.com || url,www.miva.com
        2002396 || ET MALWARE Miva Spyware User Agent (Travel Update) || 
url,www.miva.com
        2002397 || ET MALWARE Precision Targeting User Agent (XC) || 
url,www.precisiontargeting.com
        2002398 || ET MALWARE DelFin Project User Agent (Dpi) || 
url,www.delfinproject.com
        2002399 || ET MALWARE DelFin Project User Agent (PromulGate) || 
url,www.delfinproject.com
        2002401 || ET MALWARE Web Search User Agent (ST3PS) || 
url,www.websearch.com
        2002402 || ET MALWARE Suspicious Spyware Related User Agent (UtilMind 
HTTPGet) || url,www.websearch.com
        2002403 || ET MALWARE Context Plus User Agent (PTS) || 
url,www.contextplus.net
        2002404 || ET MALWARE Movies etc User Agent (IOInstall) || 
url,www.movies-etc.com
        2002405 || ET MALWARE Internet Optimizer User Agent (ROGUE) || 
url,www.internet-optimizer.com
        2002731 || ET WEB PHP Generic phpbb arbitrary command attempt || 
url,cve.mitre.org/cgi-bin/cvekey.cgi?keyword=phpbb_root_path
        2002996 || ET WEB PHP GeekLog Remote File Include Vulnerability || 
url,securitydot.net/xpl/exploits/vulnerabilities/articles/1122/exploit.html
        2007611 || ET MALWARE Possible Infection Report Mail - Indy Mail lib 
and No Message Body - Priority 1
        2007612 || ET MALWARE Possible Infection Report Mail - Indy Mail lib 
and No Message Body - Priority 3
        2007613 || ET MALWARE Possible Infection Report Mail - Indy Mail lib 
and MAC Message Body - Priority 1
        2007614 || ET MALWARE Possible Infection Report Mail - Indy Mail lib 
and MAC Message Body - Priority 3
        2007906 || ET GAMES Ourgame GLWorld 2.x 
hgs_startNotify()/hgs_startGame() ActiveX BoF || 
url,www.symantec.com/enterprise/security_response/weblog/2008/02/zeroday_exploit_for_lianzong_g.html
 || cve,CVE-2008-0647 || bugtraq,27626 || url,www.milw0rm.com/exploits/5153
        2007949 || ET TROJAN Medbod UDP Phone Home Packet - Please report hits 
to emerging@emergingthreats.net for analysis
        2007950 || ET MALWARE Possible Infection Report Mail - Indy Mail lib 
and Nome do Computador in Body
        2007951 || ET MALWARE Hex Encoded IP HTTP Request - Likely Malware
        2007952 || ET TROJAN Downloader.49651 Checkin
        2007953 || ET TROJAN Downloader.49651 Install Report
        2007954 || ET TROJAN Downloader.49651 Online Report
        2007955 || ET TROJAN Cygo Checkin
        2007956 || ET MALWARE Snoopstick.net Related Spyware User-Agent 
(SnoopStick Updater)
        2007957 || ET TROJAN Banker.ike UDP C&C
        2007958 || ET MALWARE Msconfig.co.kr Related User Agent (BACKMAN)
        2007959 || ET MALWARE Msconfig.co.kr Related User Agent (GLOBALx)

     -> Added to bleeding-virus.rules (3):
        # A large number of trojans report an infection by sending a blank 
email to a gmail or other free provider
        # They're pretty bland, other than they almost always use the Indy Mail 
lib. So the mail is slightly unique
        # This sig should catch them outbound

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-malware.rules (4):
        # Seeing several bits of malware that are creating their http get's
        #  incorrectly. They're adding an http://domain.com/url to the GET 
string,
        #  which should be just the uri. This will catch those
        #Extra content check for snort <2.4.3 doesn't support pure not rules

     -> Removed from bleeding-policy.rules (3):
        # A large number of trojans report an infection by sending a blank 
email to a gmail or other free provider
        # They're pretty bland, other than they almost always use the Indy Mail 
lib. So the mail is slightly unique
        # This sig should catch them outbound

     -> Removed from bleeding-sid-msg.map (47):
        2000035 || ET Hotmail Inbox Access
        2000036 || ET Hotmail Message Access
        2000037 || ET Hotmail Compose Message Access
        2000038 || ET Hotmail Compose Message Submit
        2000039 || ET Hotmail Compose Message Submit Data
        2001197 || ET PHPNuke SQL injection attempt || 
url,www.waraxe.us/index.php?modname=sa&id=35
        2001202 || ET PHPNuke general SQL injection attempt || 
url,www.waraxe.us/?modname=sa&id=036 || url,www.waraxe.us/?modname=sa&id=030
        2001218 || ET PHPNuke general XSS attempt || 
url,www.waraxe.us/?modname=sa&id=030
        2001342 || ET WEB-IIS ASP.net Auth Bypass / Canonicalization
        2001343 || ET WEB-IIS ASP.net Auth Bypass / Canonicalization % 5 C
        2001344 || ET WEB-PHP EasyDynamicPages exploit || cve,CAN-2004-0073 || 
url,www.securitytracker.com/alerts/2004/Jan/1008584.html
        2001375 || ET Credit Card Number Detected in Clear (16 digit spaced) || 
url,www.beachnet.com/~hstiles/cardtype.html
        2001376 || ET Credit Card Number Detected in Clear (16 digit dashed) || 
url,www.beachnet.com/~hstiles/cardtype.html
        2001377 || ET Credit Card Number Detected in Clear (16 digit) || 
url,www.beachnet.com/~hstiles/cardtype.html
        2001378 || ET Credit Card Number Detected in Clear (15 digit) || 
url,www.beachnet.com/~hstiles/cardtype.html
        2001379 || ET Credit Card Number Detected in Clear (15 digit spaced) || 
url,www.beachnet.com/~hstiles/cardtype.html
        2001380 || ET Credit Card Number Detected in Clear (15 digit dashed) || 
url,www.beachnet.com/~hstiles/cardtype.html
        2001381 || ET Credit Card Number Detected in Clear (14 digit) || 
url,www.beachnet.com/~hstiles/cardtype.html
        2001382 || ET Credit Card Number Detected in Clear (14 digit spaced) || 
url,www.beachnet.com/~hstiles/cardtype.html
        2001383 || ET Credit Card Number Detected in Clear (14 digit dashed) || 
url,www.beachnet.com/~hstiles/cardtype.html
        2002161 || ET MALWARE CoolWebSearch Spyware (feat2) || 
url,www.doxdesk.com/parasite/CoolWebSearch.html || 
url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453075759 || 
url,www.spywareguide.com/product_show.php?id=599
        2002163 || ET MALWARE Ezula Update Engine || 
url,www.spywareguide.com/product_show.php?id=9
        2002164 || ET MALWARE Hotbar Spyware || 
url,www.pchell.com/support/hotbar.shtml || 
url,www.doxdesk.com/parasite/Hotbar.html
        2002165 || ET MALWARE IESearch Spyware || 
url,www.spywareguide.com/product_show.php?id=982
        2002166 || ET MALWARE Alexa Search Toolbar || 
url,www.spywareguide.com/product_show.php?id=418
        2002167 || ET MALWARE Possible Spyware - Wise User Agent || 
url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453076771
        2002168 || ET MALWARE Svcmm Parasite || 
url,doxdesk.com/parasite/SvcMM.html || url,castlecops.com/startuplist-5862.html
        2002169 || ET MALWARE iWon Spyware || 
url,www.spywareguide.com/product_show.php?id=461
        2002394 || ET MALWARE Adwave/MarketScore User Agent || 
url,www.marketscore.com || url,www.adwave.com/our_mission.aspx
        2002395 || ET MALWARE Miva User Agent || url,www.findwhat.com || 
url,www.miva.com
        2002396 || ET MALWARE Miva User Agent 2 || url,www.miva.com
        2002397 || ET MALWARE Precision Targeting User Agent || 
url,www.precisiontargeting.com
        2002398 || ET MALWARE DelFin Project User Agent || 
url,www.delfinproject.com
        2002399 || ET MALWARE DelFin Project User Agent 2 || 
url,www.delfinproject.com
        2002401 || ET MALWARE Web Search User Agent 2 || url,www.websearch.com
        2002402 || ET MALWARE Web Search User Agent 3 || url,www.websearch.com
        2002403 || ET MALWARE Context Plus User Agent 2 || 
url,www.contextplus.net
        2002404 || ET MALWARE Movies etc User Agent || url,www.movies-etc.com
        2002405 || ET MALWARE Internet Optimizer User Agent 2 || 
url,www.internet-optimizer.com
        2002731 || ET WEB-PHP Generic phpbb arbitrary command attempt || 
url,cve.mitre.org/cgi-bin/cvekey.cgi?keyword=phpbb_root_path
        2002996 || ET WEB-PHP GeekLog Remote File Include Vulnerability || 
url,securitydot.net/xpl/exploits/vulnerabilities/articles/1122/exploit.html
        2007611 || ET POLICY Possible Infection Report Mail - Indy Mail lib and 
No Message Body - Priority 1
        2007612 || ET POLICY Possible Infection Report Mail - Indy Mail lib and 
No Message Body - Priority 3
        2007613 || ET POLICY Possible Infection Report Mail - Indy Mail lib and 
MAC Message Body - Priority 1
        2007614 || ET POLICY Possible Infection Report Mail - Indy Mail lib and 
MAC Message Body - Priority 3
        2007906 || ET GAME Ourgame GLWorld 2.x 
hgs_startNotify()/hgs_startGame() ActiveX BoF || 
url,www.symantec.com/enterprise/security_response/weblog/2008/02/zeroday_exploit_for_lianzong_g.html
 || cve,CVE-2008-0647 || bugtraq,27626 || url,www.milw0rm.com/exploits/5153
        2007941 || ET MALWARE Invalid HTTP GET Request - Often Malware Related 
|| url,doc.emergingthreats.net/2007941

     -> Removed from bleeding-sid-msg.map.txt (47):
        2000035 || ET Hotmail Inbox Access
        2000036 || ET Hotmail Message Access
        2000037 || ET Hotmail Compose Message Access
        2000038 || ET Hotmail Compose Message Submit
        2000039 || ET Hotmail Compose Message Submit Data
        2001197 || ET PHPNuke SQL injection attempt || 
url,www.waraxe.us/index.php?modname=sa&id=35
        2001202 || ET PHPNuke general SQL injection attempt || 
url,www.waraxe.us/?modname=sa&id=036 || url,www.waraxe.us/?modname=sa&id=030
        2001218 || ET PHPNuke general XSS attempt || 
url,www.waraxe.us/?modname=sa&id=030
        2001342 || ET WEB-IIS ASP.net Auth Bypass / Canonicalization
        2001343 || ET WEB-IIS ASP.net Auth Bypass / Canonicalization % 5 C
        2001344 || ET WEB-PHP EasyDynamicPages exploit || cve,CAN-2004-0073 || 
url,www.securitytracker.com/alerts/2004/Jan/1008584.html
        2001375 || ET Credit Card Number Detected in Clear (16 digit spaced) || 
url,www.beachnet.com/~hstiles/cardtype.html
        2001376 || ET Credit Card Number Detected in Clear (16 digit dashed) || 
url,www.beachnet.com/~hstiles/cardtype.html
        2001377 || ET Credit Card Number Detected in Clear (16 digit) || 
url,www.beachnet.com/~hstiles/cardtype.html
        2001378 || ET Credit Card Number Detected in Clear (15 digit) || 
url,www.beachnet.com/~hstiles/cardtype.html
        2001379 || ET Credit Card Number Detected in Clear (15 digit spaced) || 
url,www.beachnet.com/~hstiles/cardtype.html
        2001380 || ET Credit Card Number Detected in Clear (15 digit dashed) || 
url,www.beachnet.com/~hstiles/cardtype.html
        2001381 || ET Credit Card Number Detected in Clear (14 digit) || 
url,www.beachnet.com/~hstiles/cardtype.html
        2001382 || ET Credit Card Number Detected in Clear (14 digit spaced) || 
url,www.beachnet.com/~hstiles/cardtype.html
        2001383 || ET Credit Card Number Detected in Clear (14 digit dashed) || 
url,www.beachnet.com/~hstiles/cardtype.html
        2002161 || ET MALWARE CoolWebSearch Spyware (feat2) || 
url,www.doxdesk.com/parasite/CoolWebSearch.html || 
url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453075759 || 
url,www.spywareguide.com/product_show.php?id=599
        2002163 || ET MALWARE Ezula Update Engine || 
url,www.spywareguide.com/product_show.php?id=9
        2002164 || ET MALWARE Hotbar Spyware || 
url,www.pchell.com/support/hotbar.shtml || 
url,www.doxdesk.com/parasite/Hotbar.html
        2002165 || ET MALWARE IESearch Spyware || 
url,www.spywareguide.com/product_show.php?id=982
        2002166 || ET MALWARE Alexa Search Toolbar || 
url,www.spywareguide.com/product_show.php?id=418
        2002167 || ET MALWARE Possible Spyware - Wise User Agent || 
url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453076771
        2002168 || ET MALWARE Svcmm Parasite || 
url,doxdesk.com/parasite/SvcMM.html || url,castlecops.com/startuplist-5862.html
        2002169 || ET MALWARE iWon Spyware || 
url,www.spywareguide.com/product_show.php?id=461
        2002394 || ET MALWARE Adwave/MarketScore User Agent || 
url,www.marketscore.com || url,www.adwave.com/our_mission.aspx
        2002395 || ET MALWARE Miva User Agent || url,www.findwhat.com || 
url,www.miva.com
        2002396 || ET MALWARE Miva User Agent 2 || url,www.miva.com
        2002397 || ET MALWARE Precision Targeting User Agent || 
url,www.precisiontargeting.com
        2002398 || ET MALWARE DelFin Project User Agent || 
url,www.delfinproject.com
        2002399 || ET MALWARE DelFin Project User Agent 2 || 
url,www.delfinproject.com
        2002401 || ET MALWARE Web Search User Agent 2 || url,www.websearch.com
        2002402 || ET MALWARE Web Search User Agent 3 || url,www.websearch.com
        2002403 || ET MALWARE Context Plus User Agent 2 || 
url,www.contextplus.net
        2002404 || ET MALWARE Movies etc User Agent || url,www.movies-etc.com
        2002405 || ET MALWARE Internet Optimizer User Agent 2 || 
url,www.internet-optimizer.com
        2002731 || ET WEB-PHP Generic phpbb arbitrary command attempt || 
url,cve.mitre.org/cgi-bin/cvekey.cgi?keyword=phpbb_root_path
        2002996 || ET WEB-PHP GeekLog Remote File Include Vulnerability || 
url,securitydot.net/xpl/exploits/vulnerabilities/articles/1122/exploit.html
        2007611 || ET POLICY Possible Infection Report Mail - Indy Mail lib and 
No Message Body - Priority 1
        2007612 || ET POLICY Possible Infection Report Mail - Indy Mail lib and 
No Message Body - Priority 3
        2007613 || ET POLICY Possible Infection Report Mail - Indy Mail lib and 
MAC Message Body - Priority 1
        2007614 || ET POLICY Possible Infection Report Mail - Indy Mail lib and 
MAC Message Body - Priority 3
        2007906 || ET GAME Ourgame GLWorld 2.x 
hgs_startNotify()/hgs_startGame() ActiveX BoF || 
url,www.symantec.com/enterprise/security_response/weblog/2008/02/zeroday_exploit_for_lianzong_g.html
 || cve,CVE-2008-0647 || bugtraq,27626 || url,www.milw0rm.com/exploits/5153
        2007941 || ET MALWARE Invalid HTTP GET Request - Often Malware Related 
|| url,doc.emergingthreats.net/2007941


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-sigs] GTP attack monitoring, Victor Lee
Next by Date:  [Snort-sigs] Emerging Threats Daily Signature Changes, emerging
Previous by Thread:  [Snort-sigs] Emerging Threats Daily Signature Changes, emerging
Next by Thread:  [Snort-sigs] Emerging Threats Daily Signature Changes, emerging
Indexes:  [Date] [Thread] [Top] [All Lists]