[***] Results from Oinkmaster started Mon Mar 10 17:00:11 2008 [***]
[+++] Added rules: [+++]
2002959 - ET TROJAN Tibs Checkin (bleeding-virus.rules)
2002960 - ET TROJAN Tibs Download (bleeding-virus.rules)
2002961 - ET TROJAN Tibs Checkin 2 (bleeding-virus.rules)
2002962 - ET TROJAN Tibs Code Download (bleeding-virus.rules)
2002963 - ET TROJAN Generic Spambot-Spyware Access (bleeding-virus.rules)
2002964 - ET TROJAN Generic Spyware Update Download (bleeding-virus.rules)
2002965 - ET TROJAN Generic Spambot Spam Download (bleeding-virus.rules)
2007960 - ET MALWARE Suspicious User Agent (AutoItScript/3.2.10.0)
(bleeding-malware.rules)
2007961 - ET MALWARE Fake Wget User Agent - Likely Hostile (wget 3.0)
(bleeding-malware.rules)
2007962 - ET TROJAN Vipdataend C&C Traffic - Checkin (bleeding-virus.rules)
2007963 - ET TROJAN Vipdataend C&C Traffic - Status OK (bleeding-virus.rules)
2007964 - ET TROJAN Vipdataend C&C Traffic - Server Status OK
(bleeding-virus.rules)
2007965 - ET TROJAN Goldun Reporting Install (bleeding-virus.rules)
2007966 - ET TROJAN Win32.Inject.zy Checkin Post (bleeding-virus.rules)
2007967 - ET TROJAN Universal1337 FTP Upload of Compromised Data
(bleeding-virus.rules)
2007968 - ET TROJAN Universal1337 Email Upload of Compromised Data
(bleeding-virus.rules)
2007970 - ET TROJAN Vipdataend C&C Traffic - Checkin (XY)
(bleeding-virus.rules)
2007971 - ET POLICY SSN Detected in Clear Text (SSN ) (bleeding-policy.rules)
2007972 - ET POLICY SSN Detected in Clear Text (SSN# ) (bleeding-policy.rules)
2007973 - ET TROJAN Perfect Keylogger FTP Initial Install Log Upload
(bleeding-virus.rules)
2007974 - ET TROJAN Perfect Keylogger FTP Log Upload (bleeding-virus.rules)
2007975 - ET TROJAN Common Downloader Trojan Checkin (bleeding-virus.rules)
[///] Modified active rules: [///]
2002029 - ET TROJAN BOT - channel topic scan/exploit command
(bleeding-virus.rules)
2002030 - ET TROJAN BOT - potential scan/exploit command (bleeding-virus.rules)
2002031 - ET TROJAN BOT - potential update/download (bleeding-virus.rules)
2002032 - ET TROJAN BOT - potential DDoS command (1) (bleeding-virus.rules)
2002033 - ET TROJAN BOT - potential response (bleeding-virus.rules)
2002363 - ET TROJAN BOT - potential reptile commands (bleeding-virus.rules)
2002384 - ET TROJAN BOT - potential misc bot commands (bleeding-virus.rules)
2002385 - ET TROJAN BOT - channel topic reptile commands (bleeding-virus.rules)
2002386 - ET TROJAN BOT - channel topic misc bot commands
(bleeding-virus.rules)
2002775 - ET TROJAN Goldun Reporting User Activity (bleeding-virus.rules)
2002780 - ET TROJAN Goldun Reporting User Activity 2 (bleeding-virus.rules)
2003132 - ET TROJAN BOT - potential DDoS command (2) (bleeding-virus.rules)
2003157 - ET TROJAN Agobot-SDBot Commands (bleeding-virus.rules)
2003208 - ET TROJAN pBot (PHP bot) Commands (bleeding-virus.rules)
2006910 - ET TROJAN perlb0t/w0rmb0t Response (Case 1) (bleeding-virus.rules)
2006911 - ET TROJAN perlb0t/w0rmb0t Response (Case 2) (bleeding-virus.rules)
2006912 - ET TROJAN perlb0t/w0rmb0t Response (Case 3) (bleeding-virus.rules)
2007828 - ET TROJAN LDPinch Checkin (2) (bleeding-virus.rules)
2007862 - ET TROJAN LDPinch Checkin (3) (bleeding-virus.rules)
2007949 - ET TROJAN Medbod UDP Phone Home Packet - Please report hits to
emerging@emergingthreats.net for analysis (bleeding-virus.rules)
[///] Modified inactive rules: [///]
2001328 - ET POLICY SSN Detected in Clear Text (dashed) (bleeding-policy.rules)
2001384 - ET POLICY SSN Detected in Clear Text (spaced) (bleeding-policy.rules)
[---] Removed rules: [---]
2002959 - ET MALWARE Blueskyltd.biz Spyware Checkin (bleeding-malware.rules)
2002960 - ET MALWARE Blueskyltd.biz Spyware Download (bleeding-malware.rules)
2002961 - ET MALWARE Blueskyltd.biz Spyware Checkin 2 (bleeding-malware.rules)
2002962 - ET MALWARE nov.ru Spyware Code Download (bleeding-malware.rules)
2002963 - ET MALWARE Generic Spambot-Spyware Access (bleeding-malware.rules)
2002964 - ET MALWARE Generic Spyware Update Download (bleeding-malware.rules)
2002965 - ET MALWARE Generic Spambot Spam Download (bleeding-malware.rules)
2003107 - ET TROJAN Possible Goldun Dropsite 1 (bleeding-virus.rules)
2003108 - ET TROJAN Possible Goldun Dropsite 2 (bleeding-virus.rules)
2007879 - ET EXPLOIT Cyan Soft Products Format String Vulnerability
(bleeding-exploit.rules)
[+++] Added non-rule lines: [+++]
-> Added to bleeding-sid-msg.map (24):
2001328 || ET POLICY SSN Detected in Clear Text (dashed)
2001384 || ET POLICY SSN Detected in Clear Text (spaced)
2002959 || ET TROJAN Tibs Checkin
2002960 || ET TROJAN Tibs Download
2002961 || ET TROJAN Tibs Checkin 2
2002962 || ET TROJAN Tibs Code Download
2002963 || ET TROJAN Generic Spambot-Spyware Access
2002964 || ET TROJAN Generic Spyware Update Download
2002965 || ET TROJAN Generic Spambot Spam Download
2007960 || ET MALWARE Suspicious User Agent (AutoItScript/3.2.10.0)
2007961 || ET MALWARE Fake Wget User Agent - Likely Hostile (wget 3.0)
2007962 || ET TROJAN Vipdataend C&C Traffic - Checkin
2007963 || ET TROJAN Vipdataend C&C Traffic - Status OK
2007964 || ET TROJAN Vipdataend C&C Traffic - Server Status OK
2007965 || ET TROJAN Goldun Reporting Install
2007966 || ET TROJAN Win32.Inject.zy Checkin Post
2007967 || ET TROJAN Universal1337 FTP Upload of Compromised Data ||
url,www.megasecurity.org/trojans/u/universal1337/Universal1337v2.html ||
url,doc.emergingthreats.net/bin/view/Main/TrojanUniversal1337
2007968 || ET TROJAN Universal1337 Email Upload of Compromised Data ||
url,www.megasecurity.org/trojans/u/universal1337/Universal1337v2.html ||
url,doc.emergingthreats.net/bin/view/Main/TrojanUniversal1337
2007970 || ET TROJAN Vipdataend C&C Traffic - Checkin (XY)
2007971 || ET POLICY SSN Detected in Clear Text (SSN )
2007972 || ET POLICY SSN Detected in Clear Text (SSN# )
2007973 || ET TROJAN Perfect Keylogger FTP Initial Install Log Upload
2007974 || ET TROJAN Perfect Keylogger FTP Log Upload
2007975 || ET TROJAN Common Downloader Trojan Checkin
-> Added to bleeding-sid-msg.map.txt (24):
2001328 || ET POLICY SSN Detected in Clear Text (dashed)
2001384 || ET POLICY SSN Detected in Clear Text (spaced)
2002959 || ET TROJAN Tibs Checkin
2002960 || ET TROJAN Tibs Download
2002961 || ET TROJAN Tibs Checkin 2
2002962 || ET TROJAN Tibs Code Download
2002963 || ET TROJAN Generic Spambot-Spyware Access
2002964 || ET TROJAN Generic Spyware Update Download
2002965 || ET TROJAN Generic Spambot Spam Download
2007960 || ET MALWARE Suspicious User Agent (AutoItScript/3.2.10.0)
2007961 || ET MALWARE Fake Wget User Agent - Likely Hostile (wget 3.0)
2007962 || ET TROJAN Vipdataend C&C Traffic - Checkin
2007963 || ET TROJAN Vipdataend C&C Traffic - Status OK
2007964 || ET TROJAN Vipdataend C&C Traffic - Server Status OK
2007965 || ET TROJAN Goldun Reporting Install
2007966 || ET TROJAN Win32.Inject.zy Checkin Post
2007967 || ET TROJAN Universal1337 FTP Upload of Compromised Data ||
url,www.megasecurity.org/trojans/u/universal1337/Universal1337v2.html ||
url,doc.emergingthreats.net/bin/view/Main/TrojanUniversal1337
2007968 || ET TROJAN Universal1337 Email Upload of Compromised Data ||
url,www.megasecurity.org/trojans/u/universal1337/Universal1337v2.html ||
url,doc.emergingthreats.net/bin/view/Main/TrojanUniversal1337
2007970 || ET TROJAN Vipdataend C&C Traffic - Checkin (XY)
2007971 || ET POLICY SSN Detected in Clear Text (SSN )
2007972 || ET POLICY SSN Detected in Clear Text (SSN# )
2007973 || ET TROJAN Perfect Keylogger FTP Initial Install Log Upload
2007974 || ET TROJAN Perfect Keylogger FTP Log Upload
2007975 || ET TROJAN Common Downloader Trojan Checkin
-> Added to bleeding-virus.rules (1):
#by Matt Jonkman, significant update from Don Jackson of Secureworks
[---] Removed non-rule lines: [---]
-> Removed from bleeding-sid-msg.map (12):
2001328 || ET POLICY SSN Detected in Clear Text
2001384 || ET POLICY SSN Detected in Clear Text
2002959 || ET MALWARE Blueskyltd.biz Spyware Checkin
2002960 || ET MALWARE Blueskyltd.biz Spyware Download
2002961 || ET MALWARE Blueskyltd.biz Spyware Checkin 2
2002962 || ET MALWARE nov.ru Spyware Code Download
2002963 || ET MALWARE Generic Spambot-Spyware Access
2002964 || ET MALWARE Generic Spyware Update Download
2002965 || ET MALWARE Generic Spambot Spam Download
2003107 || ET TROJAN Possible Goldun Dropsite 1
2003108 || ET TROJAN Possible Goldun Dropsite 2
2007879 || ET EXPLOIT Cyan Soft Products Format String Vulnerability ||
url,aluigi.altervista.org/adv/cyanuro-adv.txt || bugtraq,27728 ||
cve,CVE-2008-0755
-> Removed from bleeding-sid-msg.map.txt (12):
2001328 || ET POLICY SSN Detected in Clear Text
2001384 || ET POLICY SSN Detected in Clear Text
2002959 || ET MALWARE Blueskyltd.biz Spyware Checkin
2002960 || ET MALWARE Blueskyltd.biz Spyware Download
2002961 || ET MALWARE Blueskyltd.biz Spyware Checkin 2
2002962 || ET MALWARE nov.ru Spyware Code Download
2002963 || ET MALWARE Generic Spambot-Spyware Access
2002964 || ET MALWARE Generic Spyware Update Download
2002965 || ET MALWARE Generic Spambot Spam Download
2003107 || ET TROJAN Possible Goldun Dropsite 1
2003108 || ET TROJAN Possible Goldun Dropsite 2
2007879 || ET EXPLOIT Cyan Soft Products Format String Vulnerability ||
url,aluigi.altervista.org/adv/cyanuro-adv.txt || bugtraq,27728 ||
cve,CVE-2008-0755
-> Removed from bleeding-virus.rules (1):
# Submitted 2006-09-22 by Frank Knobbe
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
