[***] Results from Oinkmaster started Thu Mar 13 17:00:07 2008 [***]
[+++] Added rules: [+++]
2007988 - ET TROJAN Banker Trojan (General) HTTP Checkin (bleeding-virus.rules)
2007989 - ET TROJAN Vundo HTTP Pre-Install Checkin (bleeding-virus.rules)
2007990 - ET TROJAN Vundo HTTP Post-Install Checkin (bleeding-virus.rules)
2007991 - ET MALWARE Suspicious User Agent (Unknown) (bleeding-malware.rules)
2007992 - ET TROJAN Shark Pass Stealer Email Report (bleeding-virus.rules)
2007993 - ET MALWARE Suspicious User Agent (2 spaces) (bleeding-malware.rules)
2007994 - ET MALWARE Suspicious User Agent (1 space) (bleeding-malware.rules)
[///] Modified active rules: [///]
2007987 - ET TROJAN Dropper.Win32.VB.on Keylog/System Info Report via HTTP
(bleeding-virus.rules)
[+++] Added non-rule lines: [+++]
-> Added to bleeding-sid-msg.map (8):
2007987 || ET TROJAN Dropper.Win32.VB.on Keylog/System Info Report via
HTTP || url,doc.emergingthreats.net
2007988 || ET TROJAN Banker Trojan (General) HTTP Checkin
2007989 || ET TROJAN Vundo HTTP Pre-Install Checkin
2007990 || ET TROJAN Vundo HTTP Post-Install Checkin
2007991 || ET MALWARE Suspicious User Agent (Unknown)
2007992 || ET TROJAN Shark Pass Stealer Email Report
2007993 || ET MALWARE Suspicious User Agent (2 spaces)
2007994 || ET MALWARE Suspicious User Agent (1 space)
-> Added to bleeding-sid-msg.map.txt (8):
2007987 || ET TROJAN Dropper.Win32.VB.on Keylog/System Info Report via
HTTP || url,doc.emergingthreats.net
2007988 || ET TROJAN Banker Trojan (General) HTTP Checkin
2007989 || ET TROJAN Vundo HTTP Pre-Install Checkin
2007990 || ET TROJAN Vundo HTTP Post-Install Checkin
2007991 || ET MALWARE Suspicious User Agent (Unknown)
2007992 || ET TROJAN Shark Pass Stealer Email Report
2007993 || ET MALWARE Suspicious User Agent (2 spaces)
2007994 || ET MALWARE Suspicious User Agent (1 space)
-> Added to bleeding-virus.rules (3):
#by victor julien
# kaspersky calls is win32.shark.hz. This sig will catch the report
email outbound
#by victor julien
[---] Removed non-rule lines: [---]
-> Removed from bleeding-sid-msg.map (1):
2007987 || ET TROJAN Dropper.Win32.VB.on Keylog/System Info Report via
HTTP || url,doc.emergingthreats.net/ classtype:trojan-activity
-> Removed from bleeding-sid-msg.map.txt (1):
2007987 || ET TROJAN Dropper.Win32.VB.on Keylog/System Info Report via
HTTP || url,doc.emergingthreats.net/ classtype:trojan-activity
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
