[***] Results from Oinkmaster started Sat Mar 15 17:00:08 2008 [***]
[+++] Added rules: [+++]
2008000 - ET MALWARE Easydownloadsoft.com Fake Anti-Virus User Agent (IM
Downloader) (bleeding-malware.rules)
2008001 - ET CURRENT_EVENTS 2117966.net/iframe exploit (infection)
(bleeding.rules)
2008002 - ET CURRENT_EVENTS 2117966.net/iframe exploit (attempt)
(bleeding.rules)
[///] Modified active rules: [///]
2007862 - ET TROJAN LDPinch Checkin (3) (bleeding-virus.rules)
2007983 - ET TROJAN LDPinch Checkin (4) (bleeding-virus.rules)
[+++] Added non-rule lines: [+++]
-> Added to bleeding-sid-msg.map (3):
2008000 || ET MALWARE Easydownloadsoft.com Fake Anti-Virus User Agent
(IM Downloader)
2008001 || ET CURRENT_EVENTS 2117966.net/iframe exploit (infection) ||
url,isc.sans.org/diary.html?storyid=4139
2008002 || ET CURRENT_EVENTS 2117966.net/iframe exploit (attempt) ||
url,isc.sans.org/diary.html?storyid=4139
-> Added to bleeding-sid-msg.map.txt (3):
2008000 || ET MALWARE Easydownloadsoft.com Fake Anti-Virus User Agent
(IM Downloader)
2008001 || ET CURRENT_EVENTS 2117966.net/iframe exploit (infection) ||
url,isc.sans.org/diary.html?storyid=4139
2008002 || ET CURRENT_EVENTS 2117966.net/iframe exploit (attempt) ||
url,isc.sans.org/diary.html?storyid=4139
-> Added to bleeding.rules (5):
# From SANS/Diary isc.sans.org/diary.html?storyid=4139
# Inspect your web proxy logs for visitors to 2117966.net. This will
# indicate who is potentially exposed. Check these systems to verify
# that their patches are up-to-date. Systems that are successfully
# compromised will begin sending traffic to 61.188.39.175
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
