[***] Results from Oinkmaster started Wed Mar 19 17:00:09 2008 [***]
[+++] Added rules: [+++]
2008016 - ET MALWARE Servicepack.kr Fake Patch Software Checkin
(bleeding-malware.rules)
2008017 - ET TROJAN Philis.J ICMP Sweep (Payload Hello,World)
(bleeding-virus.rules)
2008018 - ET MALWARE Beautyscreens.com Related Spyware Install Success Report
(bleeding-malware.rules)
2008019 - ET TROJAN Suspicious User-Agent - Possible Trojan Downloader (https)
(bleeding-virus.rules)
2008020 - ET WORM Win32.Socks.s HTTP Post Checkin (bleeding-virus.rules)
2008021 - ET TROJAN Turkojan C&C Initial Checkin (ams) (bleeding-virus.rules)
2008022 - ET TROJAN Turkojan C&C Info Command (MINFO) (bleeding-virus.rules)
2008023 - ET TROJAN Turkojan C&C Info Command Response (MINFO)
(bleeding-virus.rules)
2008024 - ET TROJAN Turkojan C&C Logs Parse Command (LOGS1)
(bleeding-virus.rules)
2008025 - ET TROJAN Turkojan C&C Logs Parse Response Response (LOGS1)
(bleeding-virus.rules)
2008026 - ET TROJAN Turkojan C&C Keepalive (BAGLANTI) (bleeding-virus.rules)
2008027 - ET TROJAN Turkojan C&C Browse Drive Command (BROWSC)
(bleeding-virus.rules)
2008028 - ET TROJAN Turkojan C&C Browse Drive Command Response (metin)
(bleeding-virus.rules)
2008029 - ET TROJAN Turkojan C&C nxt Command (nxt) (bleeding-virus.rules)
2008030 - ET TROJAN Turkojan C&C nxt Command Response (nxt)
(bleeding-virus.rules)
2008031 - ET TROJAN Dorf/Win32.Inject.adt C&C Communication Outbound
(bleeding-virus.rules)
2008032 - ET TROJAN Dorf/Win32.Inject.adt C&C Communication Inbound
(bleeding-virus.rules)
2008033 - ET TROJAN Banker.maf SMTP Checkin (Not in the Control...)
(bleeding-virus.rules)
2008034 - ET TROJAN LDPinch SMTP Password Report (bleeding-virus.rules)
[///] Modified active rules: [///]
2007828 - ET TROJAN LDPinch Checkin (2) (bleeding-virus.rules)
2007862 - ET TROJAN LDPinch Checkin (3) (bleeding-virus.rules)
2007949 - ET TROJAN Medbod UDP Phone Home Packet (bleeding-virus.rules)
[+++] Added non-rule lines: [+++]
-> Added to bleeding-sid-msg.map (20):
2007949 || ET TROJAN Medbod UDP Phone Home Packet
2008016 || ET MALWARE Servicepack.kr Fake Patch Software Checkin
2008017 || ET TROJAN Philis.J ICMP Sweep (Payload Hello,World) ||
url,vil.nai.com/vil/content/v_141203.htm
2008018 || ET MALWARE Beautyscreens.com Related Spyware Install Success
Report
2008019 || ET TROJAN Suspicious User-Agent - Possible Trojan Downloader
(https)
2008020 || ET WORM Win32.Socks.s HTTP Post Checkin
2008021 || ET TROJAN Turkojan C&C Initial Checkin (ams)
2008022 || ET TROJAN Turkojan C&C Info Command (MINFO)
2008023 || ET TROJAN Turkojan C&C Info Command Response (MINFO)
2008024 || ET TROJAN Turkojan C&C Logs Parse Command (LOGS1)
2008025 || ET TROJAN Turkojan C&C Logs Parse Response Response (LOGS1)
2008026 || ET TROJAN Turkojan C&C Keepalive (BAGLANTI)
2008027 || ET TROJAN Turkojan C&C Browse Drive Command (BROWSC)
2008028 || ET TROJAN Turkojan C&C Browse Drive Command Response (metin)
2008029 || ET TROJAN Turkojan C&C nxt Command (nxt)
2008030 || ET TROJAN Turkojan C&C nxt Command Response (nxt)
2008031 || ET TROJAN Dorf/Win32.Inject.adt C&C Communication Outbound
2008032 || ET TROJAN Dorf/Win32.Inject.adt C&C Communication Inbound
2008033 || ET TROJAN Banker.maf SMTP Checkin (Not in the Control...)
2008034 || ET TROJAN LDPinch SMTP Password Report
-> Added to bleeding-sid-msg.map.txt (20):
2007949 || ET TROJAN Medbod UDP Phone Home Packet
2008016 || ET MALWARE Servicepack.kr Fake Patch Software Checkin
2008017 || ET TROJAN Philis.J ICMP Sweep (Payload Hello,World) ||
url,vil.nai.com/vil/content/v_141203.htm
2008018 || ET MALWARE Beautyscreens.com Related Spyware Install Success
Report
2008019 || ET TROJAN Suspicious User-Agent - Possible Trojan Downloader
(https)
2008020 || ET WORM Win32.Socks.s HTTP Post Checkin
2008021 || ET TROJAN Turkojan C&C Initial Checkin (ams)
2008022 || ET TROJAN Turkojan C&C Info Command (MINFO)
2008023 || ET TROJAN Turkojan C&C Info Command Response (MINFO)
2008024 || ET TROJAN Turkojan C&C Logs Parse Command (LOGS1)
2008025 || ET TROJAN Turkojan C&C Logs Parse Response Response (LOGS1)
2008026 || ET TROJAN Turkojan C&C Keepalive (BAGLANTI)
2008027 || ET TROJAN Turkojan C&C Browse Drive Command (BROWSC)
2008028 || ET TROJAN Turkojan C&C Browse Drive Command Response (metin)
2008029 || ET TROJAN Turkojan C&C nxt Command (nxt)
2008030 || ET TROJAN Turkojan C&C nxt Command Response (nxt)
2008031 || ET TROJAN Dorf/Win32.Inject.adt C&C Communication Outbound
2008032 || ET TROJAN Dorf/Win32.Inject.adt C&C Communication Inbound
2008033 || ET TROJAN Banker.maf SMTP Checkin (Not in the Control...)
2008034 || ET TROJAN LDPinch SMTP Password Report
-> Added to bleeding-virus.rules (5):
#slso called Trojan.Dropper.RRM and Trojan.Win32.Inject.adt
#win32.philis.J here
# Backdoor.Win32.Turkojan.jv or Turkojan.gen1 or
GenPack:Trojan.Agent.AHAB
#c&c session 2
#by matt jonkman. Win32.Socks.s
[---] Removed non-rule lines: [---]
-> Removed from bleeding-sid-msg.map (1):
2007949 || ET TROJAN Medbod UDP Phone Home Packet - Please report hits
to emerging@emergingthreats.net for analysis
-> Removed from bleeding-sid-msg.map.txt (1):
2007949 || ET TROJAN Medbod UDP Phone Home Packet - Please report hits
to emerging@emergingthreats.net for analysis
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
