Network Security: Detailed info on [Snort-sigs] Emerging Threats Daily Signature Changes

Subject:	[Snort-sigs] Emerging Threats Daily Signature Changes
Date:	Wed, 26 Mar 2008 17:00:09 -0400 (EDT)

Subject:

[Snort-sigs] Emerging Threats Daily Signature Changes

Date:

Wed, 26 Mar 2008 17:00:09 -0400 (EDT)


[***] Results from Oinkmaster started Wed Mar 26 17:00:09 2008 [***]

[+++]          Added rules:          [+++]

 2008052 - ET MALWARE Suspicious User Agent (Internet Explorer) 
(bleeding-malware.rules)
 2008053 - ET MALWARE InternetSpeedMonitor Related Spyware User-Agent (parchmnt 
loader v1.8) (bleeding-malware.rules)
 2008054 - ET POLICY Nginx Server in use - Often Hostile Traffic 
(bleeding-policy.rules)
 2008055 - ET TROJAN Win32.Inject.ajq Initial Checkin to CnC 
(bleeding-virus.rules)
 2008056 - ET TROJAN Win32.Inject.ajq Initial Checkin to CnC packet 2 
(bleeding-virus.rules)
 2008057 - ET TROJAN Win32.Inject.ajq Initial Checkin to CnC Response 
(bleeding-virus.rules)


[///]     Modified active rules:     [///]

 2002030 - ET TROJAN BOT - potential scan/exploit command (bleeding-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-policy.rules (3):
        #by matt jonkman
        #nginx is an open http server. It's quite good, but seems an extremely 
high number of it's
        # installs are malicious. Storm, rbn, etc. Use this rule if you are 
interested

     -> Added to bleeding-sid-msg.map (6):
        2008052 || ET MALWARE Suspicious User Agent (Internet Explorer)
        2008053 || ET MALWARE InternetSpeedMonitor Related Spyware User-Agent 
(parchmnt loader v1.8)
        2008054 || ET POLICY Nginx Server in use - Often Hostile Traffic
        2008055 || ET TROJAN Win32.Inject.ajq Initial Checkin to CnC
        2008056 || ET TROJAN Win32.Inject.ajq Initial Checkin to CnC packet 2
        2008057 || ET TROJAN Win32.Inject.ajq Initial Checkin to CnC Response

     -> Added to bleeding-sid-msg.map.txt (6):
        2008052 || ET MALWARE Suspicious User Agent (Internet Explorer)
        2008053 || ET MALWARE InternetSpeedMonitor Related Spyware User-Agent 
(parchmnt loader v1.8)
        2008054 || ET POLICY Nginx Server in use - Often Hostile Traffic
        2008055 || ET TROJAN Win32.Inject.ajq Initial Checkin to CnC
        2008056 || ET TROJAN Win32.Inject.ajq Initial Checkin to CnC packet 2
        2008057 || ET TROJAN Win32.Inject.ajq Initial Checkin to CnC Response

     -> Added to bleeding-virus.rules (2):
        #re Trojan.Win32.Inject.ajq, by matt jonkman
        # 5bb2b20d012cfe541f1173881be28729


-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

<Prev in Thread]	Current Thread	[Next in Thread>
[Snort-sigs] Emerging Threats Daily Signature Changes, (continued) [Snort-sigs] Emerging Threats Daily Signature Changes, emerging [Snort-sigs] Emerging Threats Daily Signature Changes, emerging [Snort-sigs] Emerging Threats Daily Signature Changes, emerging [Snort-sigs] Emerging Threats Daily Signature Changes, emerging [Snort-sigs] Emerging Threats Daily Signature Changes, emerging [Snort-sigs] Emerging Threats Daily Signature Changes, emerging [Snort-sigs] Emerging Threats Daily Signature Changes, emerging [Snort-sigs] Emerging Threats Daily Signature Changes, emerging [Snort-sigs] Emerging Threats Daily Signature Changes, emerging [Snort-sigs] Emerging Threats Daily Signature Changes, emerging [Snort-sigs] Emerging Threats Daily Signature Changes, emerging <= [Snort-sigs] Emerging Threats Daily Signature Changes, emerging [Snort-sigs] Emerging Threats Daily Signature Changes, emerging [Snort-sigs] Emerging Threats Daily Signature Changes, emerging [Snort-sigs] Emerging Threats Daily Signature Changes, emerging

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	[Snort-sigs] Emerging Threats Daily Signature Changes, emerging
Next by Date:	[Snort-sigs] Emerging Threats Daily Signature Changes, emerging
Previous by Thread:	[Snort-sigs] Emerging Threats Daily Signature Changes, emerging
Next by Thread:	[Snort-sigs] Emerging Threats Daily Signature Changes, emerging
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

[Snort-sigs] Emerging Threats Daily Signature Changes, emerging

Next by Date:

[Snort-sigs] Emerging Threats Daily Signature Changes, emerging

Previous by Thread:

[Snort-sigs] Emerging Threats Daily Signature Changes, emerging

Next by Thread:

[Snort-sigs] Emerging Threats Daily Signature Changes, emerging

Indexes:

[Date] [Thread] [Top] [All Lists]