[***] Results from Oinkmaster started Thu Mar 27 17:00:09 2008 [***]
[+++] Added rules: [+++]
2008058 - ET TROJAN Win32.Inject.ajq Initial Checkin to CnC port 443
(bleeding-virus.rules)
2008059 - ET TROJAN Win32.Inject.ajq Initial Checkin to CnC packet 2 port 443
(bleeding-virus.rules)
2008060 - ET TROJAN Win32.Inject.ajq Initial Checkin to CnC Response port 443
(bleeding-virus.rules)
2008061 - ET TROJAN LDPinch Checkin (4) (bleeding-virus.rules)
[///] Modified active rules: [///]
2006435 - ET SCAN LibSSH Based SSH Connection - Often used as a BruteForce
Tool (bleeding-scan.rules)
2006546 - ET SCAN LibSSH Based Frequent SSH Connections -- Likely BruteForce
Attack! (bleeding-scan.rules)
2007962 - ET TROJAN Vipdataend C&C Traffic - Checkin (bleeding-virus.rules)
2008056 - ET TROJAN Win32.Inject.ajq Initial Checkin to CnC packet 2
(bleeding-virus.rules)
[+++] Added non-rule lines: [+++]
-> Added to bleeding-sid-msg.map (4):
2008058 || ET TROJAN Win32.Inject.ajq Initial Checkin to CnC port 443
2008059 || ET TROJAN Win32.Inject.ajq Initial Checkin to CnC packet 2
port 443
2008060 || ET TROJAN Win32.Inject.ajq Initial Checkin to CnC Response
port 443
2008061 || ET TROJAN LDPinch Checkin (4)
-> Added to bleeding-sid-msg.map.txt (4):
2008058 || ET TROJAN Win32.Inject.ajq Initial Checkin to CnC port 443
2008059 || ET TROJAN Win32.Inject.ajq Initial Checkin to CnC packet 2
port 443
2008060 || ET TROJAN Win32.Inject.ajq Initial Checkin to CnC Response
port 443
2008061 || ET TROJAN LDPinch Checkin (4)
-> Added to bleeding-virus.rules (1):
#also seeing the same on 443
-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
