Network Security: Detailed info on [Snort-sigs] Emerging Threats Daily Signature Changes

Subject:	[Snort-sigs] Emerging Threats Daily Signature Changes
Date:	Tue, 1 Apr 2008 17:00:09 -0400 (EDT)


[***] Results from Oinkmaster started Tue Apr  1 17:00:09 2008 [***]

[+++]          Added rules:          [+++]

 2008077 - ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE Request 
(foolsday.exe) (bleeding.rules)
 2008078 - ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE Request 
(funny.exe) (bleeding.rules)
 2008079 - ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE Request 
(kickme.exe) (bleeding.rules)


[///]     Modified active rules:     [///]

 2008073 - ET MALWARE Suspicious User-Agent (App4) (bleeding-malware.rules)


[---]         Disabled rules:        [---]

 2008064 - ET POLICY Nginx Server with no version string - Often Hostile 
Traffic (bleeding-policy.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (5):
        2008077 || ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE 
Request (foolsday.exe)
        2008078 || ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE 
Request (funny.exe)
        2008079 || ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE 
Request (kickme.exe)
        2404020 || ET DROP Known Bot C&C Server Traffic (group 21)  || 
url,www.shadowserver.org
        2405020 || ET DROP Known Bot C&C Traffic (group 21) - BLOCKING SOURCE 
|| url,www.shadowserver.org

     -> Added to bleeding-sid-msg.map.txt (5):
        2008077 || ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE 
Request (foolsday.exe)
        2008078 || ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE 
Request (funny.exe)
        2008079 || ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE 
Request (kickme.exe)
        2404020 || ET DROP Known Bot C&C Server Traffic (group 21)  || 
url,www.shadowserver.org
        2405020 || ET DROP Known Bot C&C Traffic (group 21) - BLOCKING SOURCE 
|| url,www.shadowserver.org

     -> Added to bleeding.rules (2):
        #by matt jonkman
        #temporary for the current storm wave


-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

<Prev in Thread]	Current Thread	[Next in Thread>
[Snort-sigs] Emerging Threats Daily Signature Changes, emerging <= [Snort-sigs] Emerging Threats Daily Signature Changes, emerging [Snort-sigs] Emerging Threats Daily Signature Changes, emerging [Snort-sigs] Emerging Threats Daily Signature Changes, emerging [Snort-sigs] Emerging Threats Daily Signature Changes, emerging [Snort-sigs] Emerging Threats Daily Signature Changes, emerging [Snort-sigs] Emerging Threats Daily Signature Changes, emerging [Snort-sigs] Emerging Threats Daily Signature Changes, emerging [Snort-sigs] Emerging Threats Daily Signature Changes, emerging [Snort-sigs] Emerging Threats Daily Signature Changes, emerging

Next by Date:	[Snort-sigs] Emerging Threats Daily Signature Changes, emerging
Next by Thread:	[Snort-sigs] Emerging Threats Daily Signature Changes, emerging
Indexes:	[Date] [Thread] [Top] [All Lists]