[***] Results from Oinkmaster started Wed Apr 2 17:00:10 2008 [***]
[+++] Added rules: [+++]
2008080 - ET CURRENT_EVENTS Real Player rmoc3260.dll ActiveX Remote Code
Execution Exploit (bleeding.rules)
2008081 - ET TROJAN Xorer.ez HTTP Checkin to CnC (bleeding-virus.rules)
2008082 - ET TROJAN Vundo HTTP Post-Install Checkin (2) (bleeding-virus.rules)
2008083 - ET TROJAN Suspicious User Agent (Zlob Related) (UA00000)
(bleeding-virus.rules)
2008084 - ET MALWARE Suspicious User-Agent (Mozilla-web)
(bleeding-malware.rules)
2008085 - ET MALWARE Alexa Search Toolbar User-Agent 2 (Alexa Toolbar)
(bleeding-malware.rules)
[///] Modified active rules: [///]
2000600 - ET MALWARE MyWebSearch Toolbar Receiving Configuration
(bleeding-malware.rules)
2001662 - ET MALWARE MyWebSearch Toolbar Traffic (Agent)
(bleeding-malware.rules)
2001663 - ET MALWARE MyWebSearch Toolbar Traffic (host)
(bleeding-malware.rules)
2002818 - ET MALWARE MyWebSearch Toolbar Traffic (general download)
(bleeding-malware.rules)
2002819 - ET MALWARE MyWebSearch Toolbar Traffic (bin download)
(bleeding-malware.rules)
2002836 - ET MALWARE MyWebSearch Toolbar Traffic (bar config download)
(bleeding-malware.rules)
2003222 - ET MALWARE MyWebSearch Toolbar Receiving Config 2
(bleeding-malware.rules)
2003617 - ET MALWARE MyWebSearch Toolbar Posting Activity Report
(bleeding-malware.rules)
2003621 - ET MALWARE MyWay Spyware Posting Activity Report - Dell Related
(bleeding-malware.rules)
2007595 - ET TROJAN Downloader.Dluca HTTP Checkin (bleeding-virus.rules)
2008077 - ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE Request
(foolsday.exe) (bleeding.rules)
2008078 - ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE Request
(funny.exe) (bleeding.rules)
2008079 - ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE Request
(kickme.exe) (bleeding.rules)
[---] Removed rules: [---]
2006424 - ET MALWARE Karine.co.kr Related Spyware User Agent (WebUpdate)
(bleeding-malware.rules)
[+++] Added non-rule lines: [+++]
-> Added to bleeding-sid-msg.map (15):
2000600 || ET MALWARE MyWebSearch Toolbar Receiving Configuration
2001662 || ET MALWARE MyWebSearch Toolbar Traffic (Agent)
2001663 || ET MALWARE MyWebSearch Toolbar Traffic (host)
2002818 || ET MALWARE MyWebSearch Toolbar Traffic (general download)
2002819 || ET MALWARE MyWebSearch Toolbar Traffic (bin download)
2002836 || ET MALWARE MyWebSearch Toolbar Traffic (bar config download)
2003222 || ET MALWARE MyWebSearch Toolbar Receiving Config 2
2003617 || ET MALWARE MyWebSearch Toolbar Posting Activity Report
2003621 || ET MALWARE MyWay Spyware Posting Activity Report - Dell
Related
2008080 || ET CURRENT_EVENTS Real Player rmoc3260.dll ActiveX Remote
Code Execution Exploit || url,www.milw0rm.com/exploits/5332 ||
cve,CVE-2008-1309 || bugtraq,28157
2008081 || ET TROJAN Xorer.ez HTTP Checkin to CnC
2008082 || ET TROJAN Vundo HTTP Post-Install Checkin (2)
2008083 || ET TROJAN Suspicious User Agent (Zlob Related) (UA00000)
2008084 || ET MALWARE Suspicious User-Agent (Mozilla-web)
2008085 || ET MALWARE Alexa Search Toolbar User-Agent 2 (Alexa Toolbar)
-> Added to bleeding-sid-msg.map.txt (15):
2000600 || ET MALWARE MyWebSearch Toolbar Receiving Configuration
2001662 || ET MALWARE MyWebSearch Toolbar Traffic (Agent)
2001663 || ET MALWARE MyWebSearch Toolbar Traffic (host)
2002818 || ET MALWARE MyWebSearch Toolbar Traffic (general download)
2002819 || ET MALWARE MyWebSearch Toolbar Traffic (bin download)
2002836 || ET MALWARE MyWebSearch Toolbar Traffic (bar config download)
2003222 || ET MALWARE MyWebSearch Toolbar Receiving Config 2
2003617 || ET MALWARE MyWebSearch Toolbar Posting Activity Report
2003621 || ET MALWARE MyWay Spyware Posting Activity Report - Dell
Related
2008080 || ET CURRENT_EVENTS Real Player rmoc3260.dll ActiveX Remote
Code Execution Exploit || url,www.milw0rm.com/exploits/5332 ||
cve,CVE-2008-1309 || bugtraq,28157
2008081 || ET TROJAN Xorer.ez HTTP Checkin to CnC
2008082 || ET TROJAN Vundo HTTP Post-Install Checkin (2)
2008083 || ET TROJAN Suspicious User Agent (Zlob Related) (UA00000)
2008084 || ET MALWARE Suspicious User-Agent (Mozilla-web)
2008085 || ET MALWARE Alexa Search Toolbar User-Agent 2 (Alexa Toolbar)
-> Added to bleeding.rules (2):
#by akash mahajan.
#temporary, not a perfect sig, will false
[---] Removed non-rule lines: [---]
-> Removed from bleeding-malware.rules (1):
#Disabling, may be too generic for most places
-> Removed from bleeding-sid-msg.map (18):
2000600 || ET MALWARE Malware MyWebSearch Toolbar Receiving
Configuration
2001662 || ET MALWARE Malware MyWebSearch Toolbar Traffic (Agent)
2001663 || ET MALWARE Malware MyWebSearch Toolbar Traffic (host)
2002818 || ET MALWARE Malware MyWebSearch Toolbar Traffic (general
download)
2002819 || ET MALWARE Malware MyWebSearch Toolbar Traffic (bin download)
2002836 || ET MALWARE Malware MyWebSearch Toolbar Traffic (bar config
download)
2003222 || ET MALWARE Malware MyWebSearch Toolbar Receiving Config 2
2003617 || ET MALWARE Malware MyWebSearch Toolbar Posting Activity
Report
2003621 || ET MALWARE Malware MyWay Spyware Posting Activity Report -
Dell Related
2006424 || ET MALWARE Karine.co.kr Related Spyware User Agent
(WebUpdate)
2400001 || ET DROP Spamhaus DROP Listed Traffic Inbound ||
url,www.spamhaus.org/drop/drop.lasso
2400002 || ET DROP Spamhaus DROP Listed Traffic Inbound ||
url,www.spamhaus.org/drop/drop.lasso
2400003 || ET DROP Spamhaus DROP Listed Traffic Inbound ||
url,www.spamhaus.org/drop/drop.lasso
2400004 || ET DROP Spamhaus DROP Listed Traffic Inbound ||
url,www.spamhaus.org/drop/drop.lasso
2401001 || ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING
SOURCE || url,www.spamhaus.org/drop/drop.lasso
2401002 || ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING
SOURCE || url,www.spamhaus.org/drop/drop.lasso
2401003 || ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING
SOURCE || url,www.spamhaus.org/drop/drop.lasso
2401004 || ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING
SOURCE || url,www.spamhaus.org/drop/drop.lasso
-> Removed from bleeding-sid-msg.map.txt (18):
2000600 || ET MALWARE Malware MyWebSearch Toolbar Receiving
Configuration
2001662 || ET MALWARE Malware MyWebSearch Toolbar Traffic (Agent)
2001663 || ET MALWARE Malware MyWebSearch Toolbar Traffic (host)
2002818 || ET MALWARE Malware MyWebSearch Toolbar Traffic (general
download)
2002819 || ET MALWARE Malware MyWebSearch Toolbar Traffic (bin download)
2002836 || ET MALWARE Malware MyWebSearch Toolbar Traffic (bar config
download)
2003222 || ET MALWARE Malware MyWebSearch Toolbar Receiving Config 2
2003617 || ET MALWARE Malware MyWebSearch Toolbar Posting Activity
Report
2003621 || ET MALWARE Malware MyWay Spyware Posting Activity Report -
Dell Related
2006424 || ET MALWARE Karine.co.kr Related Spyware User Agent
(WebUpdate)
2400001 || ET DROP Spamhaus DROP Listed Traffic Inbound ||
url,www.spamhaus.org/drop/drop.lasso
2400002 || ET DROP Spamhaus DROP Listed Traffic Inbound ||
url,www.spamhaus.org/drop/drop.lasso
2400003 || ET DROP Spamhaus DROP Listed Traffic Inbound ||
url,www.spamhaus.org/drop/drop.lasso
2400004 || ET DROP Spamhaus DROP Listed Traffic Inbound ||
url,www.spamhaus.org/drop/drop.lasso
2401001 || ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING
SOURCE || url,www.spamhaus.org/drop/drop.lasso
2401002 || ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING
SOURCE || url,www.spamhaus.org/drop/drop.lasso
2401003 || ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING
SOURCE || url,www.spamhaus.org/drop/drop.lasso
2401004 || ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING
SOURCE || url,www.spamhaus.org/drop/drop.lasso
-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
