[***] Results from Oinkmaster started Sat Apr 5 19:00:09 2008 [***]
[+++] Added rules: [+++]
2008067 - ET MALWARE Kwsearchguide.com Related Spyware Checkin
(bleeding-malware.rules)
2008069 - ET MALWARE Kwsearchguide.com Related Spyware Keepalive
(bleeding-malware.rules)
2008070 - ET POLICY Windows 98 User-Agent Detected - Possible Malware or
Non-Updated System (Win98) (bleeding-policy.rules)
2008071 - ET TROJAN Delf Checkin via HTTP (6) (bleeding-virus.rules)
2008072 - ET TROJAN LDPinch Checkin (5) (bleeding-virus.rules)
2008073 - ET MALWARE Suspicious User-Agent (App4) (bleeding-malware.rules)
2008074 - ET TROJAN Banload User-Agent Detected (WebUpdate)
(bleeding-virus.rules)
2008075 - ET TROJAN LDPinch Checkin (6) (bleeding-virus.rules)
2008076 - ET TROJAN General Downloader URL Pattern (/loader/setup.php)
(bleeding-virus.rules)
2008077 - ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE Request
(foolsday.exe) (bleeding.rules)
2008078 - ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE Request
(funny.exe) (bleeding.rules)
2008079 - ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE Request
(kickme.exe) (bleeding.rules)
2008080 - ET CURRENT_EVENTS Real Player rmoc3260.dll ActiveX Remote Code
Execution Exploit (bleeding.rules)
2008081 - ET TROJAN Xorer.ez HTTP Checkin to CnC (bleeding-virus.rules)
2008082 - ET TROJAN Vundo HTTP Post-Install Checkin (2) (bleeding-virus.rules)
2008083 - ET TROJAN Suspicious User Agent (Zlob Related) (UA00000)
(bleeding-virus.rules)
2008084 - ET MALWARE Suspicious User-Agent (Mozilla-web)
(bleeding-malware.rules)
2008085 - ET MALWARE Alexa Search Toolbar User-Agent 2 (Alexa Toolbar)
(bleeding-malware.rules)
2008086 - ET TROJAN Daemonize.ft HTTP Checkin (bleeding-virus.rules)
2008087 - ET TROJAN Downloader.VB.CEJ HTTP Checkin (bleeding-virus.rules)
2008088 - ET TROJAN Lolabel Related User-Agent (ProxyDown)
(bleeding-virus.rules)
2008089 - ET TROJAN LDPinch Checkin (7) (bleeding-virus.rules)
2008090 - ET TROJAN Delf Checkin via HTTP (7) (bleeding-virus.rules)
2008091 - ET TROJAN LDPinch Checkin (8) (bleeding-virus.rules)
2008092 - ET SCAN Internal to Internal UPnP Request tcp port 2555
(bleeding-scan.rules)
2008093 - ET SCAN External to Internal UPnP Request tcp port 2555
(bleeding-scan.rules)
2008094 - ET SCAN External to Internal UPnP Request udp port 1900
(bleeding-scan.rules)
2008096 - ET MALWARE Suspicious User-Agent (INSTALLER) (bleeding-malware.rules)
2008097 - ET MALWARE Suspicious User-Agent (IEMGR) (bleeding-malware.rules)
2008098 - ET MALWARE Suspicious User-Agent (GOOGLE) (bleeding-malware.rules)
2008099 - ET EXPLOIT ChilkatHttp ActiveX 2.3 Arbitrary Files Overwrite
(bleeding-exploit.rules)
2008100 - ET TROJAN PRG/wnspoem/Zeus InfoStealer Trojan Config Download
(bleeding-virus.rules)
2008101 - ET CURRENT_EVENTS Possible Storm Worm EXE Request (withlove.exe)
(bleeding.rules)
2008102 - ET CURRENT_EVENTS Possible Storm Worm EXE Request (love.exe)
(bleeding.rules)
[///] Modified active rules: [///]
2000026 - ET MALWARE Gator Agent Traffic (bleeding-malware.rules)
2000600 - ET MALWARE MyWebSearch Toolbar Receiving Configuration
(bleeding-malware.rules)
2001662 - ET MALWARE MyWebSearch Toolbar Traffic (Agent)
(bleeding-malware.rules)
2001663 - ET MALWARE MyWebSearch Toolbar Traffic (host)
(bleeding-malware.rules)
2002818 - ET MALWARE MyWebSearch Toolbar Traffic (general download)
(bleeding-malware.rules)
2002819 - ET MALWARE MyWebSearch Toolbar Traffic (bin download)
(bleeding-malware.rules)
2002836 - ET MALWARE MyWebSearch Toolbar Traffic (bar config download)
(bleeding-malware.rules)
2003222 - ET MALWARE MyWebSearch Toolbar Receiving Config 2
(bleeding-malware.rules)
2003617 - ET MALWARE MyWebSearch Toolbar Posting Activity Report
(bleeding-malware.rules)
2003621 - ET MALWARE MyWay Spyware Posting Activity Report - Dell Related
(bleeding-malware.rules)
2007595 - ET TROJAN Downloader.Dluca HTTP Checkin (bleeding-virus.rules)
2007607 - ET MALWARE Zango Spyware Post (bleeding-malware.rules)
2007854 - ET MALWARE Suspicious User Agent - Possible Spyware Related
(Mozilla) (bleeding-malware.rules)
2008055 - ET TROJAN Win32.Inject.ajq Initial Checkin to CnC
(bleeding-virus.rules)
2008058 - ET TROJAN Win32.Inject.ajq Initial Checkin to CnC port 443
(bleeding-virus.rules)
2400000 - ET DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
2400001 - ET DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
2400002 - ET DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
2400003 - ET DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
2400004 - ET DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
2401000 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE
(bleeding-drop-BLOCK.rules)
2401001 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE
(bleeding-drop-BLOCK.rules)
2401002 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE
(bleeding-drop-BLOCK.rules)
2401003 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE
(bleeding-drop-BLOCK.rules)
2401004 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE
(bleeding-drop-BLOCK.rules)
2402000 - ET DROP Dshield Block Listed Source (bleeding-dshield.rules)
2403000 - ET DROP Dshield Block Listed Source - BLOCKING
(bleeding-dshield-BLOCK.rules)
2404000 - ET DROP Known Bot C&C Server Traffic (group 1)
(bleeding-botcc.rules)
2404001 - ET DROP Known Bot C&C Server Traffic (group 2)
(bleeding-botcc.rules)
2404002 - ET DROP Known Bot C&C Server Traffic (group 3)
(bleeding-botcc.rules)
2404003 - ET DROP Known Bot C&C Server Traffic (group 4)
(bleeding-botcc.rules)
2404004 - ET DROP Known Bot C&C Server Traffic (group 5)
(bleeding-botcc.rules)
2404005 - ET DROP Known Bot C&C Server Traffic (group 6)
(bleeding-botcc.rules)
2404006 - ET DROP Known Bot C&C Server Traffic (group 7)
(bleeding-botcc.rules)
2404007 - ET DROP Known Bot C&C Server Traffic (group 8)
(bleeding-botcc.rules)
2404008 - ET DROP Known Bot C&C Server Traffic (group 9)
(bleeding-botcc.rules)
2404009 - ET DROP Known Bot C&C Server Traffic (group 10)
(bleeding-botcc.rules)
2404010 - ET DROP Known Bot C&C Server Traffic (group 11)
(bleeding-botcc.rules)
2404011 - ET DROP Known Bot C&C Server Traffic (group 12)
(bleeding-botcc.rules)
2404012 - ET DROP Known Bot C&C Server Traffic (group 13)
(bleeding-botcc.rules)
2404013 - ET DROP Known Bot C&C Server Traffic (group 14)
(bleeding-botcc.rules)
2404014 - ET DROP Known Bot C&C Server Traffic (group 15)
(bleeding-botcc.rules)
2404015 - ET DROP Known Bot C&C Server Traffic (group 16)
(bleeding-botcc.rules)
2404016 - ET DROP Known Bot C&C Server Traffic (group 17)
(bleeding-botcc.rules)
2404017 - ET DROP Known Bot C&C Server Traffic (group 18)
(bleeding-botcc.rules)
2404018 - ET DROP Known Bot C&C Server Traffic (group 19)
(bleeding-botcc.rules)
2404019 - ET DROP Known Bot C&C Server Traffic (group 20)
(bleeding-botcc.rules)
2404020 - ET DROP Known Bot C&C Server Traffic (group 21)
(bleeding-botcc.rules)
2405000 - ET DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405001 - ET DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405002 - ET DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405003 - ET DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405004 - ET DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405005 - ET DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405006 - ET DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405007 - ET DROP Known Bot C&C Traffic (group 8) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405008 - ET DROP Known Bot C&C Traffic (group 9) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405009 - ET DROP Known Bot C&C Traffic (group 10) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405010 - ET DROP Known Bot C&C Traffic (group 11) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405011 - ET DROP Known Bot C&C Traffic (group 12) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405012 - ET DROP Known Bot C&C Traffic (group 13) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405013 - ET DROP Known Bot C&C Traffic (group 14) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405014 - ET DROP Known Bot C&C Traffic (group 15) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405015 - ET DROP Known Bot C&C Traffic (group 16) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405016 - ET DROP Known Bot C&C Traffic (group 17) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405017 - ET DROP Known Bot C&C Traffic (group 18) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405018 - ET DROP Known Bot C&C Traffic (group 19) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405019 - ET DROP Known Bot C&C Traffic (group 20) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405020 - ET DROP Known Bot C&C Traffic (group 21) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
[---] Disabled rules: [---]
2008064 - ET POLICY Nginx Server with no version string - Often Hostile
Traffic (bleeding-policy.rules)
[---] Removed rules: [---]
2006424 - ET MALWARE Karine.co.kr Related Spyware User Agent (WebUpdate)
(bleeding-malware.rules)
[+++] Added non-rule lines: [+++]
-> Added to bleeding-drop-BLOCK.rules (2):
# VERSION 1108
# Generated 2008-04-04 01:03:02 EDT
-> Added to bleeding-drop.rules (2):
# VERSION 1108
# Generated 2008-04-04 01:03:02 EDT
-> Added to bleeding-exploit.rules (1):
#by Chandan S at Stillsecure
-> Added to bleeding-malware.rules (1):
#re 3770f50ed1ead924f42f787b462cdb2b, no name yet
-> Added to bleeding-scan.rules (4):
#by matt jonkman
#intended to catch internal hosts doing upnp requests that maybe
shouldn't be
#and external hosts making internal requests.
#have seen some malware samples looking for upnp hosts
-> Added to bleeding-sid-msg.map (45):
2000600 || ET MALWARE MyWebSearch Toolbar Receiving Configuration
2001662 || ET MALWARE MyWebSearch Toolbar Traffic (Agent)
2001663 || ET MALWARE MyWebSearch Toolbar Traffic (host)
2002818 || ET MALWARE MyWebSearch Toolbar Traffic (general download)
2002819 || ET MALWARE MyWebSearch Toolbar Traffic (bin download)
2002836 || ET MALWARE MyWebSearch Toolbar Traffic (bar config download)
2003222 || ET MALWARE MyWebSearch Toolbar Receiving Config 2
2003617 || ET MALWARE MyWebSearch Toolbar Posting Activity Report
2003621 || ET MALWARE MyWay Spyware Posting Activity Report - Dell
Related
2007607 || ET MALWARE Zango Spyware Post ||
url,usa.kaspersky.com/about-us/news-press-releases.php?smnr_id=900000045
2007854 || ET MALWARE Suspicious User Agent - Possible Spyware Related
(Mozilla)
2008067 || ET MALWARE Kwsearchguide.com Related Spyware Checkin
2008069 || ET MALWARE Kwsearchguide.com Related Spyware Keepalive
2008070 || ET POLICY Windows 98 User-Agent Detected - Possible Malware
or Non-Updated System (Win98) ||
url,doc.emergingthreats.net/bin/view/Main/Windows98UA
2008071 || ET TROJAN Delf Checkin via HTTP (6)
2008072 || ET TROJAN LDPinch Checkin (5)
2008073 || ET MALWARE Suspicious User-Agent (App4)
2008074 || ET TROJAN Banload User-Agent Detected (WebUpdate)
2008075 || ET TROJAN LDPinch Checkin (6)
2008076 || ET TROJAN General Downloader URL Pattern (/loader/setup.php)
2008077 || ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE
Request (foolsday.exe)
2008078 || ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE
Request (funny.exe)
2008079 || ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE
Request (kickme.exe)
2008080 || ET CURRENT_EVENTS Real Player rmoc3260.dll ActiveX Remote
Code Execution Exploit || url,www.milw0rm.com/exploits/5332 ||
cve,CVE-2008-1309 || bugtraq,28157
2008081 || ET TROJAN Xorer.ez HTTP Checkin to CnC
2008082 || ET TROJAN Vundo HTTP Post-Install Checkin (2)
2008083 || ET TROJAN Suspicious User Agent (Zlob Related) (UA00000)
2008084 || ET MALWARE Suspicious User-Agent (Mozilla-web)
2008085 || ET MALWARE Alexa Search Toolbar User-Agent 2 (Alexa Toolbar)
2008086 || ET TROJAN Daemonize.ft HTTP Checkin
2008087 || ET TROJAN Downloader.VB.CEJ HTTP Checkin
2008088 || ET TROJAN Lolabel Related User-Agent (ProxyDown)
2008089 || ET TROJAN LDPinch Checkin (7)
2008090 || ET TROJAN Delf Checkin via HTTP (7)
2008091 || ET TROJAN LDPinch Checkin (8)
2008092 || ET SCAN Internal to Internal UPnP Request tcp port 2555 ||
url,www.upnp-hacks.org/upnp.html
2008093 || ET SCAN External to Internal UPnP Request tcp port 2555 ||
url,www.upnp-hacks.org/upnp.html
2008094 || ET SCAN External to Internal UPnP Request udp port 1900 ||
url,www.upnp-hacks.org/upnp.html
2008096 || ET MALWARE Suspicious User-Agent (INSTALLER)
2008097 || ET MALWARE Suspicious User-Agent (IEMGR)
2008098 || ET MALWARE Suspicious User-Agent (GOOGLE)
2008099 || ET EXPLOIT ChilkatHttp ActiveX 2.3 Arbitrary Files Overwrite
|| url,www.milw0rm.com/exploits/5338 || bugtraq,28546
2008100 || ET TROJAN PRG/wnspoem/Zeus InfoStealer Trojan Config Download
2008101 || ET CURRENT_EVENTS Possible Storm Worm EXE Request
(withlove.exe)
2008102 || ET CURRENT_EVENTS Possible Storm Worm EXE Request (love.exe)
-> Added to bleeding-sid-msg.map.txt (45):
2000600 || ET MALWARE MyWebSearch Toolbar Receiving Configuration
2001662 || ET MALWARE MyWebSearch Toolbar Traffic (Agent)
2001663 || ET MALWARE MyWebSearch Toolbar Traffic (host)
2002818 || ET MALWARE MyWebSearch Toolbar Traffic (general download)
2002819 || ET MALWARE MyWebSearch Toolbar Traffic (bin download)
2002836 || ET MALWARE MyWebSearch Toolbar Traffic (bar config download)
2003222 || ET MALWARE MyWebSearch Toolbar Receiving Config 2
2003617 || ET MALWARE MyWebSearch Toolbar Posting Activity Report
2003621 || ET MALWARE MyWay Spyware Posting Activity Report - Dell
Related
2007607 || ET MALWARE Zango Spyware Post ||
url,usa.kaspersky.com/about-us/news-press-releases.php?smnr_id=900000045
2007854 || ET MALWARE Suspicious User Agent - Possible Spyware Related
(Mozilla)
2008067 || ET MALWARE Kwsearchguide.com Related Spyware Checkin
2008069 || ET MALWARE Kwsearchguide.com Related Spyware Keepalive
2008070 || ET POLICY Windows 98 User-Agent Detected - Possible Malware
or Non-Updated System (Win98) ||
url,doc.emergingthreats.net/bin/view/Main/Windows98UA
2008071 || ET TROJAN Delf Checkin via HTTP (6)
2008072 || ET TROJAN LDPinch Checkin (5)
2008073 || ET MALWARE Suspicious User-Agent (App4)
2008074 || ET TROJAN Banload User-Agent Detected (WebUpdate)
2008075 || ET TROJAN LDPinch Checkin (6)
2008076 || ET TROJAN General Downloader URL Pattern (/loader/setup.php)
2008077 || ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE
Request (foolsday.exe)
2008078 || ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE
Request (funny.exe)
2008079 || ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE
Request (kickme.exe)
2008080 || ET CURRENT_EVENTS Real Player rmoc3260.dll ActiveX Remote
Code Execution Exploit || url,www.milw0rm.com/exploits/5332 ||
cve,CVE-2008-1309 || bugtraq,28157
2008081 || ET TROJAN Xorer.ez HTTP Checkin to CnC
2008082 || ET TROJAN Vundo HTTP Post-Install Checkin (2)
2008083 || ET TROJAN Suspicious User Agent (Zlob Related) (UA00000)
2008084 || ET MALWARE Suspicious User-Agent (Mozilla-web)
2008085 || ET MALWARE Alexa Search Toolbar User-Agent 2 (Alexa Toolbar)
2008086 || ET TROJAN Daemonize.ft HTTP Checkin
2008087 || ET TROJAN Downloader.VB.CEJ HTTP Checkin
2008088 || ET TROJAN Lolabel Related User-Agent (ProxyDown)
2008089 || ET TROJAN LDPinch Checkin (7)
2008090 || ET TROJAN Delf Checkin via HTTP (7)
2008091 || ET TROJAN LDPinch Checkin (8)
2008092 || ET SCAN Internal to Internal UPnP Request tcp port 2555 ||
url,www.upnp-hacks.org/upnp.html
2008093 || ET SCAN External to Internal UPnP Request tcp port 2555 ||
url,www.upnp-hacks.org/upnp.html
2008094 || ET SCAN External to Internal UPnP Request udp port 1900 ||
url,www.upnp-hacks.org/upnp.html
2008096 || ET MALWARE Suspicious User-Agent (INSTALLER)
2008097 || ET MALWARE Suspicious User-Agent (IEMGR)
2008098 || ET MALWARE Suspicious User-Agent (GOOGLE)
2008099 || ET EXPLOIT ChilkatHttp ActiveX 2.3 Arbitrary Files Overwrite
|| url,www.milw0rm.com/exploits/5338 || bugtraq,28546
2008100 || ET TROJAN PRG/wnspoem/Zeus InfoStealer Trojan Config Download
2008101 || ET CURRENT_EVENTS Possible Storm Worm EXE Request
(withlove.exe)
2008102 || ET CURRENT_EVENTS Possible Storm Worm EXE Request (love.exe)
-> Added to bleeding-virus.rules (1):
#by steven adair from shadowserevr
-> Added to bleeding.rules (4):
#by akash mahajan.
#temporary, not a perfect sig, will false
#by matt jonkman
#temporary for the current storm wave
[---] Removed non-rule lines: [---]
-> Removed from bleeding-drop-BLOCK.rules (2):
# VERSION 1101
# Generated 2008-03-28 01:03:01 EDT
-> Removed from bleeding-drop.rules (2):
# VERSION 1101
# Generated 2008-03-28 01:03:01 EDT
-> Removed from bleeding-malware.rules (1):
#Disabling, may be too generic for most places
-> Removed from bleeding-sid-msg.map (12):
2000600 || ET MALWARE Malware MyWebSearch Toolbar Receiving
Configuration
2001662 || ET MALWARE Malware MyWebSearch Toolbar Traffic (Agent)
2001663 || ET MALWARE Malware MyWebSearch Toolbar Traffic (host)
2002818 || ET MALWARE Malware MyWebSearch Toolbar Traffic (general
download)
2002819 || ET MALWARE Malware MyWebSearch Toolbar Traffic (bin download)
2002836 || ET MALWARE Malware MyWebSearch Toolbar Traffic (bar config
download)
2003222 || ET MALWARE Malware MyWebSearch Toolbar Receiving Config 2
2003617 || ET MALWARE Malware MyWebSearch Toolbar Posting Activity
Report
2003621 || ET MALWARE Malware MyWay Spyware Posting Activity Report -
Dell Related
2006424 || ET MALWARE Karine.co.kr Related Spyware User Agent
(WebUpdate)
2007607 || ET MALWARE Zango Spyware version 10.0 Post ||
url,usa.kaspersky.com/about-us/news-press-releases.php?smnr_id=900000045
2007854 || ET MALWARE Suspicious User Agent - Possible Playmp3z or
other Spyware Related (Mozilla)
-> Removed from bleeding-sid-msg.map.txt (12):
2000600 || ET MALWARE Malware MyWebSearch Toolbar Receiving
Configuration
2001662 || ET MALWARE Malware MyWebSearch Toolbar Traffic (Agent)
2001663 || ET MALWARE Malware MyWebSearch Toolbar Traffic (host)
2002818 || ET MALWARE Malware MyWebSearch Toolbar Traffic (general
download)
2002819 || ET MALWARE Malware MyWebSearch Toolbar Traffic (bin download)
2002836 || ET MALWARE Malware MyWebSearch Toolbar Traffic (bar config
download)
2003222 || ET MALWARE Malware MyWebSearch Toolbar Receiving Config 2
2003617 || ET MALWARE Malware MyWebSearch Toolbar Posting Activity
Report
2003621 || ET MALWARE Malware MyWay Spyware Posting Activity Report -
Dell Related
2006424 || ET MALWARE Karine.co.kr Related Spyware User Agent
(WebUpdate)
2007607 || ET MALWARE Zango Spyware version 10.0 Post ||
url,usa.kaspersky.com/about-us/news-press-releases.php?smnr_id=900000045
2007854 || ET MALWARE Suspicious User Agent - Possible Playmp3z or
other Spyware Related (Mozilla)
-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Register now and save $200. Hurry, offer ends at 11:59 p.m.,
Monday, April 7! Use priority code J8TLD2.
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
