[***] Results from Oinkmaster started Mon Apr 7 17:00:09 2008 [***]
[///] Modified active rules: [///]
2001016 - ET MALWARE SideStep Bar Install (bleeding-malware.rules)
2001017 - ET MALWARE SideStep Bar Reporting Data (bleeding-malware.rules)
2002821 - ET MALWARE SideStep Bar Reporting Data (sbstart)
(bleeding-malware.rules)
2008100 - ET TROJAN PRG/wnspoem/Zeus InfoStealer Trojan Config Download
(bleeding-virus.rules)
[---] Disabled and modified rules: [---]
2008074 - ET TROJAN Banload User-Agent Detected (WebUpdate)
(bleeding-virus.rules)
[---] Removed rules: [---]
2001018 - ET MALWARE SideStep Bar Activity (bleeding-malware.rules)
2001019 - ET MALWARE SideStep Bar Autoupdate (bleeding-malware.rules)
[+++] Added non-rule lines: [+++]
-> Added to bleeding-sid-msg.map (2):
2404021 || ET DROP Known Bot C&C Server Traffic (group 22) ||
url,www.shadowserver.org
2405021 || ET DROP Known Bot C&C Traffic (group 22) - BLOCKING SOURCE
|| url,www.shadowserver.org
-> Added to bleeding-sid-msg.map.txt (2):
2404021 || ET DROP Known Bot C&C Server Traffic (group 22) ||
url,www.shadowserver.org
2405021 || ET DROP Known Bot C&C Traffic (group 22) - BLOCKING SOURCE
|| url,www.shadowserver.org
-> Added to bleeding-virus.rules (1):
#Disabling, hits on a few legit apps
[---] Removed non-rule lines: [---]
-> Removed from bleeding-sid-msg.map (10):
2001018 || ET MALWARE SideStep Bar Activity ||
url,www.spyany.com/program/article_spw_rm_SideStep.html || url,www.sidestep.com
2001019 || ET MALWARE SideStep Bar Autoupdate ||
url,www.spyany.com/program/article_spw_rm_SideStep.html || url,www.sidestep.com
2400001 || ET DROP Spamhaus DROP Listed Traffic Inbound ||
url,www.spamhaus.org/drop/drop.lasso
2400002 || ET DROP Spamhaus DROP Listed Traffic Inbound ||
url,www.spamhaus.org/drop/drop.lasso
2400003 || ET DROP Spamhaus DROP Listed Traffic Inbound ||
url,www.spamhaus.org/drop/drop.lasso
2400004 || ET DROP Spamhaus DROP Listed Traffic Inbound ||
url,www.spamhaus.org/drop/drop.lasso
2401001 || ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING
SOURCE || url,www.spamhaus.org/drop/drop.lasso
2401002 || ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING
SOURCE || url,www.spamhaus.org/drop/drop.lasso
2401003 || ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING
SOURCE || url,www.spamhaus.org/drop/drop.lasso
2401004 || ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING
SOURCE || url,www.spamhaus.org/drop/drop.lasso
-> Removed from bleeding-sid-msg.map.txt (10):
2001018 || ET MALWARE SideStep Bar Activity ||
url,www.spyany.com/program/article_spw_rm_SideStep.html || url,www.sidestep.com
2001019 || ET MALWARE SideStep Bar Autoupdate ||
url,www.spyany.com/program/article_spw_rm_SideStep.html || url,www.sidestep.com
2400001 || ET DROP Spamhaus DROP Listed Traffic Inbound ||
url,www.spamhaus.org/drop/drop.lasso
2400002 || ET DROP Spamhaus DROP Listed Traffic Inbound ||
url,www.spamhaus.org/drop/drop.lasso
2400003 || ET DROP Spamhaus DROP Listed Traffic Inbound ||
url,www.spamhaus.org/drop/drop.lasso
2400004 || ET DROP Spamhaus DROP Listed Traffic Inbound ||
url,www.spamhaus.org/drop/drop.lasso
2401001 || ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING
SOURCE || url,www.spamhaus.org/drop/drop.lasso
2401002 || ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING
SOURCE || url,www.spamhaus.org/drop/drop.lasso
2401003 || ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING
SOURCE || url,www.spamhaus.org/drop/drop.lasso
2401004 || ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING
SOURCE || url,www.spamhaus.org/drop/drop.lasso
-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Register now and save $200. Hurry, offer ends at 11:59 p.m.,
Monday, April 7! Use priority code J8TLD2.
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
