[***] Results from Oinkmaster started Sat Jul 19 18:00:08 2008 [***]
[+++] Added rules: [+++]
2008402 - ET MALWARE Realtimegaming.com Online Casino Spyware Gaming Checkin
(emerging-malware.rules)
2008403 - ET MALWARE Realtimegaming.com/Windows Casino Online Gaming Checkin
(emerging-malware.rules)
2008405 - ET TROJAN Obitel trojan calling home (emerging-virus.rules)
2008406 - ET POLICY RemoteSpy.com Upload Detect (emerging-policy.rules)
2008407 - ET CURRENT_EVENTS Snapshot Viewer for Microsoft Access ActiveX
Control Arbitrary File Download (1) (emerging.rules)
2008408 - ET CURRENT_EVENTS Snapshot Viewer for Microsoft Access ActiveX
Control Arbitrary File Download (2) (emerging.rules)
2008409 - ET CURRENT_EVENTS Snapshot Viewer for Microsoft Access ActiveX
Control Arbitrary File Download (3) (emerging.rules)
2008411 - ET TROJAN LDPinch SMTP Password Report with mail client The Bat!
(emerging-virus.rules)
2008412 - ET TROJAN Trojan-Dropper.Win32.Small.avu HTTP Checkin
(emerging-virus.rules)
2008413 - ET MALWARE Suspicious User-Agent (PcPcUpdater)
(emerging-malware.rules)
2008414 - ET SCAN Cisco Torch TFTP Scan (emerging-scan.rules)
2008415 - ET SCAN Cisco Torch IOS HTTP Scan (emerging-scan.rules)
2008416 - ET SCAN Httprint Web Server Fingerprint Scan (emerging-scan.rules)
2008417 - ET SCAN Wapiti Web Server Scan (emerging-scan.rules)
2008418 - ET POLICY Metasploit Framework Update (emerging-policy.rules)
2008419 - ET MALWARE Advert-network.com Related Spyware Updating
(emerging-malware.rules)
2008420 - ET TROJAN HTTP GET Request on port 53 -- Very Likely Hostile
(emerging-virus.rules)
2008421 - ET TROJAN HTTP POST Request on port 53 -- Very Likely Hostile
(emerging-virus.rules)
2008422 - ET MALWARE Suspicious User-Agent (Inet_read) (emerging-malware.rules)
2008423 - ET MALWARE Suspicious User-Agent (CFS Agent) (emerging-malware.rules)
2008424 - ET MALWARE Suspicious User-Agent (CFS_DOWNLOAD)
(emerging-malware.rules)
2008425 - ET MALWARE Advert-network.com Related Spyware Checking for Updates
(emerging-malware.rules)
2008426 - ET EXPLOIT SecurityGateway 1.0.1 Remote Buffer Overflow
(emerging-exploit.rules)
2008427 - ET MALWARE Suspicious User-Agent (AdiseExplorer)
(emerging-malware.rules)
2008428 - ET MALWARE Suspicious User-Agent (HTTP Downloader)
(emerging-malware.rules)
2008429 - ET MALWARE Suspicious User-Agent (HttpDownload)
(emerging-malware.rules)
2008430 - ET TROJAN Win32.Dialer.buv Sending Information Home
(emerging-virus.rules)
2008431 - ET TROJAN PWS.Gamania Checkin (emerging-virus.rules)
2008433 - ET TROJAN Pandex checkin detected (emerging-virus.rules)
2008434 - ET TROJAN Coreflood/AFcore Trojan Infection (emerging-virus.rules)
2008435 - ET TROJAN Win32.Testlink Trojan Speed Test Start port 8888
(emerging-virus.rules)
2008436 - ET TROJAN Win32.Testlink Trojan Speed Test port 8888
(emerging-virus.rules)
2008437 - ET TROJAN Win32.Testlink Trojan Checkin port 8888
(emerging-virus.rules)
2008438 - ET MALWARE Possible Windows executable sent when remote host claims
to send a Text File (emerging-malware.rules)
2008439 - ET WEB_SQL_INJECTION AlstraSoft Affiliate Network Pro (pgm)
Parameter SQL Injection (emerging-web_sql_injection.rules)
2008440 - ET MALWARE Suspicious User-Agent (Download App)
(emerging-malware.rules)
2008441 - ET TROJAN Win32 Dialer Variant (emerging-virus.rules)
2008442 - ET TROJAN Rootkit.Win32.Clbd.cz Checkin (emerging-virus.rules)
2008443 - ET TROJAN Coreflood/AFcore Trojan Infection (2)
(emerging-virus.rules)
2008444 - ET EXPLOIT PWDump4 Password dumping exe copied to victim
(emerging-exploit.rules)
2008445 - ET EXPLOIT Pwdump6 Session Established test file created on victim
(emerging-exploit.rules)
2008446 - ET EXPLOIT Fgdump Session Established test file created created on
victim (emerging-exploit.rules)
2008447 - ET EXPLOIT Foofus.net Password dumping, dll injection
(emerging-exploit.rules)
2008449 - ET TROJAN Keylogger.ane Checkin (emerging-virus.rules)
[///] Modified active rules: [///]
2002400 - ET MALWARE Suspicious User Agent (Microsoft Internet Explorer)
(emerging-malware.rules)
2003243 - ET MALWARE Suspicious User Agent (Download Agent) Possibly Related
to TrinityAcquisitions.com (emerging-malware.rules)
2003497 - ET MALWARE Suspicious User-Agent (ms) (emerging-malware.rules)
2007594 - ET TROJAN Banker.Delf User-Agent (Mz/MzApp) (emerging-virus.rules)
2007930 - ET TROJAN Delf/Hupigon C&C Channel Version Report
(emerging-virus.rules)
2008100 - ET TROJAN PRG/wnspoem/Zeus InfoStealer Trojan Config Download
(emerging-virus.rules)
2008260 - ET TROJAN Pointpack.kr Related Trojan Checkin (emerging-virus.rules)
2008374 - ET MALWARE Suspicious User-Agent (InetURL) (emerging-malware.rules)
2008378 - ET MALWARE Suspicious User-Agent (ErrCode) (emerging-malware.rules)
2008391 - ET MALWARE Suspicious User-Agent (svchost) (emerging-malware.rules)
2008400 - ET MALWARE Suspicious User-Agent (ReadFileURL)
(emerging-malware.rules)
2400000 - ET DROP Spamhaus DROP Listed Traffic Inbound (emerging-drop.rules)
2400001 - ET DROP Spamhaus DROP Listed Traffic Inbound (emerging-drop.rules)
2400002 - ET DROP Spamhaus DROP Listed Traffic Inbound (emerging-drop.rules)
2400003 - ET DROP Spamhaus DROP Listed Traffic Inbound (emerging-drop.rules)
2400004 - ET DROP Spamhaus DROP Listed Traffic Inbound (emerging-drop.rules)
2401000 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE
(emerging-drop-BLOCK.rules)
2401001 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE
(emerging-drop-BLOCK.rules)
2401002 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE
(emerging-drop-BLOCK.rules)
2401003 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE
(emerging-drop-BLOCK.rules)
2401004 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE
(emerging-drop-BLOCK.rules)
2402000 - ET DROP Dshield Block Listed Source (emerging-dshield.rules)
2403000 - ET DROP Dshield Block Listed Source - BLOCKING
(emerging-dshield-BLOCK.rules)
2404000 - ET DROP Known Bot C&C Server Traffic (group 1)
(emerging-botcc.rules)
2404001 - ET DROP Known Bot C&C Server Traffic (group 2)
(emerging-botcc.rules)
2404002 - ET DROP Known Bot C&C Server Traffic (group 3)
(emerging-botcc.rules)
2404003 - ET DROP Known Bot C&C Server Traffic (group 4)
(emerging-botcc.rules)
2404004 - ET DROP Known Bot C&C Server Traffic (group 5)
(emerging-botcc.rules)
2404005 - ET DROP Known Bot C&C Server Traffic (group 6)
(emerging-botcc.rules)
2404006 - ET DROP Known Bot C&C Server Traffic (group 7)
(emerging-botcc.rules)
2404007 - ET DROP Known Bot C&C Server Traffic (group 8)
(emerging-botcc.rules)
2404008 - ET DROP Known Bot C&C Server Traffic (group 9)
(emerging-botcc.rules)
2404009 - ET DROP Known Bot C&C Server Traffic (group 10)
(emerging-botcc.rules)
2404010 - ET DROP Known Bot C&C Server Traffic (group 11)
(emerging-botcc.rules)
2404011 - ET DROP Known Bot C&C Server Traffic (group 12)
(emerging-botcc.rules)
2404012 - ET DROP Known Bot C&C Server Traffic (group 13)
(emerging-botcc.rules)
2404013 - ET DROP Known Bot C&C Server Traffic (group 14)
(emerging-botcc.rules)
2404014 - ET DROP Known Bot C&C Server Traffic (group 15)
(emerging-botcc.rules)
2404015 - ET DROP Known Bot C&C Server Traffic (group 16)
(emerging-botcc.rules)
2404016 - ET DROP Known Bot C&C Server Traffic (group 17)
(emerging-botcc.rules)
2404017 - ET DROP Known Bot C&C Server Traffic (group 18)
(emerging-botcc.rules)
2404018 - ET DROP Known Bot C&C Server Traffic (group 19)
(emerging-botcc.rules)
2404019 - ET DROP Known Bot C&C Server Traffic (group 20)
(emerging-botcc.rules)
2404020 - ET DROP Known Bot C&C Server Traffic (group 21)
(emerging-botcc.rules)
2405000 - ET DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE
(emerging-botcc-BLOCK.rules)
2405001 - ET DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE
(emerging-botcc-BLOCK.rules)
2405002 - ET DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE
(emerging-botcc-BLOCK.rules)
2405003 - ET DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE
(emerging-botcc-BLOCK.rules)
2405004 - ET DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE
(emerging-botcc-BLOCK.rules)
2405005 - ET DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE
(emerging-botcc-BLOCK.rules)
2405006 - ET DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE
(emerging-botcc-BLOCK.rules)
2405007 - ET DROP Known Bot C&C Traffic (group 8) - BLOCKING SOURCE
(emerging-botcc-BLOCK.rules)
2405008 - ET DROP Known Bot C&C Traffic (group 9) - BLOCKING SOURCE
(emerging-botcc-BLOCK.rules)
2405009 - ET DROP Known Bot C&C Traffic (group 10) - BLOCKING SOURCE
(emerging-botcc-BLOCK.rules)
2405010 - ET DROP Known Bot C&C Traffic (group 11) - BLOCKING SOURCE
(emerging-botcc-BLOCK.rules)
2405011 - ET DROP Known Bot C&C Traffic (group 12) - BLOCKING SOURCE
(emerging-botcc-BLOCK.rules)
2405012 - ET DROP Known Bot C&C Traffic (group 13) - BLOCKING SOURCE
(emerging-botcc-BLOCK.rules)
2405013 - ET DROP Known Bot C&C Traffic (group 14) - BLOCKING SOURCE
(emerging-botcc-BLOCK.rules)
2405014 - ET DROP Known Bot C&C Traffic (group 15) - BLOCKING SOURCE
(emerging-botcc-BLOCK.rules)
2405015 - ET DROP Known Bot C&C Traffic (group 16) - BLOCKING SOURCE
(emerging-botcc-BLOCK.rules)
2405016 - ET DROP Known Bot C&C Traffic (group 17) - BLOCKING SOURCE
(emerging-botcc-BLOCK.rules)
2405017 - ET DROP Known Bot C&C Traffic (group 18) - BLOCKING SOURCE
(emerging-botcc-BLOCK.rules)
2405018 - ET DROP Known Bot C&C Traffic (group 19) - BLOCKING SOURCE
(emerging-botcc-BLOCK.rules)
2405019 - ET DROP Known Bot C&C Traffic (group 20) - BLOCKING SOURCE
(emerging-botcc-BLOCK.rules)
2405020 - ET DROP Known Bot C&C Traffic (group 21) - BLOCKING SOURCE
(emerging-botcc-BLOCK.rules)
[+++] Added non-rule lines: [+++]
-> Added to emerging-drop-BLOCK.rules (2):
# VERSION 1232
# Generated 2008-07-18 00:03:02 EDT
-> Added to emerging-drop.rules (2):
# VERSION 1232
# Generated 2008-07-18 00:03:02 EDT
-> Added to emerging-exploit.rules (5):
#by Rich Rumble
#PWDump6
#FGDump
#This should catch both FGDump and PWDump
#by Chandan at Secpod.com
-> Added to emerging-malware.rules (10):
#by Philipp Bescht
#deapesh misra
#they run a lot of casino online games
#matt jonkman, re f5e2b1706a3e0e6d34e70677a6e952a6
#by jholguin (tb-security)
#by jholguin (tb-security)
#by Marcus at unsober
#by philipp betsch
#by deapesh misra
#Marcus at unsober
-> Added to emerging-policy.rules (5):
#by Kevin Ross and others
#by marcus at unsober
#ref: 0d805713a6f969a3675d5776c7b2c4df
#Matt Jonkman, modified by jholguin (tb-security)
#by jholguin (tb-security), re d5d466779b27cfc8e68c73145c5f3b36
-> Added to emerging-scan.rules (1):
# CISCO TORCH SCAN DETECTION RULES
-> Added to emerging-sid-msg.map (45):
2007594 || ET TROJAN Banker.Delf User-Agent (Mz/MzApp) ||
url,www.avira.com/en/threats/section/details/id_vir/1836/tr_banker.delf.df735649.html
2008402 || ET MALWARE Realtimegaming.com Online Casino Spyware Gaming
Checkin
2008403 || ET MALWARE Realtimegaming.com/Windows Casino Online Gaming
Checkin
2008405 || ET TROJAN Obitel trojan calling home ||
url,www.abuse.ch/?p=143
2008406 || ET POLICY RemoteSpy.com Upload Detect
2008407 || ET CURRENT_EVENTS Snapshot Viewer for Microsoft Access
ActiveX Control Arbitrary File Download (1) ||
url,pstgroup.blogspot.com/2008/07/exploitmicrosoft-office-snapshot-viewer.html
|| url,downloads.securityfocus.com/vulnerabilities/exploits/30114.html ||
bugtraq,30114
2008408 || ET CURRENT_EVENTS Snapshot Viewer for Microsoft Access
ActiveX Control Arbitrary File Download (2) ||
url,pstgroup.blogspot.com/2008/07/exploitmicrosoft-office-snapshot-viewer.html
|| url,downloads.securityfocus.com/vulnerabilities/exploits/30114.html ||
bugtraq,30114
2008409 || ET CURRENT_EVENTS Snapshot Viewer for Microsoft Access
ActiveX Control Arbitrary File Download (3) ||
url,pstgroup.blogspot.com/2008/07/exploitmicrosoft-office-snapshot-viewer.html
|| url,downloads.securityfocus.com/vulnerabilities/exploits/30114.html ||
bugtraq,30114
2008411 || ET TROJAN LDPinch SMTP Password Report with mail client The
Bat!
2008412 || ET TROJAN Trojan-Dropper.Win32.Small.avu HTTP Checkin
2008413 || ET MALWARE Suspicious User-Agent (PcPcUpdater)
2008414 || ET SCAN Cisco Torch TFTP Scan ||
url,www.securiteam.com/tools/5EP0F1FEUA.html ||
url,www.hackingexposedcisco.com/?link=tools
2008415 || ET SCAN Cisco Torch IOS HTTP Scan ||
url,www.securiteam.com/tools/5EP0F1FEUA.html ||
url,www.hackingexposedcisco.com/?link=tools
2008416 || ET SCAN Httprint Web Server Fingerprint Scan ||
url,www.net-square.com/httprint/httprint_paper.html ||
url,www.net-square.com/httprint/
2008417 || ET SCAN Wapiti Web Server Scan || url,wapiti.sourceforge.net
2008418 || ET POLICY Metasploit Framework Update ||
url,www.ethicalhacker.net/content/view/29/24/ ||
url,www.metasploit.com/framework/
2008419 || ET MALWARE Advert-network.com Related Spyware Updating
2008420 || ET TROJAN HTTP GET Request on port 53 -- Very Likely Hostile
2008421 || ET TROJAN HTTP POST Request on port 53 -- Very Likely Hostile
2008422 || ET MALWARE Suspicious User-Agent (Inet_read)
2008423 || ET MALWARE Suspicious User-Agent (CFS Agent)
2008424 || ET MALWARE Suspicious User-Agent (CFS_DOWNLOAD)
2008425 || ET MALWARE Advert-network.com Related Spyware Checking for
Updates
2008426 || ET EXPLOIT SecurityGateway 1.0.1 Remote Buffer Overflow ||
url,milw0rm.com/exploits/5718 || url,frsirt.com/english/advisories/2008/1717
2008427 || ET MALWARE Suspicious User-Agent (AdiseExplorer)
2008428 || ET MALWARE Suspicious User-Agent (HTTP Downloader)
2008429 || ET MALWARE Suspicious User-Agent (HttpDownload)
2008430 || ET TROJAN Win32.Dialer.buv Sending Information Home
2008431 || ET TROJAN PWS.Gamania Checkin
2008433 || ET TROJAN Pandex checkin detected
2008434 || ET TROJAN Coreflood/AFcore Trojan Infection ||
url,www.secureworks.com/research/threats/coreflood
2008435 || ET TROJAN Win32.Testlink Trojan Speed Test Start port 8888
2008436 || ET TROJAN Win32.Testlink Trojan Speed Test port 8888
2008437 || ET TROJAN Win32.Testlink Trojan Checkin port 8888
2008438 || ET MALWARE Possible Windows executable sent when remote host
claims to send a Text File
2008439 || ET WEB_SQL_INJECTION AlstraSoft Affiliate Network Pro (pgm)
Parameter SQL Injection || url,milw0rm.com/exploits/6087 || bugtraq,30259
2008440 || ET MALWARE Suspicious User-Agent (Download App)
2008441 || ET TROJAN Win32 Dialer Variant
2008442 || ET TROJAN Rootkit.Win32.Clbd.cz Checkin
2008443 || ET TROJAN Coreflood/AFcore Trojan Infection (2) ||
url,www.secureworks.com/research/threats/coreflood
2008444 || ET EXPLOIT PWDump4 Password dumping exe copied to victim ||
url,xinn.org/Snort-pwdump4.html
2008445 || ET EXPLOIT Pwdump6 Session Established test file created on
victim || url,xinn.org/Snort-pwdump6.html
2008446 || ET EXPLOIT Fgdump Session Established test file created
created on victim || url,xinn.org/Snort-fgdump.html
2008447 || ET EXPLOIT Foofus.net Password dumping, dll injection ||
url,xinn.org/Snort-fgdump.html
2008449 || ET TROJAN Keylogger.ane Checkin
-> Added to emerging-sid-msg.map.txt (45):
2007594 || ET TROJAN Banker.Delf User-Agent (Mz/MzApp) ||
url,www.avira.com/en/threats/section/details/id_vir/1836/tr_banker.delf.df735649.html
2008402 || ET MALWARE Realtimegaming.com Online Casino Spyware Gaming
Checkin
2008403 || ET MALWARE Realtimegaming.com/Windows Casino Online Gaming
Checkin
2008405 || ET TROJAN Obitel trojan calling home ||
url,www.abuse.ch/?p=143
2008406 || ET POLICY RemoteSpy.com Upload Detect
2008407 || ET CURRENT_EVENTS Snapshot Viewer for Microsoft Access
ActiveX Control Arbitrary File Download (1) ||
url,pstgroup.blogspot.com/2008/07/exploitmicrosoft-office-snapshot-viewer.html
|| url,downloads.securityfocus.com/vulnerabilities/exploits/30114.html ||
bugtraq,30114
2008408 || ET CURRENT_EVENTS Snapshot Viewer for Microsoft Access
ActiveX Control Arbitrary File Download (2) ||
url,pstgroup.blogspot.com/2008/07/exploitmicrosoft-office-snapshot-viewer.html
|| url,downloads.securityfocus.com/vulnerabilities/exploits/30114.html ||
bugtraq,30114
2008409 || ET CURRENT_EVENTS Snapshot Viewer for Microsoft Access
ActiveX Control Arbitrary File Download (3) ||
url,pstgroup.blogspot.com/2008/07/exploitmicrosoft-office-snapshot-viewer.html
|| url,downloads.securityfocus.com/vulnerabilities/exploits/30114.html ||
bugtraq,30114
2008411 || ET TROJAN LDPinch SMTP Password Report with mail client The
Bat!
2008412 || ET TROJAN Trojan-Dropper.Win32.Small.avu HTTP Checkin
2008413 || ET MALWARE Suspicious User-Agent (PcPcUpdater)
2008414 || ET SCAN Cisco Torch TFTP Scan ||
url,www.securiteam.com/tools/5EP0F1FEUA.html ||
url,www.hackingexposedcisco.com/?link=tools
2008415 || ET SCAN Cisco Torch IOS HTTP Scan ||
url,www.securiteam.com/tools/5EP0F1FEUA.html ||
url,www.hackingexposedcisco.com/?link=tools
2008416 || ET SCAN Httprint Web Server Fingerprint Scan ||
url,www.net-square.com/httprint/httprint_paper.html ||
url,www.net-square.com/httprint/
2008417 || ET SCAN Wapiti Web Server Scan || url,wapiti.sourceforge.net
2008418 || ET POLICY Metasploit Framework Update ||
url,www.ethicalhacker.net/content/view/29/24/ ||
url,www.metasploit.com/framework/
2008419 || ET MALWARE Advert-network.com Related Spyware Updating
2008420 || ET TROJAN HTTP GET Request on port 53 -- Very Likely Hostile
2008421 || ET TROJAN HTTP POST Request on port 53 -- Very Likely Hostile
2008422 || ET MALWARE Suspicious User-Agent (Inet_read)
2008423 || ET MALWARE Suspicious User-Agent (CFS Agent)
2008424 || ET MALWARE Suspicious User-Agent (CFS_DOWNLOAD)
2008425 || ET MALWARE Advert-network.com Related Spyware Checking for
Updates
2008426 || ET EXPLOIT SecurityGateway 1.0.1 Remote Buffer Overflow ||
url,milw0rm.com/exploits/5718 || url,frsirt.com/english/advisories/2008/1717
2008427 || ET MALWARE Suspicious User-Agent (AdiseExplorer)
2008428 || ET MALWARE Suspicious User-Agent (HTTP Downloader)
2008429 || ET MALWARE Suspicious User-Agent (HttpDownload)
2008430 || ET TROJAN Win32.Dialer.buv Sending Information Home
2008431 || ET TROJAN PWS.Gamania Checkin
2008433 || ET TROJAN Pandex checkin detected
2008434 || ET TROJAN Coreflood/AFcore Trojan Infection ||
url,www.secureworks.com/research/threats/coreflood
2008435 || ET TROJAN Win32.Testlink Trojan Speed Test Start port 8888
2008436 || ET TROJAN Win32.Testlink Trojan Speed Test port 8888
2008437 || ET TROJAN Win32.Testlink Trojan Checkin port 8888
2008438 || ET MALWARE Possible Windows executable sent when remote host
claims to send a Text File
2008439 || ET WEB_SQL_INJECTION AlstraSoft Affiliate Network Pro (pgm)
Parameter SQL Injection || url,milw0rm.com/exploits/6087 || bugtraq,30259
2008440 || ET MALWARE Suspicious User-Agent (Download App)
2008441 || ET TROJAN Win32 Dialer Variant
2008442 || ET TROJAN Rootkit.Win32.Clbd.cz Checkin
2008443 || ET TROJAN Coreflood/AFcore Trojan Infection (2) ||
url,www.secureworks.com/research/threats/coreflood
2008444 || ET EXPLOIT PWDump4 Password dumping exe copied to victim ||
url,xinn.org/Snort-pwdump4.html
2008445 || ET EXPLOIT Pwdump6 Session Established test file created on
victim || url,xinn.org/Snort-pwdump6.html
2008446 || ET EXPLOIT Fgdump Session Established test file created
created on victim || url,xinn.org/Snort-fgdump.html
2008447 || ET EXPLOIT Foofus.net Password dumping, dll injection ||
url,xinn.org/Snort-fgdump.html
2008449 || ET TROJAN Keylogger.ane Checkin
-> Added to emerging-virus.rules (9):
#by Marcus at unsober, re 68926f2883af13d6001126aae4345dab
#modified version for new variants, matt jonkman
#by jholguin
#matt jonkman, re c611990bfb445edf0bea8a63212ad43a
#marcus at unsober
#ref: 6b4ef50e3e21205685cea919ebf93476
#re 415908b65e87d91daa94704ef7e2788b, by jholguin (tb-security)
#sig by matt jonkman
#matt jonkman, caught by robert kerr, re
0853fa768e3e9a3dff293676d68b3d1b
-> Added to emerging-web_sql_injection.rules (1):
#by chandan of secpod
-> Added to emerging.rules (1):
#by Chandan at Secpod
[---] Removed non-rule lines: [---]
-> Removed from emerging-drop-BLOCK.rules (2):
# VERSION 1226
# Generated 2008-07-12 00:03:02 EDT
-> Removed from emerging-drop.rules (2):
# VERSION 1226
# Generated 2008-07-12 00:03:02 EDT
-> Removed from emerging-malware.rules (1):
#by Jose Miguel
-> Removed from emerging-policy.rules (2):
#Matt Jonkman, modified by Jose Miguel Holguin Aparicio
#by Jose Miguel Holguin Aparicio, re d5d466779b27cfc8e68c73145c5f3b36
-> Removed from emerging-sid-msg.map (1):
2007594 || ET TROJAN Banker.Delf User-Agent (MzApp) ||
url,www.avira.com/en/threats/section/details/id_vir/1836/tr_banker.delf.df735649.html
-> Removed from emerging-sid-msg.map.txt (1):
2007594 || ET TROJAN Banker.Delf User-Agent (MzApp) ||
url,www.avira.com/en/threats/section/details/id_vir/1836/tr_banker.delf.df735649.html
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
