[Snort-sigs] Bleedingsnort.com Daily Update

matt at ...2436... matt at ...2436...
Fri Aug 27 18:01:01 EDT 2004


jj

[***] Results from Oinkmaster started Thu Aug 26 20:00:01 2004 [***]

[+++]          Added rules:          [+++]

     -> Added to bleeding-malware.rules (4):
        alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE Malware Unknown Advertising.com Agent"; classtype:trojan-activity; uricontent:"/pops=1/site="; nocase; uricontent:"/bnum="; nocase; sid:2001226; rev:1;)
        alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE Malware Unknown Advertising.com Data Post"; classtype:trojan-activity; uricontent:"/Games/cakedeal.aspx"; nocase; nocase; sid:2001230; rev:1;)
        alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE Malware Unknown Advertising.com Data Post"; classtype:trojan-activity; uricontent:"/Games/villains.aspx"; nocase; nocase; sid:2001228; rev:1;)
        alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE Malware Statblaster Receiving New configuration"; classtype:trojan-activity; uricontent:"/updatestats/update"; nocase; uricontent:".xml"; nocase; sid:2001225; rev:1;)

[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (4):
        2001225 || BLEEDING-EDGE Malware Statblaster Receiving New configuration
        2001226 || BLEEDING-EDGE Malware Unknown Advertising.com Agent
        2001228 || BLEEDING-EDGE Malware Unknown Advertising.com Data Post
        2001230 || BLEEDING-EDGE Malware Unknown Advertising.com Data Post

[*] Added files: [*]
    None.





More information about the Snort-sigs mailing list