[Snort-sigs] Bleedingsnort.com Daily Update

matt at ...2436... matt at ...2436...
Mon Aug 30 19:23:14 EDT 2004


[***] Results from Oinkmaster started Mon Aug 30 20:00:01 2004 [***]

[///]     Modified active rules:     [///]

     -> Modified active in bleeding.rules (2):
        old: alert ip any any -> any any (msg:"BLEEDING-EDGE Possible CIA trojan activity"; content:"CIA 1."; content:"pass"; classtype:trojan-activity; sid:2001234; rev:1;)
        new: alert ip any any -> any any (msg:"BLEEDING-EDGE Win32/Small.AR outbound activity"; uricontent:"/zosman/cia/index.php"; classtype:trojan-activity; sid:2001234; rev:2;)
        old: alert ip any any -> any any (msg:"BLEEDING-EDGE Possible CIA Trojan/Backdoor download/upload attempt"; content:"|6C 75 66 6A 65 6F 6F|"; classtype:trojan-activity; sid:2001233; rev:1;)
        new: alert ip any any -> any any (msg:"BLEEDING-EDGE Possible Win32/Small.AR download/upload attempt"; content:"|6C 75 66 6A 65 6F 6F|"; classtype:trojan-activity; sid:2001233; rev:2;)

[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (2):
        2001233 || BLEEDING-EDGE Possible Win32/Small.AR download/upload attempt
        2001234 || BLEEDING-EDGE Win32/Small.AR outbound activity

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (2):
        2001233 || BLEEDING-EDGE Possible CIA Trojan/Backdoor download/upload attempt
        2001234 || BLEEDING-EDGE Possible CIA trojan activity

[*] Added files: [*]
    None.





More information about the Snort-sigs mailing list