[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Tue Dec 7 18:02:01 EST 2004


[***] Results from Oinkmaster started Tue Dec  7 21:00:01 2004 [***]

[+++]          Added rules:          [+++]

     -> Added to bleeding-malware.rules (2):
        alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE Malware Spyware Stormer Reporting Data"; uricontent:"/showme.aspx?keyword="; nocase; content:"ecomdata1="; nocase; reference:url,www.spywarestormer.com; flow:established,to_server; sid:2001570; rev:2;)
        alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE Malware Spyware Stormer/Error Guard Activity"; uricontent:"/sell.cgi?errorguard/1/errorguard"; nocase; reference:url,www.spywarestormer.com; flow:established,to_server; sid:2001571; rev:2;)

[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-malware.rules (1):
        #by Matt Jonkman

     -> Added to bleeding-sid-msg.map (2):
        2001570 || BLEEDING-EDGE Malware Spyware Stormer Reporting Data || url,www.spywarestormer.com
        2001571 || BLEEDING-EDGE Malware Spyware Stormer/Error Guard Activity || url,www.spywarestormer.com

[+] Added files (consider updating your snort.conf to include them): [+]

    -> bleeding-custom.rules





More information about the Snort-sigs mailing list