[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Fri Dec 10 18:01:29 EST 2004


[***] Results from Oinkmaster started Fri Dec 10 21:00:03 2004 [***]

[+++]          Added rules:          [+++]

     -> Added to bleeding-virus.rules (2):
        alert tcp $EXTERNAL_NET any -> any 25 (msg:"Zafi.B Worm - incoming "; content:"Uk5FTDMyLmRsbAAAAExvYWRMaWJyYXJ5QQAAR2V0UHJvY0FkZHJlc3MAAAAAAA"; nocase; classtype:misc-activity; sid:2001572;)
        alert tcp $HOME_NET any -> any 25 (msg:"Zafi.B Worm outgoing detected "; content:"Uk5FTDMyLmRsbAAAAExvYWRMaWJyYXJ5QQAAR2V0UHJvY0FkZHJlc3MAAAAAAA"; threshold: type limit, track by_src, count 10 , seconds 60 ; nocase; classtype:misc-activity; sid:2001573;)

[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (2):
        2001572 || Zafi.B Worm - incoming
        2001573 || Zafi.B Worm outgoing detected

     -> Added to bleeding-virus.rules (2):
        #added by Mark Scott, Mark.Scott at ...2921..., 6/13/2004 for incoming Zafi.B
        #added by Mark Scott, Mark.Scott at ...2921..., 6/13/2004 for outgoing Zafi.B

[*] Added files: [*]
    None.





More information about the Snort-sigs mailing list