[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Sun Dec 19 18:01:02 EST 2004


[***] Results from Oinkmaster started Sun Dec 19 21:00:01 2004 [***]

[+++]          Added rules:          [+++]

     -> Added to bleeding-virus.rules (2):
        alert tcp $EXTERNAL_NET any -> any 25 (msg:"BLEEDING-EDGE Virus Netsky.Z Worm - incoming detected"; content:"aD5jNHc0Y8VoPmNfYGNj3mg+Y9xoPmPfaD5j3Gg/Y75oPmO+dy1j1Wg+YzR3NWPZaD5jZG4"; nocase; reference:url,secunia.com/virus_information/8911/; classtype:misc-activity; flow:established,to_server; sid:2001602; rev:1;)
        alert tcp $HOME_NET any -> any 25 (msg:"BLEEDING-EDGE Virus Netsky.Z Worm - outgoing detected"; content:"aD5jNHc0Y8VoPmNfYGNj3mg+Y9xoPmPfaD5j3Gg/Y75oPmO+dy1j1Wg+YzR3NWPZaD5jZG4"; threshold: type limit, track by_src, count 10 , seconds 60; nocase; reference:url,secunia.com/virus_information/8911/;classtype:misc-activity; sid:2001603; rev:1;)

[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (2):
        2001602 || BLEEDING-EDGE Virus Netsky.Z Worm - incoming detected || url,secunia.com/virus_information/8911/
        2001603 || BLEEDING-EDGE Virus Netsky.Z Worm - outgoing detected || url,secunia.com/virus_information/8911/

     -> Added to bleeding-virus.rules (1):
        #Submitted by Mark Scott 5/18/2004 for Netsky.Z

[*] Added files: [*]
    None.





More information about the Snort-sigs mailing list