[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Sun Dec 26 18:01:01 EST 2004


[***] Results from Oinkmaster started Sun Dec 26 21:00:03 2004 [***]

[///]     Modified active rules:     [///]

     -> Modified active in bleeding-virus.rules (2):
        old: alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE Virus Santy.C Outbound Attack --LOCAL INFECTION--"; uricontent:"/spy.gif?&cmd=cd /tmp\;wget"; nocase; reference:url,www.k-otik.com/exploits/20041225.SantyC.php; flow:to_server,established; sid:2001615; rev:3;)
        new: alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE Virus Santy.C Outbound Attack --LOCAL INFECTION--"; content:"?&cmd=cd%20/tmp\;wget%20"; nocase; content:"perl%20"; nocase; reference:url,www.k-otik.com/exploits/20041225.SantyC.php; flow:to_server,established; sid:2001615; rev:8;)
        old: alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"BLEEDING-EDGE Virus Santy.C Inbound Attack"; uricontent:"/spy.gif?&cmd=cd /tmp\;wget"; nocase; reference:url,www.k-otik.com/exploits/20041225.SantyC.php; flow:to_server,established; sid:2001614; rev:3;)
        new: alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"BLEEDING-EDGE Virus Santy.C Inbound Attack"; content:"?&cmd=cd%20/tmp\;wget%20"; nocase; content:"perl%20"; nocase; reference:url,www.k-otik.com/exploits/20041225.SantyC.php; flow:to_server,established; sid:2001614; rev:8;)

[*] Non-rule line modifications: [*]
    None.

[*] Added files: [*]
    None.





More information about the Snort-sigs mailing list