[Snort-sigs] Suspicious File Extensions

Herb Martin HerbM at ...2652...
Tue Jul 20 05:55:45 EDT 2004


The list of "dangerous files" probably includes
all of these extensions:

scr
{*  <<<(represents GUID values which start and end with {}
zip
wsh
wsf
wsc
vbs
vbe
vb
url
shs
sct
reg
rar
plx
pls
plc
pif
pcd
mst
msp
msi
msg
msc
mhtm
mht
mdz
mde
mdb
mda
lnk
jse
js
isp
ins
inf
hta
hlp
fol
exe
ebs
crt
cpl
cmd
chm
bat
bas
adp
ade

> -----Original Message-----
> From: snort-sigs-admin at lists.sourceforge.net
> [mailto:snort-sigs-admin at lists.sourceforge.net] On Behalf Of
> Matthew Jonkman
> Sent: Monday, July 19, 2004 8:20 PM
> To: joe_flowers at ...2642...
> Cc: snort-sigs mailinglist
> Subject: Re: [Snort-sigs] Suspicious File Extensions
>
> Good to know, thanks. I've added cpl to this rule. It's up in
> bleedingsnort.com.
>
> Matt
>
>
> Joe Flowers wrote:
>
> > Matthew:
> >
> > We just got reliable word this afternoon that someone got hit hard
> > with a .cpl file.
> >
> > Joe
> >
> >
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by BEA Weblogic Workshop FREE
> Java Enterprise J2EE developer tools!
> Get your free copy of BEA WebLogic Workshop 8.1 today.
> http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>
>






More information about the Snort-sigs mailing list