[Snort-sigs] More Malware rules

Matthew Jonkman matt at ...2436...
Sat Jul 24 17:32:01 EDT 2004


There are a number of new malware rules up on bleedingsnort.com now. 5 
or 10 since my last post.

I won't clutter the list with posting them everytime. I've got several 
vmware loads trolling for spyware. As I see one do something I put up a 
rule for it.

So just keep an eye on the bleeding.rules and use what you like. The cvs 
web might help if you're just looking for the new ones.

Once I'm done with thei exercise (week or so I'd imagine) I'll try to 
put up a summary of all the rules added.

A few others have embarked on similar exercises, thanks. Keep the rules 
coming. I really recommend doing this, it's very enlightening.

Matt




More information about the Snort-sigs mailing list