[Snort-sigs] Parasite malware set

Matthew Jonkman matt at ...2436...
Tue Jul 27 15:11:02 EDT 2004


And the new rules for the malware side:

Joel esler has made some updates to a ruleset that's been out there 
other places, we're bringing it in here. It's called the parasite rules. 
The portion we're adding today is looking for any traffic to a number of 
known nets that belong to adware and spyware organizations.

These rules being based on IP blocks need to be updated OFTEn!!  SO 
PLEASE, if you hit real legit traffic on a net in these rules let us 
know asap so we can adjust them.

This is a bit of an experiment. If these rules end up being too much 
trouble or too many falses we'll drop them from the malware set.

They are up and active in the malware set on www.bleedingsnort.com now 
though. Any suggestions are welcome.

Thanks

Matt




More information about the Snort-sigs mailing list