[Snort-sigs] Parasite malware set
matt at ...2436...
Tue Jul 27 15:11:02 EDT 2004
And the new rules for the malware side:
Joel esler has made some updates to a ruleset that's been out there
other places, we're bringing it in here. It's called the parasite rules.
The portion we're adding today is looking for any traffic to a number of
known nets that belong to adware and spyware organizations.
These rules being based on IP blocks need to be updated OFTEn!! SO
PLEASE, if you hit real legit traffic on a net in these rules let us
know asap so we can adjust them.
This is a bit of an experiment. If these rules end up being too much
trouble or too many falses we'll drop them from the malware set.
They are up and active in the malware set on www.bleedingsnort.com now
though. Any suggestions are welcome.
More information about the Snort-sigs