[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Thu Apr 7 18:01:26 EDT 2005


[***] Results from Oinkmaster started Thu Apr  7 20:00:05 2005 [***]

[+++]          Added rules:          [+++]

 2001842 - BLEEDING-EDGE Possible DNS Lookup for DNS Poisoning Domain 7sir7.com (bleeding.rules)
 2001843 - BLEEDING-EDGE Possible DNS Lookup for DNS Poisoning Domain 123xxl.com (bleeding.rules)
 2001844 - BLEEDING-EDGE Possible DNS Lookup for DNS Poisoning Domain abx4.com (bleeding.rules)


[---]         Removed rules:         [---]

 2001271 - BLEEDING-EDGE VIRUS MiMail.P Worm - DNS Query (bleeding-virus.rules)
 2001272 - BLEEDING-EDGE VIRUS MiMail.P Worm - Mail Attachment (bleeding-virus.rules)
 2001289 - BLEEDING-EDGE VIRUS Korgo Worm IRC Connection (bleeding-virus.rules)
 2001439 - BLEEDING-EDGE WORM Mydoom.ah/i Infection IRC Activity (bleeding-virus.rules)
 2001755 - BLEEDING-EDGE WORM Spybot Variant -- Rogue wumgrs32 (bleeding-virus.rules)
 2001798 - BLEEDING-EDGE TROJAN IRC Bot - exploited.lsass.cc access (bleeding-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (3):
        2001842 || BLEEDING-EDGE Possible DNS Lookup for DNS Poisoning Domain 7sir7.com || url,isc.sans.org/diary.php?date=2005-04-07
        2001843 || BLEEDING-EDGE Possible DNS Lookup for DNS Poisoning Domain 123xxl.com || url,isc.sans.org/diary.php?date=2005-04-07
        2001844 || BLEEDING-EDGE Possible DNS Lookup for DNS Poisoning Domain abx4.com || url,isc.sans.org/diary.php?date=2005-04-07

     -> Added to bleeding.rules (1):
        #Matt Jonkman, related to dns poisoning

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (6):
        2001271 || BLEEDING-EDGE VIRUS MiMail.P Worm - DNS Query
        2001272 || BLEEDING-EDGE VIRUS MiMail.P Worm - Mail Attachment
        2001289 || BLEEDING-EDGE VIRUS Korgo Worm IRC Connection
        2001439 || BLEEDING-EDGE WORM Mydoom.ah/i Infection IRC Activity
        2001755 || BLEEDING-EDGE WORM Spybot Variant -- Rogue wumgrs32 || url,securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html
        2001798 || BLEEDING-EDGE TROJAN IRC Bot - exploited.lsass.cc access || url,isc.sans.org/diary.php?date=2005-03-20

     -> Removed from bleeding-virus.rules (4):
        #	MiMail Worm
        #Submitted by Michael Sconzo and taken from Netsquid
        #Submitted by colforbin5 for MyDoom.AH/I
        #From Wes Young





More information about the Snort-sigs mailing list