[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Fri Apr 15 18:02:34 EDT 2005


[***] Results from Oinkmaster started Fri Apr 15 20:00:05 2005 [***]

[+++]          Added rules:          [+++]

 2001850 - BLEEDING-EDGE MALWARE Likely Trojan/Spyware Installer Requested (bleeding-malware.rules)


[///]     Modified active rules:     [///]

 2000327 - BLEEDING-EDGE MALWARE Spyware 2020 (bleeding-malware.rules)
 2000366 - BLEEDING-EDGE MALWARE Binet (bleeding-malware.rules)
 2000367 - BLEEDING-EDGE MALWARE Binet (bleeding-malware.rules)
 2000371 - BLEEDING-EDGE MALWARE Binet (bleeding-malware.rules)
 2000574 - BLEEDING-EDGE MALWARE Bargain Buddy (bleeding-malware.rules)
 2000593 - BLEEDING-EDGE MALWARE Binet Ad Retrieval (bleeding-malware.rules)
 2000598 - BLEEDING-EDGE MALWARE Altnet PeerPoints Manager Data Submission (bleeding-malware.rules)
 2000903 - BLEEDING-EDGE MALWARE Avres Agent Receiving Instructions (bleeding-malware.rules)
 2000904 - BLEEDING-EDGE MALWARE Amex.Ipsrime.com Unknown Malware Download (bleeding-malware.rules)
 2000906 - BLEEDING-EDGE MALWARE Altnet PeerPoints Manager Start (bleeding-malware.rules)
 2000907 - BLEEDING-EDGE MALWARE Altnet PeerPoints Manager Settings Download (bleeding-malware.rules)
 2000930 - BLEEDING-EDGE MALWARE 180solutions Update Engine (bleeding-malware.rules)
 2000934 - BLEEDING-EDGE MALWARE 2020search Update Engine (bleeding-malware.rules)
 2001031 - BLEEDING-EDGE MALWARE Casino on Net Reporting Data (bleeding-malware.rules)
 2001032 - BLEEDING-EDGE MALWARE Casino on Net Ping Hit (bleeding-malware.rules)
 2001033 - BLEEDING-EDGE MALWARE Casino on Net Data Download (bleeding-malware.rules)
 2001041 - BLEEDING-EDGE MALWARE Casino on Net Install (bleeding-malware.rules)
 2001051 - BLEEDING-EDGE MALWARE 180solutions Spyware (bleeding-malware.rules)
 2001198 - BLEEDING-EDGE MALWARE Twaintec Download Attempt (bleeding-malware.rules)
 2001199 - BLEEDING-EDGE MALWARE Twaintec Ad Retrieval (bleeding-malware.rules)
 2001216 - BLEEDING-EDGE MALWARE Twaintec Reporting Data (bleeding-malware.rules)
 2001226 - BLEEDING-EDGE MALWARE Unknown Advertising.com Agent (bleeding-malware.rules)
 2001228 - BLEEDING-EDGE MALWARE Unknown Advertising.com Data Post (bleeding-malware.rules)
 2001230 - BLEEDING-EDGE MALWARE Unknown Advertising.com Data Post (bleeding-malware.rules)
 2001266 - BLEEDING-EDGE MALWARE Browseraid.com Agent Reporting Data (bleeding-malware.rules)
 2001295 - BLEEDING-EDGE MALWARE Browseraid.com Agent  (bleeding-malware.rules)
 2001304 - BLEEDING-EDGE MALWARE Browseraid.com Agent Updating (bleeding-malware.rules)
 2001318 - BLEEDING-EDGE MALWARE Adwave Agent Access (bleeding-malware.rules)
 2001339 - BLEEDING-EDGE MALWARE BInet Information Upload (bleeding-malware.rules)
 2001345 - BLEEDING-EDGE MALWARE Bonziportal Traffic (bleeding-malware.rules)
 2001397 - BLEEDING-EDGE MALWARE 180solutions Spyware (bleeding-malware.rules)
 2001399 - BLEEDING-EDGE MALWARE 180solutions Spyware (bleeding-malware.rules)
 2001400 - BLEEDING-EDGE MALWARE 180solutions Spyware Reporting (bleeding-malware.rules)
 2001440 - BLEEDING-EDGE MALWARE Abox Download (bleeding-malware.rules)
 2001441 - BLEEDING-EDGE MALWARE Abox Install Report (bleeding-malware.rules)
 2001447 - BLEEDING-EDGE MALWARE 2nd-thought (W32.Daqa.C) Download (bleeding-malware.rules)
 2001450 - BLEEDING-EDGE MALWARE Wintools Download/Configure (bleeding-malware.rules)
 2001451 - BLEEDING-EDGE MALWARE Bundleware Spyware Download (bleeding-malware.rules)
 2001452 - BLEEDING-EDGE MALWARE Bundleware Spyware CHM Download (bleeding-malware.rules)
 2001458 - BLEEDING-EDGE MALWARE Bundleware Spyware cab Download (bleeding-malware.rules)
 2001501 - BLEEDING-EDGE MALWARE Clickspring.net Spyware Reporting (bleeding-malware.rules)
 2001521 - BLEEDING-EDGE MALWARE Spywaremover Activity (bleeding-malware.rules)
 2001528 - BLEEDING-EDGE MALWARE ak-networks.com Access, Likely Spyware (bleeding-malware.rules)
 2001529 - BLEEDING-EDGE MALWARE Casalemedia Access, Likely Spyware (bleeding-malware.rules)
 2001530 - BLEEDING-EDGE MALWARE ak-networks.com Spyware Code Download (bleeding-malware.rules)
 2001531 - BLEEDING-EDGE MALWARE C4tdoanload.com Access, Likely Spyware (bleeding-malware.rules)
 2001576 - BLEEDING-EDGE MALWARE BInet Information Install Report (bleeding-malware.rules)
 2001640 - BLEEDING-EDGE MALWARE Altnet PeerPoints Manager Traffic (bleeding-malware.rules)
 2001730 - BLEEDING-EDGE MALWARE A-d-w-a-r-e.com Activity (bleeding-malware.rules)
 2001735 - BLEEDING-EDGE MALWARE A-d-w-a-r-e.com Activity (bleeding-malware.rules)
 2001737 - BLEEDING-EDGE MALWARE ak-networks.com Spyware Code Install (bleeding-malware.rules)
 2001761 - BLEEDING-EDGE MALWARE ABX Toolbar ActiveX Install (bleeding-malware.rules)


[///]    Modified inactive rules:    [///]

 2001398 - BLEEDING-EDGE MALWARE Bfast.com Spyware (bleeding-malware.rules)
 2001527 - BLEEDING-EDGE MALWARE Casalemedia Access, Likely Spyware (bleeding-malware.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-malware.rules (1):
        #These are for common names of malcode files as seen in common places.

     -> Added to bleeding-sid-msg.map (55):
        2000327 || BLEEDING-EDGE MALWARE Spyware 2020
        2000366 || BLEEDING-EDGE MALWARE Binet || url,sarc.com/avcenter/venc/data/pf/adware.binet.html
        2000367 || BLEEDING-EDGE MALWARE Binet || url,sarc.com/avcenter/venc/data/pf/adware.binet.html
        2000371 || BLEEDING-EDGE MALWARE Binet || url,sarc.com/avcenter/venc/data/pf/adware.binet.html
        2000574 || BLEEDING-EDGE MALWARE Bargain Buddy || url,www.doxdesk.com/parasite/BargainBuddy.html
        2000593 || BLEEDING-EDGE MALWARE Binet Ad Retrieval || url,sarc.com/avcenter/venc/data/pf/adware.binet.html
        2000598 || BLEEDING-EDGE MALWARE Altnet PeerPoints Manager Data Submission
        2000903 || BLEEDING-EDGE MALWARE Avres Agent Receiving Instructions || url,ar.avres.net/ie/updatenew/ || url,www.avres.net
        2000904 || BLEEDING-EDGE MALWARE Amex.Ipsrime.com Unknown Malware Download || url,www.isprime.com || url,amex.isprime.com
        2000906 || BLEEDING-EDGE MALWARE Altnet PeerPoints Manager Start
        2000907 || BLEEDING-EDGE MALWARE Altnet PeerPoints Manager Settings Download
        2000930 || BLEEDING-EDGE MALWARE 180solutions Update Engine || url,www.safer-networking.org/index.php?page=threats&detail=212
        2000934 || BLEEDING-EDGE MALWARE 2020search Update Engine || url,www.safer-networking.org/index.php?page=updatehistory&detail=2004-03-04
        2001031 || BLEEDING-EDGE MALWARE Casino on Net Reporting Data || url,www.888casino.net
        2001032 || BLEEDING-EDGE MALWARE Casino on Net Ping Hit || url,www.888casino.net
        2001033 || BLEEDING-EDGE MALWARE Casino on Net Data Download || url,www.888casino.net
        2001041 || BLEEDING-EDGE MALWARE Casino on Net Install || url,www.888casino.net
        2001051 || BLEEDING-EDGE MALWARE 180solutions Spyware || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html
        2001198 || BLEEDING-EDGE MALWARE Twaintec Download Attempt || url,www.pestpatrol.com/PestInfo/t/twain-tech.asp
        2001199 || BLEEDING-EDGE MALWARE Twaintec Ad Retrieval || url,www.pestpatrol.com/PestInfo/t/twain-tech.asp
        2001216 || BLEEDING-EDGE MALWARE Twaintec Reporting Data || url,www.pestpatrol.com/PestInfo/t/twain-tech.asp
        2001226 || BLEEDING-EDGE MALWARE Unknown Advertising.com Agent
        2001228 || BLEEDING-EDGE MALWARE Unknown Advertising.com Data Post
        2001230 || BLEEDING-EDGE MALWARE Unknown Advertising.com Data Post
        2001266 || BLEEDING-EDGE MALWARE Browseraid.com Agent Reporting Data || url,www.browseraid.com
        2001295 || BLEEDING-EDGE MALWARE Browseraid.com Agent  || url,www.browseraid.com
        2001304 || BLEEDING-EDGE MALWARE Browseraid.com Agent Updating || url,www.browseraid.com
        2001318 || BLEEDING-EDGE MALWARE Adwave Agent Access
        2001339 || BLEEDING-EDGE MALWARE BInet Information Upload || url,sarc.com/avcenter/venc/data/pf/adware.binet.html
        2001345 || BLEEDING-EDGE MALWARE Bonziportal Traffic || url,www.bonzibuddy.com
        2001397 || BLEEDING-EDGE MALWARE 180solutions Spyware || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html
        2001398 || BLEEDING-EDGE MALWARE Bfast.com Spyware || url,www.giantcompany.com/antispyware/research/spyware/spyware-BFast.com.aspx
        2001399 || BLEEDING-EDGE MALWARE 180solutions Spyware || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html
        2001400 || BLEEDING-EDGE MALWARE 180solutions Spyware Reporting || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html
        2001440 || BLEEDING-EDGE MALWARE Abox Download || url,www.giantcompany.com/antispyware/research/spyware/spyware-ABox.aspx
        2001441 || BLEEDING-EDGE MALWARE Abox Install Report
        2001447 || BLEEDING-EDGE MALWARE 2nd-thought (W32.Daqa.C) Download
        2001450 || BLEEDING-EDGE MALWARE Wintools Download/Configure
        2001451 || BLEEDING-EDGE MALWARE Bundleware Spyware Download
        2001452 || BLEEDING-EDGE MALWARE Bundleware Spyware CHM Download
        2001458 || BLEEDING-EDGE MALWARE Bundleware Spyware cab Download
        2001501 || BLEEDING-EDGE MALWARE Clickspring.net Spyware Reporting
        2001521 || BLEEDING-EDGE MALWARE Spywaremover Activity
        2001527 || BLEEDING-EDGE MALWARE Casalemedia Access, Likely Spyware
        2001528 || BLEEDING-EDGE MALWARE ak-networks.com Access, Likely Spyware
        2001529 || BLEEDING-EDGE MALWARE Casalemedia Access, Likely Spyware
        2001530 || BLEEDING-EDGE MALWARE ak-networks.com Spyware Code Download
        2001531 || BLEEDING-EDGE MALWARE C4tdoanload.com Access, Likely Spyware
        2001576 || BLEEDING-EDGE MALWARE BInet Information Install Report || url,sarc.com/avcenter/venc/data/pf/adware.binet.html
        2001640 || BLEEDING-EDGE MALWARE Altnet PeerPoints Manager Traffic
        2001730 || BLEEDING-EDGE MALWARE A-d-w-a-r-e.com Activity || url,www.a-d-w-a-r-e.com
        2001735 || BLEEDING-EDGE MALWARE A-d-w-a-r-e.com Activity || url,www.a-d-w-a-r-e.com
        2001737 || BLEEDING-EDGE MALWARE ak-networks.com Spyware Code Install
        2001761 || BLEEDING-EDGE MALWARE ABX Toolbar ActiveX Install || url,isc.sans.org/diary.php?date=2005-03-04
        2001850 || BLEEDING-EDGE MALWARE Likely Trojan/Spyware Installer Requested

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (54):
        2000327 || BLEEDING-EDGE Malware Spyware 2020
        2000366 || BLEEDING-EDGE Malware Binet || url,sarc.com/avcenter/venc/data/pf/adware.binet.html
        2000367 || BLEEDING-EDGE Malware Binet || url,sarc.com/avcenter/venc/data/pf/adware.binet.html
        2000371 || BLEEDING-EDGE Malware Binet || url,sarc.com/avcenter/venc/data/pf/adware.binet.html
        2000574 || BLEEDING-EDGE Malware Bargain Buddy || url,www.doxdesk.com/parasite/BargainBuddy.html
        2000593 || BLEEDING-EDGE Malware Binet Ad Retrieval || url,sarc.com/avcenter/venc/data/pf/adware.binet.html
        2000598 || BLEEDING-EDGE Malware Altnet PeerPoints Manager Data Submission
        2000903 || BLEEDING-EDGE Malware Avres Agent Receiving Instructions || url,ar.avres.net/ie/updatenew/ || url,www.avres.net
        2000904 || BLEEDING-EDGE Malware Amex.Ipsrime.com Unknown Malware Download || url,www.isprime.com || url,amex.isprime.com
        2000906 || BLEEDING-EDGE Malware Altnet PeerPoints Manager Start
        2000907 || BLEEDING-EDGE Malware Altnet PeerPoints Manager Settings Download
        2000930 || BLEEDING-EDGE Malware 180solutions Update Engine || url,www.safer-networking.org/index.php?page=threats&detail=212
        2000934 || BLEEDING-EDGE Malware 2020search Update Engine || url,www.safer-networking.org/index.php?page=updatehistory&detail=2004-03-04
        2001031 || BLEEDING-EDGE Malware Casino on Net Reporting Data || url,www.888casino.net
        2001032 || BLEEDING-EDGE Malware Casino on Net Ping Hit || url,www.888casino.net
        2001033 || BLEEDING-EDGE Malware Casino on Net Data Download || url,www.888casino.net
        2001041 || BLEEDING-EDGE Malware Casino on Net Install || url,www.888casino.net
        2001051 || BLEEDING-EDGE Malware 180solutions Spyware || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html
        2001198 || BLEEDING-EDGE Malware Twaintec Download Attempt || url,www.pestpatrol.com/PestInfo/t/twain-tech.asp
        2001199 || BLEEDING-EDGE Malware Twaintec Ad Retrieval || url,www.pestpatrol.com/PestInfo/t/twain-tech.asp
        2001216 || BLEEDING-EDGE Malware Twaintec Reporting Data || url,www.pestpatrol.com/PestInfo/t/twain-tech.asp
        2001226 || BLEEDING-EDGE Malware Unknown Advertising.com Agent
        2001228 || BLEEDING-EDGE Malware Unknown Advertising.com Data Post
        2001230 || BLEEDING-EDGE Malware Unknown Advertising.com Data Post
        2001266 || BLEEDING-EDGE Malware Browseraid.com Agent Reporting Data || url,www.browseraid.com
        2001295 || BLEEDING-EDGE Malware Browseraid.com Agent  || url,www.browseraid.com
        2001304 || BLEEDING-EDGE Malware Browseraid.com Agent Updating || url,www.browseraid.com
        2001318 || BLEEDING-EDGE Malware Adwave Agent Access
        2001339 || BLEEDING-EDGE Malware BInet Information Upload || url,sarc.com/avcenter/venc/data/pf/adware.binet.html
        2001345 || BLEEDING-EDGE Malware Bonziportal Traffic || url,www.bonzibuddy.com
        2001397 || BLEEDING-EDGE Malware 180solutions Spyware || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html
        2001398 || BLEEDING-EDGE Malware Bfast.com Spyware || url,www.giantcompany.com/antispyware/research/spyware/spyware-BFast.com.aspx
        2001399 || BLEEDING-EDGE Malware 180solutions Spyware || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html
        2001400 || BLEEDING-EDGE Malware 180solutions Spyware Reporting || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html
        2001440 || BLEEDING-EDGE Malware Abox Download || url,www.giantcompany.com/antispyware/research/spyware/spyware-ABox.aspx
        2001441 || BLEEDING-EDGE Malware Abox Install Report
        2001447 || BLEEDING-EDGE Malware 2nd-thought (W32.Daqa.C) Download
        2001450 || BLEEDING-EDGE Malware Wintools Download/Configure
        2001451 || BLEEDING-EDGE Malware Bundleware Spyware Download
        2001452 || BLEEDING-EDGE Malware Bundleware Spyware CHM Download
        2001458 || BLEEDING-EDGE Malware Bundleware Spyware cab Download
        2001501 || BLEEDING-EDGE Malware Clickspring.net Spyware Reporting
        2001521 || BLEEDING-EDGE Malware Spywaremover Activity
        2001527 || BLEEDING-EDGE Malware Casalemedia Access, Likely Spyware
        2001528 || BLEEDING-EDGE Malware ak-networks.com Access, Likely Spyware
        2001529 || BLEEDING-EDGE Malware Casalemedia Access, Likely Spyware
        2001530 || BLEEDING-EDGE Malware ak-networks.com Spyware Code Download
        2001531 || BLEEDING-EDGE Malware C4tdoanload.com Access, Likely Spyware
        2001576 || BLEEDING-EDGE Malware BInet Information Install Report || url,sarc.com/avcenter/venc/data/pf/adware.binet.html
        2001640 || BLEEDING-EDGE Malware Altnet PeerPoints Manager Traffic
        2001730 || BLEEDING-EDGE Malware A-d-w-a-r-e.com Activity || url,www.a-d-w-a-r-e.com
        2001735 || BLEEDING-EDGE Malware A-d-w-a-r-e.com Activity || url,www.a-d-w-a-r-e.com
        2001737 || BLEEDING-EDGE Malware ak-networks.com Spyware Code Install
        2001761 || BLEEDING-EDGE Malware ABX Toolbar ActiveX Install || url,isc.sans.org/diary.php?date=2005-03-04





More information about the Snort-sigs mailing list