[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Thu Apr 28 18:02:01 EDT 2005


[***] Results from Oinkmaster started Thu Apr 28 20:00:04 2005 [***]

[///]     Modified active rules:     [///]

 2001621 - BLEEDING-EDGE Exploit Suspected PHP Injection Attack (bleeding-web.rules)
 2001810 - BLEEDING-EDGE EXPLOIT WEB PHP remote file include exploit attempt (bleeding-web.rules)
 2001886 - BLEEDING-EDGE MALWARE ToolbarPartner Spyware Install (bleeding-malware.rules)
 2001887 - BLEEDING-EDGE MALWARE ToolbarPartner Spyware Activity (bleeding-malware.rules)
 2001888 - BLEEDING-EDGE MALWARE ToolbarPartner Spyware Activity (bleeding-malware.rules)
 2001889 - BLEEDING-EDGE MALWARE ToolbarPartner Spyware Jeemp Trojan Download (bleeding-malware.rules)
 2001890 - BLEEDING-EDGE MALWARE ToolbarPartner Spyware Agent Download (bleeding-malware.rules)
 2001892 - BLEEDING-EDGE MALWARE ToolbarPartner Spyware Agent Download (bleeding-malware.rules)
 2001893 - BLEEDING-EDGE MALWARE ToolbarPartner Spyware Agent Reporting Install (bleeding-malware.rules)
 2001894 - BLEEDING-EDGE MALWARE ToolbarPartner Spyware Agent Partner Install (bleeding-malware.rules)
 2001895 - BLEEDING-EDGE MALWARE ToolbarPartner Spyware Spambot Retrieving Target Emails (bleeding-malware.rules)
 2001896 - BLEEDING-EDGE MALWARE Mis-typed Google.com Request Potential Malware install (bleeding-malware.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-malware.rules (1):
        #Erik Fichtner and Shirkdog

     -> Added to bleeding-sid-msg.map (10):
        2001621 || BLEEDING-EDGE Exploit Suspected PHP Injection Attack || cve,2002-0953
        2001886 || BLEEDING-EDGE MALWARE ToolbarPartner Spyware Install || url,toolbarpartner.com
        2001887 || BLEEDING-EDGE MALWARE ToolbarPartner Spyware Activity || url,toolbarpartner.com
        2001888 || BLEEDING-EDGE MALWARE ToolbarPartner Spyware Activity || url,toolbarpartner.com
        2001889 || BLEEDING-EDGE MALWARE ToolbarPartner Spyware Jeemp Trojan Download || url,toolbarpartner.com
        2001890 || BLEEDING-EDGE MALWARE ToolbarPartner Spyware Agent Download || url,toolbarpartner.com
        2001892 || BLEEDING-EDGE MALWARE ToolbarPartner Spyware Agent Download || url,toolbarpartner.com
        2001893 || BLEEDING-EDGE MALWARE ToolbarPartner Spyware Agent Reporting Install || url,toolbarpartner.com
        2001894 || BLEEDING-EDGE MALWARE ToolbarPartner Spyware Agent Partner Install || url,toolbarpartner.com
        2001895 || BLEEDING-EDGE MALWARE ToolbarPartner Spyware Spambot Retrieving Target Emails || url,toolbarpartner.com

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (10):
        2001621 || BLEEDING-EDGE Exploit Suspected PHP Injection Attack
        2001886 || BLEEDING-EDGE MALWARE ToolbarPartner Spyware Install || url.toolbarpartner.com
        2001887 || BLEEDING-EDGE MALWARE ToolbarPartner Spyware Activity || url.toolbarpartner.com
        2001888 || BLEEDING-EDGE MALWARE ToolbarPartner Spyware Activity || url.toolbarpartner.com
        2001889 || BLEEDING-EDGE MALWARE ToolbarPartner Spyware Jeemp Trojan Download || url.toolbarpartner.com
        2001890 || BLEEDING-EDGE MALWARE ToolbarPartner Spyware Agent Download || url.toolbarpartner.com
        2001892 || BLEEDING-EDGE MALWARE ToolbarPartner Spyware Agent Download || url.toolbarpartner.com
        2001893 || BLEEDING-EDGE MALWARE ToolbarPartner Spyware Agent Reporting Install || url.toolbarpartner.com
        2001894 || BLEEDING-EDGE MALWARE ToolbarPartner Spyware Agent Partner Install || url.toolbarpartner.com
        2001895 || BLEEDING-EDGE MALWARE ToolbarPartner Spyware Spambot Retrieving Target Emails || url.toolbarpartner.com





More information about the Snort-sigs mailing list