[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Tue Aug 9 20:55:10 EDT 2005


[***] Results from Oinkmaster started Mon Aug  8 20:00:04 2005 [***]

[+++]          Added rules:          [+++]

 2002159 - BLEEDING-EDGE WEB Blog Spamming HTTP_X (bleeding-web.rules)
 2002160 - BLEEDING-EDGE MALWARE CoolWebSearch Spyware (bleeding-malware.rules)
 2002161 - BLEEDING-EDGE MALWARE CoolWebSearch Spyware (bleeding-malware.rules)
 2002162 - BLEEDING-EDGE MALWARE CoolWebSearch Spyware (bleeding-malware.rules)
 2002163 - BLEEDING-EDGE MALWARE Ezula Update Engine (bleeding-malware.rules)
 2002164 - BLEEDING-EDGE MALWARE Hotbar Spyware (bleeding-malware.rules)
 2002165 - BLEEDING-EDGE MALWARE IESearch Spyware (bleeding-malware.rules)
 2002166 - BLEEDING-EDGE MALWARE Alexa Search Toolbar (bleeding-malware.rules)
 2002167 - BLEEDING-EDGE MALWARE Spyware Labs Spyware (bleeding-malware.rules)
 2002168 - BLEEDING-EDGE MALWARE Svcmm Parasite (bleeding-malware.rules)
 2002169 - BLEEDING-EDGE MALWARE iWon Spyware (bleeding-malware.rules)


[///]     Modified active rules:     [///]

 2000011 - BLEEDING-EDGE DOS Catalyst memory leak attack (bleeding-dos.rules)
 2000366 - BLEEDING-EDGE MALWARE Binet (bleeding-malware.rules)
 2000367 - BLEEDING-EDGE MALWARE Binet (bleeding-malware.rules)
 2000368 - BLEEDING-EDGE Malware Gator/Claria Agent Installed (bleeding-malware.rules)
 2000371 - BLEEDING-EDGE MALWARE Binet (bleeding-malware.rules)
 2000575 - BLEEDING-EDGE ICMP PING IPTools (bleeding-scan.rules)
 2000582 - BLEEDING-EDGE Malware F1Organizer Reporting (bleeding-malware.rules)
 2000585 - BLEEDING-EDGE Malware F1Organizer Install Attempt (bleeding-malware.rules)
 2000593 - BLEEDING-EDGE MALWARE Binet Ad Retrieval (bleeding-malware.rules)
 2000900 - BLEEDING-EDGE Malware JoltID Agent Probing or Announcing UDP (bleeding-malware.rules)
 2000905 - BLEEDING-EDGE Malware FlashPoint Agent Retrieving New Code (bleeding-malware.rules)
 2000920 - BLEEDING-EDGE Malware Hotbar Install (bleeding-malware.rules)
 2000921 - BLEEDING-EDGE Malware Hotbar Install (bleeding-malware.rules)
 2000922 - BLEEDING-EDGE Malware Hotbar Install (bleeding-malware.rules)
 2000923 - BLEEDING-EDGE Malware Hotbar Agent Reporting Information (bleeding-malware.rules)
 2000924 - BLEEDING-EDGE Malware Hotbar Agent Upgrading (bleeding-malware.rules)
 2000925 - BLEEDING-EDGE Malware Hotbar Agent Partner Checkin (bleeding-malware.rules)
 2000926 - BLEEDING-EDGE Malware ISearchTech.com XXXPornToolbar Install (bleeding-malware.rules)
 2000927 - BLEEDING-EDGE Malware ISearchTech.com XXXPornToolbar Reporting (bleeding-malware.rules)
 2000928 - BLEEDING-EDGE Malware ISearchTech.com XXXPornToolbar Activity (bleeding-malware.rules)
 2000929 - BLEEDING-EDGE Malware Hotbar Agent Activity (bleeding-malware.rules)
 2000931 - BLEEDING-EDGE Malware Comet Systems Spyware Traffic (bleeding-malware.rules)
 2000936 - BLEEDING-EDGE Malware FlashTrack Agent Retrieving New App Code (bleeding-malware.rules)
 2001015 - BLEEDING-EDGE Malware JoltID Agent Keep-Alive (bleeding-malware.rules)
 2001050 - BLEEDING-EDGE Malware CometSystems Spyware (bleeding-malware.rules)
 2001219 - BLEEDING-EDGE Potential SSH Scan (bleeding-scan.rules)
 2001221 - BLEEDING-EDGE Malware F1Organizer Config Download (bleeding-malware.rules)
 2001284 - BLEEDING-EDGE VIRUS Sober.F Outbound (bleeding-virus.rules)
 2001285 - BLEEDING-EDGE VIRUS Sober.F Outbound (bleeding-virus.rules)
 2001339 - BLEEDING-EDGE MALWARE BInet Information Upload (bleeding-malware.rules)
 2001374 - BLEEDING-EDGE EXPLOIT MS04-032 Bad EMF file (bleeding-exploit.rules)
 2001395 - BLEEDING-EDGE Malware ISearchTech.com XXXPornToolbar Activity (bleeding-malware.rules)
 2001440 - BLEEDING-EDGE MALWARE Abox Download (bleeding-malware.rules)
 2001441 - BLEEDING-EDGE MALWARE Abox Install Report (bleeding-malware.rules)
 2001459 - BLEEDING-EDGE Malware Overpro Spyware Games (bleeding-malware.rules)
 2001492 - BLEEDING-EDGE Malware ISearchTech.com XXXPornToolbar Activity (bleeding-malware.rules)
 2001493 - BLEEDING-EDGE Malware ISearchTech.com XXXPornToolbar Activity (bleeding-malware.rules)
 2001576 - BLEEDING-EDGE MALWARE BInet Information Install Report (bleeding-malware.rules)
 2001578 - BLEEDING-EDGE VIRUS Sober.I - outbound (bleeding-virus.rules)
 2001609 - BLEEDING-EDGE F5 BIG-IP 3DNS TCP Probe 1 (bleeding-scan.rules)
 2001610 - BLEEDING-EDGE F5 BIG-IP 3DNS TCP Probe 2 (bleeding-scan.rules)
 2001611 - BLEEDING-EDGE F5 BIG-IP 3DNS TCP Probe 3 (bleeding-scan.rules)
 2001658 - BLEEDING-EDGE Malware Comet Systems Spyware Reporting (bleeding-malware.rules)
 2001679 - BLEEDING-EDGE Malware JoltID Agent P2P via Proxy Server (bleeding-malware.rules)
 2001696 - BLEEDING-EDGE Malware Search Relevancy Spyware (bleeding-malware.rules)
 2001725 - BLEEDING-EDGE EXPLOIT MS05-014 HTML OBJECT tag local zone exploit (bleeding-exploit.rules)
 2001743 - BLEEDING-EDGE Trojan HackerDefender Root Kit Remote Connection Attempt Detected (bleeding-virus.rules)
 2001751 - BLEEDING-EDGE EXPLOIT Shoutcast file request overflow (bleeding-exploit.rules)
 2001879 - BLEEDING-EDGE VIRUS Sober-style Ehlo - noalert (bleeding-virus.rules)
 2001880 - BLEEDING-EDGE VIRUS Sober-style Ehlo followed by SMTP AUTH - noalert (bleeding-virus.rules)
 2001881 - BLEEDING-EDGE VIRUS Possible Sober virus attachment Outbound (bleeding-virus.rules)
 2001882 - BLEEDING-EDGE DOS ICMP Path MTU lowered below acceptable threshold (bleeding-dos.rules)
 2001904 - BLEEDING-EDGE Behavioral Unusually fast Telnet Connections, Potential Scan or Brute Force (bleeding-scan.rules)
 2001913 - BLEEDING-EDGE VIRUS Possible Sober.P Outbound (bleeding-virus.rules)
 2001959 - BLEEDING-EDGE VIRUS Hotword Trojan in Transit (bleeding-virus.rules)
 2001960 - BLEEDING-EDGE VIRUS Hotword Trojan inbound via http (bleeding-virus.rules)
 2001961 - BLEEDING-EDGE VIRUS Hotword Trojan -- Possible File Upload CHJO (bleeding-virus.rules)
 2001962 - BLEEDING-EDGE VIRUS Hotword Trojan -- Possible File Upload CFXP (bleeding-virus.rules)
 2001963 - BLEEDING-EDGE VIRUS Hotword Trojan -- Possible FTP File Request pspv.exe (bleeding-virus.rules)
 2001964 - BLEEDING-EDGE VIRUS Hotword Trojan -- Possible FTP File Request .tea (bleeding-virus.rules)
 2001965 - BLEEDING-EDGE VIRUS Hotword Trojan -- Possible FTP File Status Upload ___ (bleeding-virus.rules)
 2001966 - BLEEDING-EDGE VIRUS Hotword Trojan -- Possible FTP File Status Check ___ (bleeding-virus.rules)
 2002017 - BLEEDING-EDGE Malware Overpro Spyware Install Report (bleeding-malware.rules)
 2002059 - BLEEDING-EDGE VIRUS Possible Sober.P Outbound (bleeding-virus.rules)
 2002069 - BLEEDING-EDGE WEB Blog Spam Insert Attempt (bleeding-web.rules)


[///]    Modified inactive rules:    [///]

 2000419 - BLEEDING-EDGE PE EXE or DLL Windows file download (bleeding-policy.rules)
 2000551 - BLEEDING-EDGE Malware Comet Cursor spyware detection (bleeding-malware.rules)
 2000901 - BLEEDING-EDGE Malware JoltID Agent Communicating TCP (bleeding-malware.rules)
 2001398 - BLEEDING-EDGE MALWARE Bfast.com Spyware (bleeding-malware.rules)
 2001577 - BLEEDING-EDGE VIRUS Sober.I - incoming (bleeding-virus.rules)
 2001914 - BLEEDING-EDGE VIRUS Possible Sober.P Inbound (bleeding-virus.rules)
 2002060 - BLEEDING-EDGE VIRUS Possible Sober.P Inbound (bleeding-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-dos.rules (1):
        # alert on pmtu frames with next-hop mtu not 0 (old RFC shortcut) and (added this so the sig wouldn't trigger missing reference:url, search errors)

     -> Added to bleeding-malware.rules (2):
        #New from Chris Taylor and the User agents project
        #Disabling, Hits on regular windows update type traffic to sa.windows.com

     -> Added to bleeding-sid-msg.map (82):
        2000011 || BLEEDING-EDGE DOS Catalyst memory leak attack || url,www.cisco.com/en/US/products/products_security_advisory09186a00800b138e.shtml
        2000366 || BLEEDING-EDGE MALWARE Binet || url,sarc.com/avcenter/venc/data/pf/adware.betterinternet.html
        2000367 || BLEEDING-EDGE MALWARE Binet || url,sarc.com/avcenter/venc/data/pf/adware.betterinternet.html
        2000368 || BLEEDING-EDGE Malware Gator/Claria Agent Installed
        2000371 || BLEEDING-EDGE MALWARE Binet || url,sarc.com/avcenter/venc/data/pf/adware.betterinternet.html
        2000419 || BLEEDING-EDGE PE EXE or DLL Windows file download
        2000551 || BLEEDING-EDGE Malware Comet Cursor spyware detection
        2000575 || BLEEDING-EDGE ICMP PING IPTools || url,www.ks-soft.net/ip-tools.eng/index.htm || url,www.ks-soft.net/ip-tools.eng
        2000582 || BLEEDING-EDGE Malware F1Organizer Reporting
        2000585 || BLEEDING-EDGE Malware F1Organizer Install Attempt
        2000593 || BLEEDING-EDGE MALWARE Binet Ad Retrieval || url,sarc.com/avcenter/venc/data/pf/adware.betterinternet.html
        2000900 || BLEEDING-EDGE Malware JoltID Agent Probing or Announcing UDP || url,securityresponse.symantec.com/avcenter/venc/data/adware.p2pnetworking.html || url,forum.treweeke.com/lofiversion/index.php/t597.html || url,www.joltid.com
        2000901 || BLEEDING-EDGE Malware JoltID Agent Communicating TCP || url,securityresponse.symantec.com/avcenter/venc/data/adware.p2pnetworking.html || url,forum.treweeke.com/lofiversion/index.php/t597.html || url,www.joltid.com
        2000905 || BLEEDING-EDGE Malware FlashPoint Agent Retrieving New Code || url,www.flashpoint.bm
        2000920 || BLEEDING-EDGE Malware Hotbar Install || url,www.hotbar.com
        2000921 || BLEEDING-EDGE Malware Hotbar Install || url,www.hotbar.com
        2000922 || BLEEDING-EDGE Malware Hotbar Install || url,www.hotbar.com
        2000923 || BLEEDING-EDGE Malware Hotbar Agent Reporting Information || url,www.hotbar.com
        2000924 || BLEEDING-EDGE Malware Hotbar Agent Upgrading || url,www.hotbar.com
        2000925 || BLEEDING-EDGE Malware Hotbar Agent Partner Checkin || url,www.hotbar.com
        2000926 || BLEEDING-EDGE Malware ISearchTech.com XXXPornToolbar Install || url,www.isearchtech.com
        2000927 || BLEEDING-EDGE Malware ISearchTech.com XXXPornToolbar Reporting || url,www.isearchtech.com
        2000928 || BLEEDING-EDGE Malware ISearchTech.com XXXPornToolbar Activity || url,www.isearchtech.com
        2000929 || BLEEDING-EDGE Malware Hotbar Agent Activity || url,www.hotbar.com
        2000931 || BLEEDING-EDGE Malware Comet Systems Spyware Traffic
        2000936 || BLEEDING-EDGE Malware FlashTrack Agent Retrieving New App Code || url,www.flashpoint.bm
        2001015 || BLEEDING-EDGE Malware JoltID Agent Keep-Alive || url,securityresponse.symantec.com/avcenter/venc/data/adware.p2pnetworking.html || url,forum.treweeke.com/lofiversion/index.php/t597.html || url,www.joltid.com
        2001050 || BLEEDING-EDGE Malware CometSystems Spyware
        2001219 || BLEEDING-EDGE Potential SSH Scan || url,www.whitedust.net/article/27/Recent%20SSH%20Brute-Force%20Attacks/
        2001221 || BLEEDING-EDGE Malware F1Organizer Config Download
        2001284 || BLEEDING-EDGE VIRUS Sober.F Outbound || url,securityresponse.symantec.com/avcenter/venc/data/w32.sober.f at ...1512...?Open
        2001285 || BLEEDING-EDGE VIRUS Sober.F Outbound || url,securityresponse.symantec.com/avcenter/venc/data/w32.sober.f at ...1512...?Open
        2001339 || BLEEDING-EDGE MALWARE BInet Information Upload || url,sarc.com/avcenter/venc/data/pf/adware.betterinternet.html
        2001374 || BLEEDING-EDGE EXPLOIT MS04-032 Bad EMF file || url,www.sygate.com/alerts/SSR20041013-0001.htm
        2001395 || BLEEDING-EDGE Malware ISearchTech.com XXXPornToolbar Activity || url,www.isearchtech.com
        2001398 || BLEEDING-EDGE MALWARE Bfast.com Spyware
        2001440 || BLEEDING-EDGE MALWARE Abox Download
        2001441 || BLEEDING-EDGE MALWARE Abox Install Report || url,securityresponse.symantec.com/avcenter/venc/data/adware.adultbox.html
        2001459 || BLEEDING-EDGE Malware Overpro Spyware Games || url,securityresponse.symantec.com/avcenter/venc/data/adware.overpro.html
        2001492 || BLEEDING-EDGE Malware ISearchTech.com XXXPornToolbar Activity || url,www.isearchtech.com
        2001493 || BLEEDING-EDGE Malware ISearchTech.com XXXPornToolbar Activity || url,www.isearchtech.com
        2001576 || BLEEDING-EDGE MALWARE BInet Information Install Report || url,sarc.com/avcenter/venc/data/pf/adware.betterinternet.html
        2001577 || BLEEDING-EDGE VIRUS Sober.I - incoming || url,securityresponse.symantec.com/avcenter/venc/data/w32.sober.i at ...1512...
        2001578 || BLEEDING-EDGE VIRUS Sober.I - outbound || url,securityresponse.symantec.com/avcenter/venc/data/w32.sober.i at ...1512...
        2001609 || BLEEDING-EDGE F5 BIG-IP 3DNS TCP Probe 1 || url,www.f5.com/f5products/v9intro/index.html
        2001610 || BLEEDING-EDGE F5 BIG-IP 3DNS TCP Probe 2 || url,www.f5.com/f5products/v9intro/index.html
        2001611 || BLEEDING-EDGE F5 BIG-IP 3DNS TCP Probe 3 || url,www.f5.com/f5products/v9intro/index.html
        2001658 || BLEEDING-EDGE Malware Comet Systems Spyware Reporting
        2001679 || BLEEDING-EDGE Malware JoltID Agent P2P via Proxy Server || url,securityresponse.symantec.com/avcenter/venc/data/adware.p2pnetworking.html
        2001696 || BLEEDING-EDGE Malware Search Relevancy Spyware || url,securityresponse.symantec.com/avcenter/venc/data/spyware.relevancy.html
        2001725 || BLEEDING-EDGE EXPLOIT MS05-014 HTML OBJECT tag local zone exploit || url,www.microsoft.com/technet/security/bulletin/ms05-014.mspx
        2001743 || BLEEDING-EDGE Trojan HackerDefender Root Kit Remote Connection Attempt Detected || url,securityresponse.symantec.com/avcenter/venc/data/backdoor.hackdefender.html
        2001751 || BLEEDING-EDGE EXPLOIT Shoutcast file request overflow || url,www.frsirt.com/exploits/product/3514 || cve,CAN-2002-1470
        2001879 || BLEEDING-EDGE VIRUS Sober-style Ehlo - noalert || url,securityresponse.symantec.com/avcenter/venc/data/w32.sober at ...1512...
        2001880 || BLEEDING-EDGE VIRUS Sober-style Ehlo followed by SMTP AUTH - noalert || url,securityresponse.symantec.com/avcenter/venc/data/w32.sober at ...1512...
        2001881 || BLEEDING-EDGE VIRUS Possible Sober virus attachment Outbound || url,securityresponse.symantec.com/avcenter/venc/data/w32.sober at ...1512...
        2001904 || BLEEDING-EDGE Behavioral Unusually fast Telnet Connections, Potential Scan or Brute Force || url,www.rapid7.com/nexpose-faq-answer2.htm
        2001913 || BLEEDING-EDGE VIRUS Possible Sober.P Outbound || url,securityresponse.symantec.com/avcenter/venc/data/w32.sober.o at ...1512...
        2001914 || BLEEDING-EDGE VIRUS Possible Sober.P Inbound || url,securityresponse.symantec.com/avcenter/venc/data/w32.sober.o at ...1512...
        2001959 || BLEEDING-EDGE VIRUS Hotword Trojan in Transit || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2001960 || BLEEDING-EDGE VIRUS Hotword Trojan inbound via http || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2001961 || BLEEDING-EDGE VIRUS Hotword Trojan -- Possible File Upload CHJO || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2001962 || BLEEDING-EDGE VIRUS Hotword Trojan -- Possible File Upload CFXP || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2001963 || BLEEDING-EDGE VIRUS Hotword Trojan -- Possible FTP File Request pspv.exe || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2001964 || BLEEDING-EDGE VIRUS Hotword Trojan -- Possible FTP File Request .tea || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2001965 || BLEEDING-EDGE VIRUS Hotword Trojan -- Possible FTP File Status Upload ___ || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2001966 || BLEEDING-EDGE VIRUS Hotword Trojan -- Possible FTP File Status Check ___ || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2002017 || BLEEDING-EDGE Malware Overpro Spyware Install Report || url,securityresponse.symantec.com/avcenter/venc/data/adware.overpro.html
        2002059 || BLEEDING-EDGE VIRUS Possible Sober.P Outbound || url,securityresponse.symantec.com/avcenter/venc/data/w32.sober.o at ...1512...
        2002060 || BLEEDING-EDGE VIRUS Possible Sober.P Inbound || url,securityresponse.symantec.com/avcenter/venc/data/w32.sober.o at ...1512...
        2002069 || BLEEDING-EDGE WEB Blog Spam Insert Attempt || url,www.webmasterworld.com/forum92/3683.htm || url,lists.geeklog.net/pipermail/geeklog-spam/2005-June/000020.html || url,spamhuntress.com/2005/05/14/new-block-for-bulgarians/
        2002159 || BLEEDING-EDGE WEB Blog Spamming HTTP_X || url,www.webmasterworld.com/forum92/3683.htm || url,lists.geeklog.net/pipermail/geeklog-spam/2005-June/000020.html || url,spamhuntress.com/2005/05/14/new-block-for-bulgarians/
        2002160 || BLEEDING-EDGE MALWARE CoolWebSearch Spyware || url,www.doxdesk.com/parasite/CoolWebSearch.html || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453075759 || url,www.spywareguide.com/product_show.php?id=599
        2002161 || BLEEDING-EDGE MALWARE CoolWebSearch Spyware || url,www.doxdesk.com/parasite/CoolWebSearch.html || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453075759 || url,www.spywareguide.com/product_show.php?id=599
        2002162 || BLEEDING-EDGE MALWARE CoolWebSearch Spyware || url,www.doxdesk.com/parasite/CoolWebSearch.html || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453075759 || url,www.spywareguide.com/product_show.php?id=599
        2002163 || BLEEDING-EDGE MALWARE Ezula Update Engine || url,www.spywareguide.com/product_show.php?id=9
        2002164 || BLEEDING-EDGE MALWARE Hotbar Spyware || url,www.pchell.com/support/hotbar.shtml || url,www.doxdesk.com/parasite/Hotbar.html
        2002165 || BLEEDING-EDGE MALWARE IESearch Spyware || url,www.spywareguide.com/product_show.php?id=982
        2002166 || BLEEDING-EDGE MALWARE Alexa Search Toolbar || url,www.spywareguide.com/product_show.php?id=418
        2002167 || BLEEDING-EDGE MALWARE Spyware Labs Spyware || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453076771
        2002168 || BLEEDING-EDGE MALWARE Svcmm Parasite || url,doxdesk.com/parasite/SvcMM.html || url,castlecops.com/startuplist-5862.html
        2002169 || BLEEDING-EDGE MALWARE iWon Spyware || url,www.spywareguide.com/product_show.php?id=461

     -> Added to bleeding-web.rules (1):
        #By Jeff Kell

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-dos.rules (1):
        # alert on pmtu frames with next-hop mtu not 0 (old RFC shortcut) and

     -> Removed from bleeding-sid-msg.map (71):
        2000011 || BLEEDING-EDGE DOS Catalyst memory leak attack
        2000366 || BLEEDING-EDGE MALWARE Binet || url,sarc.com/avcenter/venc/data/pf/adware.binet.html
        2000367 || BLEEDING-EDGE MALWARE Binet || url,sarc.com/avcenter/venc/data/pf/adware.binet.html
        2000368 || BLEEDING-EDGE Malware Gator/Claria Agent Installed || url,pestpatrol.com/pestinfo/g/gain.asp
        2000371 || BLEEDING-EDGE MALWARE Binet || url,sarc.com/avcenter/venc/data/pf/adware.binet.html
        2000419 || BLEEDING-EDGE PE EXE or DLL Windows file download || url,hyatus.dune2.info/Miscellanous/exe_header.html
        2000551 || BLEEDING-EDGE Malware Comet Cursor spyware detection || url,simplythebest.net/info/spyware/comet_cursor_spyware.html
        2000575 || BLEEDING-EDGE ICMP PING IPTools || url,www.ks-soft.net/ip-tools.eng
        2000582 || BLEEDING-EDGE Malware F1Organizer Reporting || url,www.f1organizer.com
        2000585 || BLEEDING-EDGE Malware F1Organizer Install Attempt || url,www.f1organizer.com
        2000593 || BLEEDING-EDGE MALWARE Binet Ad Retrieval || url,sarc.com/avcenter/venc/data/pf/adware.binet.html
        2000900 || BLEEDING-EDGE Malware JoltID Agent Probing or Announcing UDP || url,securityresponse.symantec.com/avcenter/venc/data/adware/p2pnetworking.html || url,forum.treweeke.com/lofiversion/index.php/t597.html || url,www.joltid.com
        2000901 || BLEEDING-EDGE Malware JoltID Agent Communicating TCP || url,securityresponse.symantec.com/avcenter/venc/data/adware/p2pnetworking.html || url,forum.treweeke.com/lofiversion/index.php/t597.html || url,www.joltid.com
        2000905 || BLEEDING-EDGE Malware FlashPoint Agent Retrieving New Code || url,www.flashpoint.bm || url,simplythebest.net/info/spyware/flashtrack_spyware.html
        2000920 || BLEEDING-EDGE Malware Hotbar Install || url,www.simplythebest.net/info/spyware/hotbar_spyware.html || url,www.hotbar.com
        2000921 || BLEEDING-EDGE Malware Hotbar Install || url,www.simplythebest.net/info/spyware/hotbar_spyware.html || url,www.hotbar.com
        2000922 || BLEEDING-EDGE Malware Hotbar Install || url,www.simplythebest.net/info/spyware/hotbar_spyware.html || url,www.hotbar.com
        2000923 || BLEEDING-EDGE Malware Hotbar Agent Reporting Information || url,www.simplythebest.net/info/spyware/hotbar_spyware.html || url,www.hotbar.com
        2000924 || BLEEDING-EDGE Malware Hotbar Agent Upgrading || url,www.simplythebest.net/info/spyware/hotbar_spyware.html || url,www.hotbar.com
        2000925 || BLEEDING-EDGE Malware Hotbar Agent Partner Checkin || url,www.simplythebest.net/info/spyware/hotbar_spyware.html || url,www.hotbar.com
        2000926 || BLEEDING-EDGE Malware ISearchTech.com XXXPornToolbar Install || url,www.simplythebest.net/info/spyware/istbar_spyware.html || url,www.isearchtech.com
        2000927 || BLEEDING-EDGE Malware ISearchTech.com XXXPornToolbar Reporting || url,www.simplythebest.net/info/spyware/istbar_spyware.html || url,www.isearchtech.com
        2000928 || BLEEDING-EDGE Malware ISearchTech.com XXXPornToolbar Activity || url,www.simplythebest.net/info/spyware/istbar_spyware.html || url,www.isearchtech.com
        2000929 || BLEEDING-EDGE Malware Hotbar Agent Activity || url,www.simplythebest.net/info/spyware/hotbar_spyware.html || url,www.hotbar.com
        2000931 || BLEEDING-EDGE Malware Comet Systems Spyware Traffic || url,www.pestpatrol.com/PestInfo/c/cometsystems.asp
        2000936 || BLEEDING-EDGE Malware FlashTrack Agent Retrieving New App Code || url,www.flashpoint.bm || url,simplythebest.net/info/spyware/flashtrack_spyware.html
        2001015 || BLEEDING-EDGE Malware JoltID Agent Keep-Alive || url,securityresponse.symantec.com/avcenter/venc/data/adware/p2pnetworking.html || url,forum.treweeke.com/lofiversion/index.php/t597.html || url,www.joltid.com
        2001050 || BLEEDING-EDGE Malware CometSystems Spyware || url,www.pestpatrol.com/pestinfo/c/cometsystems.asp
        2001219 || BLEEDING-EDGE Potential SSH Scan
        2001221 || BLEEDING-EDGE Malware F1Organizer Config Download || url,www.f1organizer.com
        2001284 || BLEEDING-EDGE VIRUS Sober.F Outbound || url,securityresponse.symnatec.com/avcenter/venc/data/w32.sober.f at ...1512...?Open
        2001285 || BLEEDING-EDGE VIRUS Sober.F Outbound || url,securityresponse.symnatec.com/avcenter/venc/data/w32.sober.f at ...1512...?Open
        2001339 || BLEEDING-EDGE MALWARE BInet Information Upload || url,sarc.com/avcenter/venc/data/pf/adware.binet.html
        2001374 || BLEEDING-EDGE EXPLOIT MS04-032 Bad EMF file
        2001395 || BLEEDING-EDGE Malware ISearchTech.com XXXPornToolbar Activity || url,www.simplythebest.net/info/spyware/istbar_spyware.html || url,www.isearchtech.com
        2001398 || BLEEDING-EDGE MALWARE Bfast.com Spyware || url,www.giantcompany.com/antispyware/research/spyware/spyware-BFast.com.aspx
        2001440 || BLEEDING-EDGE MALWARE Abox Download || url,www.giantcompany.com/antispyware/research/spyware/spyware-ABox.aspx
        2001441 || BLEEDING-EDGE MALWARE Abox Install Report || url,securityresponse.symantex.com/avcenter/venc/data/adware.adultbox.html
        2001459 || BLEEDING-EDGE Malware Overpro Spyware Games || url,securityresponse.symnatec.com/avcenter/venc/data/adware.overpro.html
        2001492 || BLEEDING-EDGE Malware ISearchTech.com XXXPornToolbar Activity || url,www.simplythebest.net/info/spyware/istbar_spyware.html || url,www.isearchtech.com
        2001493 || BLEEDING-EDGE Malware ISearchTech.com XXXPornToolbar Activity || url,www.simplythebest.net/info/spyware/istbar_spyware.html || url,www.isearchtech.com
        2001576 || BLEEDING-EDGE MALWARE BInet Information Install Report || url,sarc.com/avcenter/venc/data/pf/adware.binet.html
        2001577 || BLEEDING-EDGE VIRUS Sober.I - incoming || url,securityresponse.symnatec.com/avcenter/venc/data/w32.sober.i at ...1512...
        2001578 || BLEEDING-EDGE VIRUS Sober.I - outbound || url,securityresponse.symnatec.com/avcenter/venc/data/w32.sober.i at ...1512...
        2001609 || BLEEDING-EDGE F5 BIG-IP 3DNS TCP Probe 1
        2001610 || BLEEDING-EDGE F5 BIG-IP 3DNS TCP Probe 2
        2001611 || BLEEDING-EDGE F5 BIG-IP 3DNS TCP Probe 3
        2001658 || BLEEDING-EDGE Malware Comet Systems Spyware Reporting || url,www.pestpatrol.com/PestInfo/c/cometsystems.asp
        2001679 || BLEEDING-EDGE Malware JoltID Agent P2P via Proxy Server || url,securityresponse.symantec.com/avcenter/venc/data/adware/p2pnetworking.html
        2001696 || BLEEDING-EDGE Malware Search Relevancy Spyware || url,securityresponse.symantec.com/avcenter/venc/data/spyware.relevancy
        2001725 || BLEEDING-EDGE EXPLOIT MS05-014 HTML OBJECT tag local zone exploit
        2001743 || BLEEDING-EDGE Trojan HackerDefender Root Kit Remote Connection Attempt Detected || url,securityresponse.symantec.com/avcenter/venc/data/backdoor.hackerdefender.html
        2001751 || BLEEDING-EDGE EXPLOIT Shoutcast file request overflow
        2001879 || BLEEDING-EDGE VIRUS Sober-style Ehlo - noalert || url,securityresponse.symnatec.com/avcenter/venc/data/w32.sober at ...1512...
        2001880 || BLEEDING-EDGE VIRUS Sober-style Ehlo followed by SMTP AUTH - noalert || url,securityresponse.symnatec.com/avcenter/venc/data/w32.sober at ...1512...
        2001881 || BLEEDING-EDGE VIRUS Possible Sober virus attachment Outbound || url,securityresponse.symnatec.com/avcenter/venc/data/w32.sober at ...1512...
        2001904 || BLEEDING-EDGE Behavioral Unusually fast Telnet Connections, Potential Scan or Brute Force
        2001913 || BLEEDING-EDGE VIRUS Possible Sober.P Outbound || url,securityresponse.symnatec.com/avcenter/venc/data/w32.sober.o at ...1512...
        2001914 || BLEEDING-EDGE VIRUS Possible Sober.P Inbound || url,securityresponse.symnatec.com/avcenter/venc/data/w32.sober.o at ...1512...
        2001959 || BLEEDING-EDGE VIRUS Hotword Trojan in Transit || url,securityresponse.symantec.com/avcenter/venc/data/trojan.rona.html || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2001960 || BLEEDING-EDGE VIRUS Hotword Trojan inbound via http || url,securityresponse.symantec.com/avcenter/venc/data/trojan.rona.html || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2001961 || BLEEDING-EDGE VIRUS Hotword Trojan -- Possible File Upload CHJO || url,securityresponse.symantec.com/avcenter/venc/data/trojan.rona.html || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2001962 || BLEEDING-EDGE VIRUS Hotword Trojan -- Possible File Upload CFXP || url,securityresponse.symantec.com/avcenter/venc/data/trojan.rona.html || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2001963 || BLEEDING-EDGE VIRUS Hotword Trojan -- Possible FTP File Request pspv.exe || url,securityresponse.symantec.com/avcenter/venc/data/trojan.rona.html || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2001964 || BLEEDING-EDGE VIRUS Hotword Trojan -- Possible FTP File Request .tea || url,securityresponse.symantec.com/avcenter/venc/data/trojan.rona.html || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2001965 || BLEEDING-EDGE VIRUS Hotword Trojan -- Possible FTP File Status Upload ___ || url,securityresponse.symantec.com/avcenter/venc/data/trojan.rona.html || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2001966 || BLEEDING-EDGE VIRUS Hotword Trojan -- Possible FTP File Status Check ___ || url,securityresponse.symantec.com/avcenter/venc/data/trojan.rona.html || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2002017 || BLEEDING-EDGE Malware Overpro Spyware Install Report || url,securityresponse.symnatec.com/avcenter/venc/data/adware.overpro.html
        2002059 || BLEEDING-EDGE VIRUS Possible Sober.P Outbound || url,securityresponse.symnatec.com/avcenter/venc/data/w32.sober.o at ...1512...
        2002060 || BLEEDING-EDGE VIRUS Possible Sober.P Inbound || url,securityresponse.symnatec.com/avcenter/venc/data/w32.sober.o at ...1512...
        2002069 || BLEEDING-EDGE WEB Blog Spam Insert Attempt





More information about the Snort-sigs mailing list