[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Fri Aug 12 18:03:09 EDT 2005


[***] Results from Oinkmaster started Fri Aug 12 20:00:07 2005 [***]

[+++]          Added rules:          [+++]

 2002177 - Bagle.CC (aka Win32.Bagle.bz, .ca, .cb) - outbound (bleeding-virus.rules)
 2002178 - Bagle.CC (aka Win32.Bagle.bz, .ca, .cb) - incoming (bleeding-virus.rules)
 2002180 - BLEEDING-EDGE VIRUS W32.Beagle.CE at ...110... Infection Outbound web.php (bleeding-virus.rules)
 2002181 - BLEEDING-EDGE EXPLOIT Backup Exec Windows Agent Remote File Access - Attempt (bleeding-exploit.rules)
 2002182 - BLEEDING-EDGE EXPLOIT Backup Exec Windows Agent Remote File Access - Vulnerable (bleeding-exploit.rules)
 2002183 - VIRUS BagleDL-S SMTP Outbound (bleeding-virus.rules)
 2002184 - VIRUS BagleDL-S SMTP Inbound (bleeding-virus.rules)


[---]         Disabled rules:        [---]

 2002176 - BLEEDING-EDGE Veritas Backup Exec Windows Agent Remote File Access Exploit (bleeding-exploit.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-exploit.rules (1):
        # Added 2005/08/12 by Frank Knobbe - This version alerts if a system is vulnerable. flowbits:noalert is optional on the first rule if you don't want to detect (possibly unsuccessfull) attempts.

     -> Added to bleeding-sid-msg.map (7):
        2002177 || Bagle.CC (aka Win32.Bagle.bz, .ca, .cb) - outbound || url,www.viruslist.com/en/alerts?alertid=168511904
        2002178 || Bagle.CC (aka Win32.Bagle.bz, .ca, .cb) - incoming || url,www.viruslist.com/en/alerts?alertid=168511904
        2002180 || BLEEDING-EDGE VIRUS W32.Beagle.CE at ...110... Infection Outbound web.php || url,securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ce at ...1512...
        2002181 || BLEEDING-EDGE EXPLOIT Backup Exec Windows Agent Remote File Access - Attempt || url,www.frsirt.com/exploits/20050811.backupexec_dump.pm.php || url,www.frsirt.com/english/advisories/2005/1387
        2002182 || BLEEDING-EDGE EXPLOIT Backup Exec Windows Agent Remote File Access - Vulnerable || url,www.frsirt.com/exploits/20050811.backupexec_dump.pm.php || url,www.frsirt.com/english/advisories/2005/1387
        2002183 || VIRUS BagleDL-S SMTP Outbound || url,www.sophos.com/virusinfo/analyses/trojbagledls.html
        2002184 || VIRUS BagleDL-S SMTP Inbound || url,www.sophos.com/virusinfo/analyses/trojbagledls.html

     -> Added to bleeding-virus.rules (3):
        #Submitted by Mark Scott, 8/11/2005, for Bagle.CC
        #By dajackman
        # Submitted by Mark Tombaugh, 2005-08-12 - Alternative sigs for 2002177/2002178





More information about the Snort-sigs mailing list