[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Tue Aug 16 18:44:24 EDT 2005


[***] Results from Oinkmaster started Tue Aug 16 20:00:13 2005 [***]

[+++]          Added rules:          [+++]

 2002189 - BLEEDING-EDGE Current Events OSA4.GIF Detected Possible Trojan.Tooso Infection (bleeding.rules)
 2002190 - BLEEDING-EDGE Current Events Possible UPnP Infection - gc.exe download (bleeding.rules)
 2002191 - BLEEDING-EDGE POLICY MSN successful logon (bleeding-policy.rules)
 2002192 - BLEEDING-EDGE POLICY MSN status change (bleeding-policy.rules)
 2002193 - BLEEDING-EDGE POLICY MSN Chat Message (bleeding-policy.rules)


[---]         Removed rules:         [---]

 2001845 - BLEEDING-EDGE -ISC- Possible MS Outlook email From forgery attempt (bleeding.rules)
 2001946 - BLEEDING-EDGE iframedollars.biz access (bleeding.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-policy.rules (1):
        #Submitted by Scott Melnick

     -> Added to bleeding-sid-msg.map (5):
        2002189 || BLEEDING-EDGE Current Events OSA4.GIF Detected Possible Trojan.Tooso Infection
        2002190 || BLEEDING-EDGE Current Events Possible UPnP Infection - gc.exe download
        2002191 || BLEEDING-EDGE POLICY MSN successful logon
        2002192 || BLEEDING-EDGE POLICY MSN status change
        2002193 || BLEEDING-EDGE POLICY MSN Chat Message

     -> Added to bleeding.rules (2):
        # From forum post by merphie. We should remove this around 8/25 or so assuming the threat has passed
        #matt Jonkman, from full-disclosure post. Unknown variant of upnp worm

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (2):
        2001845 || BLEEDING-EDGE -ISC- Possible MS Outlook email From forgery attempt || url,isc.sans.org/diary.php?date=2005-04-09
        2001946 || BLEEDING-EDGE iframedollars.biz access || url,isc.sans.org/diary.php?date=2005-05-23

     -> Removed from bleeding.rules (5):
        # This file contains some signatures in response to current events. These do
        # not necessarily match on hostile content, but more often match on hostile
        # source or destination addresses or domains.
        # Sigs from Erik Fichtner for ISC Diary
        # Added in response to ISC diary





More information about the Snort-sigs mailing list