[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Thu Aug 18 18:01:57 EDT 2005


[***] Results from Oinkmaster started Thu Aug 18 20:00:06 2005 [***]

[+++]          Added rules:          [+++]

 2002305 - BLEEDING-EDGE Malware Fun Web Products Smileychooser Spyware (bleeding-malware.rules)
 2002306 - BLEEDING-EDGE Malware Fun Web Products Cursorchooser Spyware (bleeding-malware.rules)
 2002307 - BLEEDING-EDGE Malware Fun Web Products Stampchooser Spyware (bleeding-malware.rules)
 2002309 - BLEEDING-EDGE Malware Metarewards Disclaimer Access (bleeding-malware.rules)
 2002310 - BLEEDING-EDGE Malware Fun Web Products Smileychooser Spyware (bleeding-malware.rules)
 2002311 - BLEEDING-EDGE User-Agent String (bleeding-malware.rules)


[///]     Modified active rules:     [///]

 2002083 - BLEEDING-EDGE MALWARE Pacimedia Spyware 1 (bleeding-malware.rules)
 2002194 - BLEEDING-EDGE Malware Pacimedia Spyware 2 (bleeding-malware.rules)


[---]         Disabled rules:        [---]

 2002191 - BLEEDING-EDGE POLICY MSN successful logon (bleeding-policy.rules)
 2002193 - BLEEDING-EDGE POLICY MSN Chat Message (bleeding-policy.rules)


[---]         Removed rules:         [---]

 2000551 - BLEEDING-EDGE Malware Comet Cursor spyware detection (bleeding-malware.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-malware.rules (2):
        #From listening post data
        #Matt Jonkman from Spyware Listening Post Data

     -> Added to bleeding-policy.rules (2):
        #Disabling 2191, lots of falses. Not sure if limiting by port will help.
        #Duplicate of snort.org sid 540

     -> Added to bleeding-sid-msg.map (8):
        2002083 || BLEEDING-EDGE MALWARE Pacimedia Spyware 1
        2002194 || BLEEDING-EDGE Malware Pacimedia Spyware 2
        2002305 || BLEEDING-EDGE Malware Fun Web Products Smileychooser Spyware || url,www.funwebproducts.com
        2002306 || BLEEDING-EDGE Malware Fun Web Products Cursorchooser Spyware || url,www.funwebproducts.com
        2002307 || BLEEDING-EDGE Malware Fun Web Products Stampchooser Spyware || url,www.funwebproducts.com
        2002309 || BLEEDING-EDGE Malware Metarewards Disclaimer Access
        2002310 || BLEEDING-EDGE Malware Fun Web Products Smileychooser Spyware || url,www.funwebproducts.com
        2002311 || BLEEDING-EDGE User-Agent String

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-malware.rules (3):
        alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE User-Agent String"; flow:established,to_server; flowbits:isnotset,http.UserAgent; flowbits:noalert; flowbits:set,http.UserAgent; content:"User-Agent\:"; nocase; classtype:string-detect; rev:1;)
        # By matt Jonkman, info from a user is seeing this url related to bingorico.com.
        #If you get hits on it please report those to bleeding at ...2737... If you have mor einfo on bingorico please report as well.

     -> Removed from bleeding-sid-msg.map (3):
        2000551 || BLEEDING-EDGE Malware Comet Cursor spyware detection
        2002083 || BLEEDING-EDGE MALWARE Unknown Malware -- Please report hits to bleeding at ...2727...
        2002194 || BLEEDING-EDGE Malware Unknown Spyware. Please report hits to lp-analysts at ...2727...





More information about the Snort-sigs mailing list