[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Mon Aug 22 18:01:19 EDT 2005


[***] Results from Oinkmaster started Mon Aug 22 20:00:05 2005 [***]

[+++]          Added rules:          [+++]

 2002315 - BLEEDING-EDGE EXPLOIT Incoming Electronic Mail for UNIX Expires Header Buffer Overflow Exploit (bleeding-exploit.rules)
 2002316 - BLEEDING-EDGE EXPLOIT Outgoing Electronic Mail for UNIX Expires Header Buffer Overflow Exploit (bleeding-exploit.rules)
 2002317 - BLEEDING-EDGE MALWARE EZSearch Spyware Reporting Search Strings (bleeding-malware.rules)
 2002318 - BLEEDING-EDGE MALWARE EZSearch Spyware Reporting Search Category (bleeding-malware.rules)
 2002319 - BLEEDING-EDGE MALWARE EZSearch Spyware Reporting 2 (bleeding-malware.rules)
 2002320 - BLEEDING-EDGE MALWARE Transponder Spyware Activity (bleeding-malware.rules)


[///]     Modified active rules:     [///]

 2002082 - BLEEDING-EDGE Infotriever Spyware User Agent (bleeding-malware.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-exploit.rules (1):
        #By Mark Tombaugh

     -> Added to bleeding-malware.rules (2):
        #By Matt Jonkman, From spyware listening post data
        #by Matt Jonkman, data from the Spyware Listening Post

     -> Added to bleeding-sid-msg.map (7):
        2002082 || BLEEDING-EDGE Infotriever Spyware User Agent || url,www.bleedingsnort.com/staticpages/index.php?page=unknown
        2002315 || BLEEDING-EDGE EXPLOIT Incoming Electronic Mail for UNIX Expires Header Buffer Overflow Exploit || url,www.instinct.org/elm/ || url,www.frsirt.com/exploits/20050822.elmexploit.c.php
        2002316 || BLEEDING-EDGE EXPLOIT Outgoing Electronic Mail for UNIX Expires Header Buffer Overflow Exploit || url,www.instinct.org/elm/ || url,www.frsirt.com/exploits/20050822.elmexploit.c.php
        2002317 || BLEEDING-EDGE MALWARE EZSearch Spyware Reporting Search Strings
        2002318 || BLEEDING-EDGE MALWARE EZSearch Spyware Reporting Search Category
        2002319 || BLEEDING-EDGE MALWARE EZSearch Spyware Reporting 2
        2002320 || BLEEDING-EDGE MALWARE Transponder Spyware Activity || url,www.doxdesk.com/parasite/Transponder.html

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (1):
        2002082 || BLEEDING-EDGE Malware Unknown Spyware User Agent Activity -- Please report to bleedingsnort.com || url,www.bleedingsnort.com/staticpages/index.php?page=unknown





More information about the Snort-sigs mailing list