[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Thu Aug 25 18:28:25 EDT 2005


[***] Results from Oinkmaster started Thu Aug 25 20:00:14 2005 [***]

[+++]          Added rules:          [+++]

 2002322 - BLEEDING-EDGE WORM Possible MSN Worm Exploit php (bleeding-virus.rules)
 2002323 - BLEEDING-EDGE WORM Possible MSN Worm Exploit exe (bleeding-virus.rules)
 2002324 - BLEEDING-EDGE WORM Possible MSN Worm Exploit pif (bleeding-virus.rules)
 2002325 - BLEEDING-EDGE WORM W32.kelvir.HI (bleeding-virus.rules)


[///]     Modified active rules:     [///]

 2001728 - BLEEDING-EDGE POLICY TOR 1.0 Client Circuit Traffic (bleeding-policy.rules)


[---]         Removed rules:         [---]

 2002321 - BLEEDING-EDGE WORM W32.Kelvir.HI Browser Re-direct (bleeding-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-policy.rules (1):
        #by Mark Tombaugh

     -> Added to bleeding-sid-msg.map (5):
        2001728 || BLEEDING-EDGE POLICY TOR 1.0 Client Circuit Traffic || url,tor.eff.org
        2002322 || BLEEDING-EDGE WORM Possible MSN Worm Exploit php
        2002323 || BLEEDING-EDGE WORM Possible MSN Worm Exploit exe
        2002324 || BLEEDING-EDGE WORM Possible MSN Worm Exploit pif
        2002325 || BLEEDING-EDGE WORM W32.kelvir.HI || url,securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.hi.html

     -> Added to bleeding-virus.rules (2):
        #by Scott Melnick
        #Specific Kelvir.HI detection on MSN

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-policy.rules (1):
        #by Bob Grabowsky

     -> Removed from bleeding-sid-msg.map (2):
        2001728 || BLEEDING-EDGE Policy TOR1.0 nodes negotiation || url,tor.eff.org
        2002321 || BLEEDING-EDGE WORM W32.Kelvir.HI Browser Re-direct || url,securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.hi.html

     -> Removed from bleeding-virus.rules (1):
        #by dajackman





More information about the Snort-sigs mailing list