[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Sat Aug 27 18:02:44 EDT 2005


[***] Results from Oinkmaster started Sat Aug 27 20:00:07 2005 [***]

[+++]          Added rules:          [+++]

 2002336 - BLEEDING-EDGE WORM Possible Myfip PDF file transfer - IP theft (bleeding-virus.rules)
 2002337 - BLEEDING-EDGE WORM Possible Myfip DOC file transfer - IP theft (bleeding-virus.rules)
 2002338 - BLEEDING-EDGE WORM Possible Myfip DWG file transfer - IP theft (bleeding-virus.rules)
 2002339 - BLEEDING-EDGE WORM Possible Myfip SCH file transfer - IP theft (bleeding-virus.rules)
 2002340 - BLEEDING-EDGE WORM Possible Myfip PCB file transfer - IP theft (bleeding-virus.rules)
 2002341 - BLEEDING-EDGE WORM Possible Myfip DWT file transfer - IP theft (bleeding-virus.rules)
 2002342 - BLEEDING-EDGE WORM Possible Myfip DWF file transfer - IP theft (bleeding-virus.rules)
 2002343 - BLEEDING-EDGE WORM Possible Myfip MAX file transfer - IP theft (bleeding-virus.rules)
 2002344 - BLEEDING-EDGE WORM Possible Myfip MDB file transfer - IP theft (bleeding-virus.rules)
 2002345 - BLEEDING-EDGE WORM Myfip email incoming - FoxMail 4.0 header (bleeding-virus.rules)
 2002346 - BLEEDING-EDGE WORM Myfip email incoming - FoxMail 3.11 header (bleeding-virus.rules)
 2002347 - BLEEDING-EDGE WORM Possible Myfip email incoming - MIME boundary tag (bleeding-virus.rules)
 2002348 - BLEEDING-EDGE MALWARE VPP Technologies Spyware (bleeding-malware.rules)
 2002349 - BLEEDING-EDGE MALWARE Alexa Spyware Reporting URL (bleeding-malware.rules)
 2002350 - BLEEDING-EDGE MALWARE VPP Technologies Spyware Reporting URL (bleeding-malware.rules)


[///]     Modified active rules:     [///]

 2002328 - BLEEDING-EDGE WEB Remote IIS Server Name spoof attempt (localhost) (bleeding-web.rules)
 2002329 - BLEEDING-EDGE WEB Remote IIS Server Name spoof attempt (127.0.0.1) (bleeding-web.rules)
 2002332 - BLEEDING-EDGE POLICY Google IM traffic Windows client user sign-on (bleeding-policy.rules)
 2002333 - BLEEDING-EDGE POLICY Google IM traffic friend invited (bleeding-policy.rules)
 2002334 - BLEEDING-EDGE POLICY Google IM traffic Jabber client sign-on (bleeding-policy.rules)
 2002335 - BLEEDING-EDGE POLICY Google IM traffic Windows client user sign-off (bleeding-policy.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-malware.rules (2):
        #by Matt Jonkman from listening post data
        #by Matt Jonkman from Listening Post Data

     -> Added to bleeding-sid-msg.map (15):
        2002336 || BLEEDING-EDGE WORM Possible Myfip PDF file transfer - IP theft || url,www.lurhq.com/myfip.html
        2002337 || BLEEDING-EDGE WORM Possible Myfip DOC file transfer - IP theft || url,www.lurhq.com/myfip.html
        2002338 || BLEEDING-EDGE WORM Possible Myfip DWG file transfer - IP theft || url,www.lurhq.com/myfip.html
        2002339 || BLEEDING-EDGE WORM Possible Myfip SCH file transfer - IP theft || url,www.lurhq.com/myfip.html
        2002340 || BLEEDING-EDGE WORM Possible Myfip PCB file transfer - IP theft || url,www.lurhq.com/myfip.html
        2002341 || BLEEDING-EDGE WORM Possible Myfip DWT file transfer - IP theft || url,www.lurhq.com/myfip.html
        2002342 || BLEEDING-EDGE WORM Possible Myfip DWF file transfer - IP theft || url,www.lurhq.com/myfip.html
        2002343 || BLEEDING-EDGE WORM Possible Myfip MAX file transfer - IP theft || url,www.lurhq.com/myfip.html
        2002344 || BLEEDING-EDGE WORM Possible Myfip MDB file transfer - IP theft || url,www.lurhq.com/myfip.html
        2002345 || BLEEDING-EDGE WORM Myfip email incoming - FoxMail 4.0 header || url,www.lurhq.com/myfip.html
        2002346 || BLEEDING-EDGE WORM Myfip email incoming - FoxMail 3.11 header || url,www.lurhq.com/myfip.html
        2002347 || BLEEDING-EDGE WORM Possible Myfip email incoming - MIME boundary tag || url,www.lurhq.com/myfip.html
        2002348 || BLEEDING-EDGE MALWARE VPP Technologies Spyware
        2002349 || BLEEDING-EDGE MALWARE Alexa Spyware Reporting URL
        2002350 || BLEEDING-EDGE MALWARE VPP Technologies Spyware Reporting URL

     -> Added to bleeding-virus.rules (1):
        # Extended versions of the Myfib signatures posted by LURQH on August 16, 2005





More information about the Snort-sigs mailing list