[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Wed Dec 7 17:01:02 EST 2005


[***] Results from Oinkmaster started Wed Dec  7 20:00:07 2005 [***]

[+++]          Added rules:          [+++]

 2002707 - BLEEDING-EDGE MALWARE iframebiz - adv***.php (bleeding-malware.rules)
 2002708 - BLEEDING-EDGE MALWARE iframebiz - sploit.anr (bleeding-malware.rules)
 2002709 - BLEEDING-EDGE MALWARE iframebiz - loaderadv***.jar (bleeding-malware.rules)
 2002710 - BLEEDING-EDGE MALWARE iframebiz - loadadv***.exe (bleeding-malware.rules)
 2002711 - BLEEDING-EDGE WEB includer.cgi Remote Command Execution Attempt (bleeding-web.rules)


[///]     Modified active rules:     [///]

 2002692 - BLEEDING-EDGE CURRENT EVENTS Bagle.Gen HTTP Get Traffic - Possible Infected Host (bleeding.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-malware.rules (1):
        # Following are requests from adware served by iframebiz.biz

     -> Added to bleeding-sid-msg.map (5):
        2002707 || BLEEDING-EDGE MALWARE iframebiz - adv***.php || url,isc.sans.org/diary.php?storyid=868 || url,iframecash.biz
        2002708 || BLEEDING-EDGE MALWARE iframebiz - sploit.anr || url,isc.sans.org/diary.php?storyid=868 || url,iframecash.biz
        2002709 || BLEEDING-EDGE MALWARE iframebiz - loaderadv***.jar || url,isc.sans.org/diary.php?storyid=868 || url,iframecash.biz
        2002710 || BLEEDING-EDGE MALWARE iframebiz - loadadv***.exe || url,isc.sans.org/diary.php?storyid=868 || url,iframecash.biz
        2002711 || BLEEDING-EDGE WEB includer.cgi Remote Command Execution Attempt || url,isc.sans.org/diary.php?storyid=823

     -> Added to bleeding-web.rules (1):
        # Submitted 2005-12-06 by Bob Grabowsky





More information about the Snort-sigs mailing list