[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Fri Feb 4 17:01:12 EST 2005


[***] Results from Oinkmaster started Fri Feb  4 20:00:05 2005 [***]

[+++]          Added rules:          [+++]

     -> Added to bleeding-malware.rules (1):
        #alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE Malware Casalemedia Access, Likely Spyware"; pcre:"/Host\: \w*\.casalemedia.com/im"; flow:to_server,established; classtype:trojan-activity; sid:2001527; rev:3;)

     -> Added to bleeding-virus.rules (1):
        alert tcp any any -> any 6891:6900 (msg:"BLEEDING-EDGE Virus Bropia.F Worm Propagation"; content:"|E1 37 A2 BA 6E 5C 63 8B D6 D1 F7 3C BA 13 16 FD 77 21 5A 5C 17 1B 29 4A 4F 15 A9 29 CF FA 48 3A|"; reference:url,www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FBROPIA%2EF; classtype:misc-attack; sid:2001715; rev:1;)

[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (2):
        2001527 || BLEEDING-EDGE Malware Casalemedia Access, Likely Spyware
        2001715 || BLEEDING-EDGE Virus Bropia.F Worm Propagation || url,www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FBROPIA%2EF

     -> Added to bleeding-virus.rules (1):
        #From Evgeny P

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-malware.rules (1):
        #alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE Malware Casalemedia Access, Likely Spyware"; pcre:"/Host\: \w*\.casalemedia.com/im"; flow:to_server,established; classtype:trojan-activity; id:2001527; rev:3;)

[*] Added files: [*]
    None.





More information about the Snort-sigs mailing list