[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Fri Feb 11 17:01:06 EST 2005


[***] Results from Oinkmaster started Fri Feb 11 20:00:04 2005 [***]

[+++]          Added rules:          [+++]

     -> Added to bleeding-exploit.rules (1):
        alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"MS05-014 HTML OBJECT tag local zone exploit"; flow: to_client,established; content: "|3C|OBJECT "; nocase; pcre: "/codebase[ \t]*=[ \t]*[\x22\x27].*\?\.exe/isR"; classtype:misc-attack; sid:2001725; rev:2;)

[///]     Modified active rules:     [///]

     -> Modified active in bleeding-malware.rules (2):
        old: alert tcp $HOME_NET any -> any $HTTP_PORTS (msg:"BLEEDING-EDGE Malware Yesadvertising Banking Spyware INFORMATION SUBMIT"; uricontent:"/cgi-bin/yes.pl"; nocase; flow:to_server,established; classtype:trojan-activity; reference:url,isc.sans.org/presentations/banking_malware.pdf; sid:2000337; rev:4; )
        new: alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE Malware Yesadvertising Banking Spyware INFORMATION SUBMIT"; uricontent:"/cgi-bin/yes.pl"; nocase; flow:to_server,established; classtype:trojan-activity; reference:url,isc.sans.org/presentations/banking_malware.pdf; sid:2000337; rev:5; )
        old: alert tcp $HOME_NET any -> any $HTTP_PORTS (msg:"BLEEDING-EDGE Malware Yesadvertising Banking Spyware RETRIEVE"; uricontent:"/img1big.gif"; nocase; flow:to_server,established; classtype:trojan-activity; reference:url,isc.sans.org/presentations/banking_malware.pdf; sid:2000336; rev:4;)
        new: alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE Malware Yesadvertising Banking Spyware RETRIEVE"; uricontent:"/img1big.gif"; nocase; flow:to_server,established; classtype:trojan-activity; reference:url,isc.sans.org/presentations/banking_malware.pdf; sid:2000336; rev:5;)

[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (1):
        2001725 || MS05-014 HTML OBJECT tag local zone exploit

[*] Added files: [*]
    None.





More information about the Snort-sigs mailing list