[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Wed Feb 16 17:00:23 EST 2005


[***] Results from Oinkmaster started Wed Feb 16 20:00:03 2005 [***]

[///]     Modified active rules:     [///]

     -> Modified active in bleeding-virus.rules (2):
        old: alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (content:"Content-Disposition\: attachment\; filename="; content:"NlJhIn5GWj4mcjUifkZaMmpGejZpImom"; nocase; within:1280; flow:established,to_server; msg:"BLEEDING-EDGE VIRUS Sober.F Outbound"; classtype:trojan-activity; sid:2001284; rev:3; )
        new: alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (msg:"BLEEDING-EDGE VIRUS Sober.F Outbound"; content:"Content-Disposition\: attachment\; filename="; content:"NlJhIn5GWj4mcjUifkZaMmpGejZpImom"; nocase; within:1280; flow:established,to_server; classtype:trojan-activity; sid:2001284; rev:3; )
        old: alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (content:"Content-Disposition\: attachment\; filename="; content:"dllygSJ+Rlp2YjEiblZtIm4uJlVtaSJu"; nocase; within:1280; flow:established,to_server; msg:"BLEEDING-EDGE VIRUS Sober.F Outbound"; classtype:trojan-activity; sid:2001285; rev:3; )
        new: alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (msg:"BLEEDING-EDGE VIRUS Sober.F Outbound"; content:"Content-Disposition\: attachment\; filename="; content:"dllygSJ+Rlp2YjEiblZtIm4uJlVtaSJu"; nocase; within:1280; flow:established,to_server; classtype:trojan-activity; sid:2001285; rev:3; )

[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-virus.rules (23):
        #	Sober
        #Taken from the Netsquid Rules for Sober.F
        #Submitted by David Maciejak for Sober.J
        #Submitted by Mark Scott, 11/19/2004, for Sober.I
        #	Sobig
        #Unknown submitter - Sobig E-F downloading goodies
        #	Spy.Win32.Bancos Trojan
        #Submitted by Matt Jonkman for Spy.Win32.Bancos Trojan
        #	Webber/Berbew
        #Submitted by Michael Sconzo for Webber/Berbew
        #	Atak Worm
        #Submitted by Michael Sconzo for Atak worm
        #	Bagle variants
        #Submitted by Matt Jonkman for Bagel variant 2.jpg
        #Submitted by Michael Sconzo for Bagle.AI
        #Submitted by Matt Jonkman for Bagle.AQ
        #Submitted by Matt Jonkman for Bagle.AV
        #Submitted by Mark Scott 01/27/2005 - Bagle.AY, .BJ - Updated 1/31/2005
        #Taken from the Netsquid Rules for Bagle.I and other variants
        #Submitted by Mark Mcdonagh for W32/Bagle.z at ...871...
        #Submitted by Mark Scott for Bagle Trojan - W32/Bagle.dldr, updated by Frank Knobbe
        #Submitted by Mark Scott for  generic Bagle (this seems to trip on most Bagles)
        #	Bropia Worm

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-virus.rules (10):
        #From David Maciejak
        #added 11/19/2004 Sober.I - created by Mark Scott
        # Sobig E-F downloading goodies
        #Submitted by Michael Sconzo
        #Submitted by Michael Sconzo
        #Submitted by Mark Mcdonagh
        #Submitted by Michael Sconzo
        #Submitted by Mark Scott
        #	Bagle Trojan - W32/Bagle.dldr from Mark Scott
        #added by Mark Scott 01/27/2005 - Bagle.AY, .BJ - Updated 1/31/2005

[*] Added files: [*]
    None.





More information about the Snort-sigs mailing list