[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Sat Feb 19 17:00:45 EST 2005


[***] Results from Oinkmaster started Sat Feb 19 20:00:05 2005 [***]

[+++]          Added rules:          [+++]

     -> Added to bleeding-malware.rules (9):
        alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE Malware A-d-w-a-r-e.com Activity"; uricontent:"/app/VT00/ucmd.php?V="; nocase; reference:url,www.a-d-w-a-r-e.com; classtype:trojan-activity; sid:2001735; rev:1;)
        alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE Malware ak-networks.com Spyware Code Install"; uricontent:"/akcore.dl_"; nocase; flow:to_server,established; classtype:trojan-activity; sid:2001737; rev:1;)
        alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE Malware A-d-w-a-r-e.com Activity"; uricontent:"/cgi-bin/PopupV2?ID={"; nocase; reference:url,www.a-d-w-a-r-e.com; classtype:trojan-activity; sid:2001730; rev:1;)
        alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE Malware SurfSidekick Activity"; uricontent:"/Bundling/SskUpdater"; nocase; classtype:trojan-activity; sid:2001731; rev:1;)
        alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE Malware Tibsystems Spyware Install"; uricontent:"/tb/loader2.ocx"; nocase; flow:to_server,established; classtype:trojan-activity; sid:2001734; rev:1;)
        alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE Malware CrazyWinnings.com Activity"; uricontent:"/scripts/protect.php?promo=promo"; nocase; classtype:trojan-activity; sid:2001733; rev:1;)
        alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE Malware Top Converting Agent Activity"; content:"User-Agent\: Topconvertingagent"; nocase; classtype:trojan-activity; sid:2001732; rev:1;)
        alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE Malware Tibsystems Spyware Install"; uricontent:"/fcgi-bin/iza2.fcgi?m="; nocase; flow:to_server,established; classtype:trojan-activity; sid:2001729; rev:1;)
        alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE Malware UCMore Spyware Activity"; content:"User-Agent\: UCmore"; flow:to_server,established; classtype:trojan-activity; sid:2001736; rev:1;)

[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (9):
        2001729 || BLEEDING-EDGE Malware Tibsystems Spyware Install
        2001730 || BLEEDING-EDGE Malware A-d-w-a-r-e.com Activity || url,www.a-d-w-a-r-e.com
        2001731 || BLEEDING-EDGE Malware SurfSidekick Activity
        2001732 || BLEEDING-EDGE Malware Top Converting Agent Activity
        2001733 || BLEEDING-EDGE Malware CrazyWinnings.com Activity
        2001734 || BLEEDING-EDGE Malware Tibsystems Spyware Install
        2001735 || BLEEDING-EDGE Malware A-d-w-a-r-e.com Activity || url,www.a-d-w-a-r-e.com
        2001736 || BLEEDING-EDGE Malware UCMore Spyware Activity
        2001737 || BLEEDING-EDGE Malware ak-networks.com Spyware Code Install

[*] Added files: [*]
    None.





More information about the Snort-sigs mailing list