[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Tue Jan 4 18:10:24 EST 2005


[***] Results from Oinkmaster started Tue Jan  4 21:00:15 2005 [***]

[+++]          Added rules:          [+++]

     -> Added to bleeding-exploit.rules (1):
        alert tcp any any -> $HOME_NET 42 (msg:"BLEEDING-EDGE Exploit WINS EXPLOIT win2000 overflow attempt"; flow:to_server,established; content:"|90 00 4e 05|"; classtype:attempted-admin; sid:2001639; rev:1;)

[///]     Modified active rules:     [///]

     -> Modified active in bleeding-virus.rules (1):
        old: alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE W32/Bagle.dldr Trojan - download attempt"; uricontent:"zoo.jpg"; reference:url,secunia.com/virus_information/13085/; classtype:misc-activity; flow:established; sid: 2001638; rev:1;)
        new: alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE W32/Bagle.dldr Trojan - download attempt"; content:"GET /zoo.jpg"; nocase; reference:url,secunia.com/virus_information/13085/; classtype:misc-activity; flow:established; sid: 2001638; rev:3;)

[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-exploit.rules (1):
        #From John Johnson re MS04-045. Changed source to any to catch internal attacks which might be more likely with this sig

     -> Added to bleeding-sid-msg.map (1):
        2001639 || BLEEDING-EDGE Exploit WINS EXPLOIT win2000 overflow attempt

[*] Added files: [*]
    None.





More information about the Snort-sigs mailing list