[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Tue Jul 5 18:07:01 EDT 2005


[***] Results from Oinkmaster started Tue Jul  5 20:00:04 2005 [***]

[///]     Modified active rules:     [///]

 2000586 - BLEEDING-EDGE Malware Ezula Related Calling Home (bleeding-malware.rules)
 2001855 - BLEEDING-EDGE MALWARE Fun Web Products Spyware User Agent (bleeding-malware.rules)
 2001865 - BLEEDING-EDGE MALWARE MyWebSearch Spyware User Agent (bleeding-malware.rules)
 2002070 - BLEEDING-EDGE WEB phpBB Remote Code Execution Attempt (bleeding-web.rules)


[---]         Disabled rules:        [---]

 2002081 - BLEEDING-EDGE Malware Possible Funwebproducts or Unknown/Spyware User Agent Activity -- Please report to bleedingsnort.com (bleeding-malware.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-malware.rules (1):
        #Disabling, this user-agent is used in many legit apps as well, although not MSIE

     -> Added to bleeding-sid-msg.map (2):
        2001865 || BLEEDING-EDGE MALWARE MyWebSearch Spyware User Agent || url,www.bleedingsnort.com/article.php?story=20050303190103553
        2002070 || BLEEDING-EDGE WEB phpBB Remote Code Execution Attempt || bugtraq,14086 || url,secunia.com/advisories/15845/

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (2):
        2001865 || BLEEDING-EDGE MALWARE Fun Web Products Spyware User Agent || url,www.bleedingsnort.com/article.php?story=20050303190103553
        2002070 || BLEEDING-EDGE EXPLOIT phpBB Remote Code Execution Attempt || bugtraq,14086 || url,secunia.com/advisories/15845/





More information about the Snort-sigs mailing list