[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Thu Jul 7 18:02:26 EDT 2005


[***] Results from Oinkmaster started Thu Jul  7 20:00:06 2005 [***]

[+++]          Added rules:          [+++]

 2002083 - BLEEDING-EDGE MALWARE Unknown Malware -- Please report hits to bleeding at ...2727... (bleeding-malware.rules)
 2002084 - BLEEDING-EDGE POLICY Possible Terrorism Related Content (bleeding-policy.rules)
 2002085 - BLEEDING-EDGE POLICY Possible Terrorism Related Email (bleeding-policy.rules)


[///]     Modified active rules:     [///]

 2000040 - BLEEDING-EDGE VIRUS Sasser FTP Traffic (bleeding-virus.rules)
 2000047 - BLEEDING-EDGE VIRUS Sasser Transfer up.exe (bleeding-virus.rules)
 2000310 - BLEEDING-EDGE VIRUS Probable Zafi VIRUS Outbound via SMTP (bleeding-virus.rules)
 2001056 - BLEEDING-EDGE VIRUS W32/Sasser.worm.b -NAI-) (bleeding-virus.rules)
 2001057 - BLEEDING-EDGE VIRUS W32/Sasser.worm.a -NAI-) (bleeding-virus.rules)
 2001292 - BLEEDING-EDGE VIRUS Possible Bagle.AI Worm (bleeding-virus.rules)
 2001548 - BLEEDING-EDGE VIRUS Sasser FTP exploit attempt (bleeding-virus.rules)
 2001556 - BLEEDING-EDGE VIRUS W32/Bagle.z at ...871... Requesting 5.php (bleeding-virus.rules)
 2001567 - BLEEDING-EDGE VIRUS Bagel - outbound (bleeding-virus.rules)
 2001573 - BLEEDING-EDGE VIRUS Zafi Worm outgoing detected (bleeding-virus.rules)
 2001592 - BLEEDING-EDGE VIRUS Zafi.d P2P Infection Attempt (bleeding-virus.rules)
 2001593 - BLEEDING-EDGE VIRUS Zafi.d P2P Infection Attempt (bleeding-virus.rules)
 2001594 - BLEEDING-EDGE VIRUS Zafi.d a.exe file upload (bleeding-virus.rules)
 2001599 - BLEEDING-EDGE VIRUS Zafi.D Worm .zip - outgoing detected (bleeding-virus.rules)
 2001601 - BLEEDING-EDGE VIRUS Zafi.D Worm .cmd, .com, .pif or .bat - outgoing detected (bleeding-virus.rules)
 2001691 - BLEEDING-EDGE VIRUS Bagle.BJ -alias .AY, .BC- worm -.com, exe extensions- - outbound (bleeding-virus.rules)
 2001693 - BLEEDING-EDGE VIRUS Bagle.BJ -alias .AY, .BC- worm -.cpl extension- - outbound (bleeding-virus.rules)
 2001695 - BLEEDING-EDGE VIRUS Bagle.BJ -alias .AY, .BC- - download attempt (bleeding-virus.rules)
 2001752 - BLEEDING-EDGE VIRUS Bagle.BE Download attempt (bleeding-virus.rules)
 2001759 - BLEEDING-EDGE VIRUS Beagle.BK - outbound (bleeding-virus.rules)
 2001846 - BLEEDING-EDGE DOS -ISC- ICMP blind TCP reset DoS guessing attempt (bleeding-dos.rules)
 2002076 - BLEEDING-EDGE Malware New.net Spyware User Agent Activity (bleeding-malware.rules)


[///]    Modified inactive rules:    [///]

 2001568 - BLEEDING-EDGE VIRUS Bagel - incoming (bleeding-virus.rules)
 2001572 - BLEEDING-EDGE VIRUS Zafi Worm - incoming (bleeding-virus.rules)
 2001598 - BLEEDING-EDGE VIRUS Zafi.D Worm .zip - incoming detected (bleeding-virus.rules)
 2001600 - BLEEDING-EDGE VIRUS Zafi.D Worm .cmd, .com, .pif or .bat - incoming detected (bleeding-virus.rules)
 2001692 - BLEEDING-EDGE VIRUS Bagle.BJ -alias .AY, .BC- worm -.com, .exe extensions- - incoming (bleeding-virus.rules)
 2001694 - BLEEDING-EDGE VIRUS Bagle.BJ -alias .AY, .BC- worm -.cpl extension- - incoming (bleeding-virus.rules)
 2001760 - BLEEDING-EDGE VIRUS Beagle.BK - incoming (bleeding-virus.rules)
 2001845 - BLEEDING-EDGE -ISC- Possible MS Outlook email From forgery attempt (bleeding.rules)


[---]  Disabled and modified rules:  [---]

 2001716 - BLEEDING-EDGE Web IDN url seen.. (bleeding-web.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-malware.rules (2):
        # By matt Jonkman, info from a user is seeing this url related to bingorico.com.
        #If you get hits on it please report those to bleeding at ...2737... If you have mor einfo on bingorico please report as well.

     -> Added to bleeding-policy.rules (2):
        # Terrorist Rules
        # by: Greg Martin - gmartin at ...3106...

     -> Added to bleeding-sid-msg.map (33):
        2000040 || BLEEDING-EDGE VIRUS Sasser FTP Traffic
        2000047 || BLEEDING-EDGE VIRUS Sasser Transfer up.exe
        2000310 || BLEEDING-EDGE VIRUS Probable Zafi VIRUS Outbound via SMTP
        2001056 || BLEEDING-EDGE VIRUS W32/Sasser.worm.b -NAI-) || url,securityresponse.symantec.com/avcenter/venc/data/w32.sasser.worm.html
        2001057 || BLEEDING-EDGE VIRUS W32/Sasser.worm.a -NAI-) || url,securityresponse.symantec.com/avcenter/venc/data/w32.sasser.worm.html
        2001292 || BLEEDING-EDGE VIRUS Possible Bagle.AI Worm
        2001548 || BLEEDING-EDGE VIRUS Sasser FTP exploit attempt || url,www.lurhq.com/dabber.html
        2001556 || BLEEDING-EDGE VIRUS W32/Bagle.z at ...871... Requesting 5.php || mcafee,122415
        2001567 || BLEEDING-EDGE VIRUS Bagel - outbound
        2001568 || BLEEDING-EDGE VIRUS Bagel - incoming
        2001572 || BLEEDING-EDGE VIRUS Zafi Worm - incoming
        2001573 || BLEEDING-EDGE VIRUS Zafi Worm outgoing detected
        2001592 || BLEEDING-EDGE VIRUS Zafi.d P2P Infection Attempt || url,www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ZAFI.D
        2001593 || BLEEDING-EDGE VIRUS Zafi.d P2P Infection Attempt || url,www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ZAFI.D
        2001594 || BLEEDING-EDGE VIRUS Zafi.d a.exe file upload || url,www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ZAFI.D
        2001598 || BLEEDING-EDGE VIRUS Zafi.D Worm .zip - incoming detected || url,secunia.com/virus_information/13874/
        2001599 || BLEEDING-EDGE VIRUS Zafi.D Worm .zip - outgoing detected || url,secunia.com/virus_information/13874/
        2001600 || BLEEDING-EDGE VIRUS Zafi.D Worm .cmd, .com, .pif or .bat - incoming detected || url,secunia.com/virus_information/13874/
        2001601 || BLEEDING-EDGE VIRUS Zafi.D Worm .cmd, .com, .pif or .bat - outgoing detected || url,secunia.com/virus_information/13874/
        2001691 || BLEEDING-EDGE VIRUS Bagle.BJ -alias .AY, .BC- worm -.com, exe extensions- - outbound || url,secunia.com/virus_information/14902/
        2001692 || BLEEDING-EDGE VIRUS Bagle.BJ -alias .AY, .BC- worm -.com, .exe extensions- - incoming || url,secunia.com/virus_information/14902/
        2001693 || BLEEDING-EDGE VIRUS Bagle.BJ -alias .AY, .BC- worm -.cpl extension- - outbound || url,secunia.com/virus_information/14902/
        2001694 || BLEEDING-EDGE VIRUS Bagle.BJ -alias .AY, .BC- worm -.cpl extension- - incoming || url,secunia.com/virus_information/14902/
        2001695 || BLEEDING-EDGE VIRUS Bagle.BJ -alias .AY, .BC- - download attempt || url,secunia.com/virus_information/14877/
        2001752 || BLEEDING-EDGE VIRUS Bagle.BE Download attempt || url,secunia.com/virus_information/15815/bagle.be/
        2001759 || BLEEDING-EDGE VIRUS Beagle.BK - outbound || url,securityresponse.symantec.com/avcenter/venc/data/w32.beagle.bk at ...1512...
        2001760 || BLEEDING-EDGE VIRUS Beagle.BK - incoming || url,securityresponse.symantec.com/avcenter/venc/data/w32.beagle.bk at ...1512...
        2001845 || BLEEDING-EDGE -ISC- Possible MS Outlook email From forgery attempt || url,isc.sans.org/diary.php?date=2005-04-09
        2001846 || BLEEDING-EDGE DOS -ISC- ICMP blind TCP reset DoS guessing attempt || url,isc.sans.org/diary.php?date=2005-04-12 || url,www.microsoft.com/technet/security/bulletin/MS05-019.mspx || cve,can-2004-0790
        2002076 || BLEEDING-EDGE Malware New.net Spyware User Agent Activity || url,www.pcsympathy.com/printout74.html || url,www.newdotnet.com
        2002083 || BLEEDING-EDGE MALWARE Unknown Malware -- Please report hits to bleeding at ...2727...
        2002084 || BLEEDING-EDGE POLICY Possible Terrorism Related Content
        2002085 || BLEEDING-EDGE POLICY Possible Terrorism Related Email

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (30):
        2000040 || BLEEDING-EDGE Sasser FTP Traffic
        2000047 || BLEEDING-EDGE Sasser Transfer up.exe
        2000310 || BLEEDING-EDGE VIRUS Probable Zafi Virus Outbound via SMTP
        2001056 || BLEEDING-EDGE W32/Sasser.worm.b [NAI]) || url,securityresponse.symantec.com/avcenter/venc/data/w32.sasser.worm.html
        2001057 || BLEEDING-EDGE W32/Sasser.worm.a [NAI]) || url,securityresponse.symantec.com/avcenter/venc/data/w32.sasser.worm.html
        2001292 || BLEEDING-EDGE Virus Possible Bagle.AI Worm
        2001548 || BLEEDING-EDGE Sasser FTP exploit attempt || url,www.lurhq.com/dabber.html
        2001556 || BLEEDING-EDGE Virus W32/Bagle.z at ...871... Requesting 5.php || mcafee,122415
        2001567 || BLEEDING-EDGE Virus Bagel - outbound
        2001568 || BLEEDING-EDGE Virus Bagel - incoming
        2001572 || BLEEDING-EDGE Virus Zafi Worm - incoming
        2001573 || BLEEDING-EDGE Virus Zafi Worm outgoing detected
        2001592 || BLEEDING-EDGE Virus Zafi.d P2P Infection Attempt || url,www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ZAFI.D
        2001593 || BLEEDING-EDGE Virus Zafi.d P2P Infection Attempt || url,www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ZAFI.D
        2001594 || BLEEDING-EDGE Virus Zafi.d a.exe file upload || url,www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ZAFI.D
        2001598 || BLEEDING-EDGE Virus Zafi.D Worm [.zip] - incoming detected || url,secunia.com/virus_information/13874/
        2001599 || BLEEDING-EDGE Virus Zafi.D Worm [.zip] - outgoing detected || url,secunia.com/virus_information/13874/
        2001600 || BLEEDING-EDGE Virus Zafi.D Worm [.cmd, .com, .pif or .bat] - incoming detected || url,secunia.com/virus_information/13874/
        2001601 || BLEEDING-EDGE Virus Zafi.D Worm [.cmd, .com, .pif or .bat] - outgoing detected || url,secunia.com/virus_information/13874/
        2001691 || BLEEDING-EDGE Virus Bagle.BJ [alias .AY, .BC] worm [.com, exe extensions] - outbound || url,secunia.com/virus_information/14902/
        2001692 || BLEEDING-EDGE Virus Bagle.BJ [alias .AY, .BC] worm [.com, .exe extensions] - incoming || url,secunia.com/virus_information/14902/
        2001693 || BLEEDING-EDGE VIRUS Bagle.BJ [alias .AY, .BC] worm [.cpl extension] - outbound || url,secunia.com/virus_information/14902/
        2001694 || BLEEDING-EDGE Virus Bagle.BJ [alias .AY, .BC] worm [.cpl extension] - incoming || url,secunia.com/virus_information/14902/
        2001695 || BLEEDING-EDGE Virus Bagle.BJ [alias .AY, .BC] - download attempt || url,secunia.com/virus_information/14877/
        2001752 || BLEEDING-EDGE Virus Bagle.BE Download attempt || url,secunia.com/virus_information/15815/bagle.be/
        2001759 || BLEEDING-EDGE Virus Beagle.BK - outbound || url,securityresponse.symantec.com/avcenter/venc/data/w32.beagle.bk at ...1512...
        2001760 || BLEEDING-EDGE Virus Beagle.BK - incoming || url,securityresponse.symantec.com/avcenter/venc/data/w32.beagle.bk at ...1512...
        2001845 || BLEEDING-EDGE [ISC] Possible MS Outlook email From forgery attempt || url,isc.sans.org/diary.php?date=2005-04-09
        2001846 || BLEEDING-EDGE DOS [ISC] ICMP blind TCP reset DoS guessing attempt || url,isc.sans.org/diary.php?date=2005-04-12 || url,www.microsoft.com/technet/security/bulletin/MS05-019.mspx || cve,can-2004-0790
        2002076 || BLEEDING-EDGE Malware New.net Spyware User Agent Activity -- Please report to bleedingsnort.com || url,www.pcsympathy.com/printout74.html || url,www.newdotnet.com





More information about the Snort-sigs mailing list