[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Mon Jul 11 18:02:09 EDT 2005


[***] Results from Oinkmaster started Mon Jul 11 20:00:03 2005 [***]

[///]     Modified active rules:     [///]

 2000040 - BLEEDING-EDGE VIRUS Sasser FTP Traffic (bleeding-virus.rules)
 2000047 - BLEEDING-EDGE VIRUS Sasser Transfer _up.exe (bleeding-virus.rules)
 2000310 - BLEEDING-EDGE VIRUS Probable Zafi VIRUS Outbound via SMTP (bleeding-virus.rules)
 2000561 - BLEEDING-EDGE VIRUS Possible Bagle.AI Worm Outbound (bleeding-virus.rules)
 2001045 - BLEEDING-EDGE MyDoom.P Query (bleeding-virus.rules)
 2001065 - BLEEDING-EDGE VIRUS Possible Bagle.AQ Worm Outbound (bleeding-virus.rules)
 2001234 - BLEEDING-EDGE Win32/Small.AR outbound activity (bleeding-virus.rules)
 2001268 - BLEEDING-EDGE VIRUS SWEN.A Worm detected (bleeding-virus.rules)
 2001269 - BLEEDING-EDGE VIRUS Beagle User Agent Detected (bleeding-virus.rules)
 2001270 - BLEEDING-EDGE VIRUS Bagle Worm (bleeding-virus.rules)
 2001273 - BLEEDING-EDGE VIRUS Outbound W32.Novarg.A worm (bleeding-virus.rules)
 2001274 - BLEEDING-EDGE VIRUS MyDoom/MIMAIL.R Outbound 1 (bleeding-virus.rules)
 2001275 - BLEEDING-EDGE VIRUS MyDoom/MIMAIL.R Outbound 2 (bleeding-virus.rules)
 2001276 - BLEEDING-EDGE VIRUS MyDoom/MIMAIL.R Outbound 3 (bleeding-virus.rules)
 2001277 - BLEEDING-EDGE VIRUS MyDoom/MIMAIL.R Variant Outbound (bleeding-virus.rules)
 2001278 - BLEEDING-EDGE VIRUS W32.Novarg.A SCO DOS (bleeding-virus.rules)
 2001279 - BLEEDING-EDGE VIRUS MyDoom.F Worm (bleeding-virus.rules)
 2001280 - BLEEDING-EDGE VIRUS Netsky message.zip HEX port 139 (bleeding-virus.rules)
 2001281 - BLEEDING-EDGE VIRUS Netsky message.zip HEX port 445 (bleeding-virus.rules)
 2001282 - BLEEDING-EDGE VIRUS Netsky base64 port 1352 (bleeding-virus.rules)
 2001283 - BLEEDING-EDGE VIRUS Netsky base64 port 25 (bleeding-virus.rules)
 2001284 - BLEEDING-EDGE VIRUS Sober.F Outbound (bleeding-virus.rules)
 2001285 - BLEEDING-EDGE VIRUS Sober.F Outbound (bleeding-virus.rules)
 2001287 - BLEEDING-EDGE VIRUS W32/Stdbot.worm.a (bleeding-virus.rules)
 2001288 - BLEEDING-EDGE VIRUS W32/Stdbot.worm.b (bleeding-virus.rules)
 2001292 - BLEEDING-EDGE VIRUS Possible Bagle.AI Worm (bleeding-virus.rules)
 2001487 - BLEEDING-EDGE Malware Tibsystems Spyware Activity (bleeding-malware.rules)
 2001504 - BLEEDING-EDGE Malware Medialoads.com Spyware Activity (bleeding-malware.rules)
 2001506 - BLEEDING-EDGE Malware Smartpops.com Spyware Activity (bleeding-malware.rules)
 2001507 - BLEEDING-EDGE Malware Medialoads.com Spyware Identifying Country of Origin (bleeding-malware.rules)
 2001522 - BLEEDING-EDGE Malware SpywareLabs Application Install (bleeding-malware.rules)
 2001547 - BLEEDING-EDGE VIRUS Sobig.E-F Trojan Site Download Request (bleeding-virus.rules)
 2001562 - BLEEDING-EDGE Malware MarketScore.com Spyware User Configuration and Setup Access (bleeding-malware.rules)
 2001566 - BLEEDING-EDGE Virus Netsky.P Worm detected (bleeding-virus.rules)
 2001567 - BLEEDING-EDGE VIRUS Bagel - outbound (bleeding-virus.rules)
 2001573 - BLEEDING-EDGE VIRUS Zafi Worm outgoing detected (bleeding-virus.rules)
 2001578 - BLEEDING-EDGE VIRUS Sober.I - outbound (bleeding-virus.rules)
 2001607 - BLEEDING-EDGE Virus Possible santy.A Worm Defaced Page (bleeding-virus.rules)
 2001617 - BLEEDING-EDGE Virus Santy.B worm variants searching for targets (bleeding-virus.rules)
 2001618 - BLEEDING-EDGE Virus Santy.B worm variants searching for targets (bleeding-virus.rules)
 2001619 - BLEEDING-EDGE Virus Santy.B worm variants serarching for targets (yahoo) (bleeding-virus.rules)
 2001639 - BLEEDING-EDGE Malware Wild Tangent Agent Activity (bleeding-malware.rules)
 2001654 - BLEEDING-EDGE Malware JoltID Agent Requesting File (bleeding-malware.rules)
 2001699 - BLEEDING-EDGE Malware YourSiteBar Activity (bleeding-malware.rules)
 2001726 - BLEEDING-EDGE Virus Trojan-Spy.Win32.Bancos Download (bleeding-virus.rules)
 2001732 - BLEEDING-EDGE Malware Top Converting Agent Activity (bleeding-malware.rules)
 2001736 - BLEEDING-EDGE Malware UCMore Spyware Activity (bleeding-malware.rules)
 2001743 - BLEEDING-EDGE Trojan HackerDefender Root Kit Remote Connection Attempt Detected (bleeding-virus.rules)
 2001879 - BLEEDING-EDGE VIRUS Sober-style Ehlo - noalert (bleeding-virus.rules)
 2001880 - BLEEDING-EDGE VIRUS Sober-style Ehlo followed by SMTP AUTH - noalert (bleeding-virus.rules)
 2001881 - BLEEDING-EDGE VIRUS Possible Sober virus attachment Outbound (bleeding-virus.rules)
 2001899 - BLEEDING-EDGE Botnet HTTP Botnet reg (bleeding-virus.rules)
 2001900 - BLEEDING-EDGE BwB Botnet Checkin (bleeding-virus.rules)
 2001913 - BLEEDING-EDGE VIRUS Possible Sober.P Outbound (bleeding-virus.rules)
 2001919 - BLEEDING-EDGE VIRUS - Greeting card gif.exe email incoming SMTP (bleeding-virus.rules)
 2001920 - BLEEDING-EDGE VIRUS - Greeting card gif.exe email incoming POP3/IMAP (bleeding-virus.rules)
 2001921 - BLEEDING-EDGE VIRUS - Greeting card gif.exe email incoming HTTP (bleeding-virus.rules)
 2001922 - BLEEDING-EDGE VIRUS Mytob.ED email attachment 1 Outbound (bleeding-virus.rules)
 2001923 - BLEEDING-EDGE VIRUS Mytob.ED email attachment 2 Outbound (bleeding-virus.rules)
 2001924 - BLEEDING-EDGE VIRUS Mytob.ED email attachment 3 Outbound (bleeding-virus.rules)
 2001933 - BLEEDING-EDGE VIRUS PWS Banker Trojan Sending Report of Infection (bleeding-virus.rules)
 2001967 - BLEEDING-EDGE VIRUS Fireby proxy trojan port report (bleeding-virus.rules)
 2002002 - BLEEDING-EDGE Malware Better Internet Spyware User Agent Activity (bleeding-malware.rules)
 2002011 - BLEEDING-EDGE Malware PeopleonPage Spyware User Agent Activity (bleeding-malware.rules)
 2002014 - BLEEDING-EDGE Malware Grandstreet Interactive Spyware User Agent Activity (bleeding-malware.rules)
 2002020 - BLEEDING-EDGE Malware Overpro Spyware User Agent Activity (bleeding-malware.rules)
 2002038 - BLEEDING-EDGE Malware Shopathomeselect.com Spyware User Agent Activity (bleeding-malware.rules)
 2002059 - BLEEDING-EDGE VIRUS Possible Sober.P Outbound (bleeding-virus.rules)


[///]    Modified inactive rules:    [///]

 2001367 - BLEEDING-EDGE WORM RBOT inbound Bestfriends.scr (bleeding-virus.rules)
 2001565 - BLEEDING-EDGE Virus Netsky.P Worm - incoming (bleeding-virus.rules)
 2001568 - BLEEDING-EDGE VIRUS Bagel - incoming (bleeding-virus.rules)
 2001572 - BLEEDING-EDGE VIRUS Zafi Worm - incoming (bleeding-virus.rules)
 2001577 - BLEEDING-EDGE VIRUS Sober.I - incoming (bleeding-virus.rules)
 2001914 - BLEEDING-EDGE VIRUS Possible Sober.P Inbound (bleeding-virus.rules)
 2001925 - BLEEDING-EDGE VIRUS Mytob.ED email attachment 1 Inbound (bleeding-virus.rules)
 2001926 - BLEEDING-EDGE VIRUS Mytob.ED email attachment 2 Inbound (bleeding-virus.rules)
 2001927 - BLEEDING-EDGE VIRUS Mytob.ED email attachment 3 Inbound (bleeding-virus.rules)
 2002060 - BLEEDING-EDGE VIRUS Possible Sober.P Inbound (bleeding-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (62):
        2000040 || BLEEDING-EDGE VIRUS Sasser FTP Traffic || url,vil.mcafeesecurity.com/vil/content/Print125009.htm
        2000047 || BLEEDING-EDGE VIRUS Sasser Transfer _up.exe || url,vil.mcafeesecurity.com/vil/content/Print125009.htm
        2000310 || BLEEDING-EDGE VIRUS Probable Zafi VIRUS Outbound via SMTP || url,securityresponse.symantec.com/avcenter/venc/data/w32.erkez.a at ...1512...
        2000561 || BLEEDING-EDGE VIRUS Possible Bagle.AI Worm Outbound || url,securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ag at ...1512...
        2001045 || BLEEDING-EDGE MyDoom.P Query || url,www.sarc.com/avcenter/venc/data/w32.mydoom.p at ...1512...
        2001065 || BLEEDING-EDGE VIRUS Possible Bagle.AQ Worm Outbound || url,securityresponse.symantec.com/avcenter/venc/data/w32.beagle.av at ...1512...
        2001234 || BLEEDING-EDGE Win32/Small.AR outbound activity || url,www.sophos.com/virusinfo/analyses/trojsmallar.html
        2001268 || BLEEDING-EDGE VIRUS SWEN.A Worm detected || url,securityresponse.symantec.com/avcenter/venc/data/w32.swen.a at ...1512...
        2001269 || BLEEDING-EDGE VIRUS Beagle User Agent Detected || url,securityresponse.symantec.com/avcenter/venc/data/w32.beagle.i at ...1512...
        2001270 || BLEEDING-EDGE VIRUS Bagle Worm || url,securityresponse.symantec.com/avcenter/venc/data/w32.beagle.i at ...1512...
        2001273 || BLEEDING-EDGE VIRUS Outbound W32.Novarg.A worm || url,securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.a at ...1512...
        2001274 || BLEEDING-EDGE VIRUS MyDoom/MIMAIL.R Outbound 1 || url,vil.mcafeesecurity.com/vil/content/Print100989.htm
        2001275 || BLEEDING-EDGE VIRUS MyDoom/MIMAIL.R Outbound 2 || url,vil.mcafeesecurity.com/vil/content/Print100989.htm
        2001276 || BLEEDING-EDGE VIRUS MyDoom/MIMAIL.R Outbound 3 || url,vil.mcafeesecurity.com/vil/content/Print100989.htm
        2001277 || BLEEDING-EDGE VIRUS MyDoom/MIMAIL.R Variant Outbound || url,vil.mcafeesecurity.com/vil/content/Print100989.htm || url,vil.mcafeesecurity.com/vil/content/v_101014.htm
        2001278 || BLEEDING-EDGE VIRUS W32.Novarg.A SCO DOS || url,securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.a at ...1512...
        2001279 || BLEEDING-EDGE VIRUS MyDoom.F Worm || url,vil.mcafeesecurity.com/vil/content/v_101014.htm
        2001280 || BLEEDING-EDGE VIRUS Netsky message.zip HEX port 139 || url,antivirus.about.com/cs/allabout/a/netskyp_2.htm
        2001281 || BLEEDING-EDGE VIRUS Netsky message.zip HEX port 445 || url,antivirus.about.com/cs/allabout/a/netskyp_2.htm
        2001282 || BLEEDING-EDGE VIRUS Netsky base64 port 1352 || url,antivirus.about.com/cs/allabout/a/netskyp_2.htm
        2001283 || BLEEDING-EDGE VIRUS Netsky base64 port 25 || url,antivirus.about.com/cs/allabout/a/netskyp_2.htm
        2001284 || BLEEDING-EDGE VIRUS Sober.F Outbound || url,securityresponse.symnatec.com/avcenter/venc/data/w32.sober.f at ...1512...?Open
        2001285 || BLEEDING-EDGE VIRUS Sober.F Outbound || url,securityresponse.symnatec.com/avcenter/venc/data/w32.sober.f at ...1512...?Open
        2001287 || BLEEDING-EDGE VIRUS W32/Stdbot.worm.a || McAfee,125306
        2001288 || BLEEDING-EDGE VIRUS W32/Stdbot.worm.b || McAfee,125306
        2001292 || BLEEDING-EDGE VIRUS Possible Bagle.AI Worm || url,securityresponse.symantec.com/avcenter/venc/data/w32.beagle.i at ...1512...
        2001367 || BLEEDING-EDGE WORM RBOT inbound Bestfriends.scr || url,spree.mnin.org/forums/viewtopic.php?t-104
        2001547 || BLEEDING-EDGE VIRUS Sobig.E-F Trojan Site Download Request || url,securityresponse.symantec.com/avcenter/venc/data/w32.sobig.e at ...1512...
        2001565 || BLEEDING-EDGE Virus Netsky.P Worm - incoming || url,vil.nai.com/vil/content/v_101119.htm
        2001566 || BLEEDING-EDGE Virus Netsky.P Worm detected || url,vil.nai.com/vil/content/v_101119.htm
        2001567 || BLEEDING-EDGE VIRUS Bagel - outbound || url,securityresponse.symantec.com/avcenter/venc/data/w32.beagle.a at ...1512...
        2001568 || BLEEDING-EDGE VIRUS Bagel - incoming || url,securityresponse.symantec.com/avcenter/venc/data/w32.beagle.a at ...1512...
        2001572 || BLEEDING-EDGE VIRUS Zafi Worm - incoming || url,securityresponse.symantec.com/avcenter/venc/data/w32.erkez.b at ...1512...
        2001573 || BLEEDING-EDGE VIRUS Zafi Worm outgoing detected || url,securityresponse.symantec.com/avcenter/venc/data/w32.erkez.b at ...1512...
        2001577 || BLEEDING-EDGE VIRUS Sober.I - incoming || url,securityresponse.symnatec.com/avcenter/venc/data/w32.sober.i at ...1512...
        2001578 || BLEEDING-EDGE VIRUS Sober.I - outbound || url,securityresponse.symnatec.com/avcenter/venc/data/w32.sober.i at ...1512...
        2001607 || BLEEDING-EDGE Virus Possible santy.A Worm Defaced Page || url,securityresponse.symantec.com/avcenter/venc/data/perl.santy.html || url,securityresponse.symantec.com/avcenter/venc/data/perl.santy.html
        2001617 || BLEEDING-EDGE Virus Santy.B worm variants searching for targets || url,securityresponse.symantec.com/avcenter/venc/data/perl.santy.b.html
        2001618 || BLEEDING-EDGE Virus Santy.B worm variants searching for targets || url,securityresponse.symantec.com/avcenter/venc/data/perl.santy.b.html
        2001619 || BLEEDING-EDGE Virus Santy.B worm variants serarching for targets (yahoo) || url,securityresponse.symantec.com/avcenter/venc/data/perl.santy.b.html
        2001726 || BLEEDING-EDGE Virus Trojan-Spy.Win32.Bancos Download || url,securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.b.html
        2001743 || BLEEDING-EDGE Trojan HackerDefender Root Kit Remote Connection Attempt Detected || url,securityresponse.symantec.com/avcenter/venc/data/backdoor.hackerdefender.html
        2001879 || BLEEDING-EDGE VIRUS Sober-style Ehlo - noalert || url,securityresponse.symnatec.com/avcenter/venc/data/w32.sober at ...1512...
        2001880 || BLEEDING-EDGE VIRUS Sober-style Ehlo followed by SMTP AUTH - noalert || url,securityresponse.symnatec.com/avcenter/venc/data/w32.sober at ...1512...
        2001881 || BLEEDING-EDGE VIRUS Possible Sober virus attachment Outbound || url,securityresponse.symnatec.com/avcenter/venc/data/w32.sober at ...1512...
        2001899 || BLEEDING-EDGE Botnet HTTP Botnet reg || url,www.honeynet.org/papers/bots
        2001900 || BLEEDING-EDGE BwB Botnet Checkin || url,www.honeynet.org/papers/bots
        2001913 || BLEEDING-EDGE VIRUS Possible Sober.P Outbound || url,securityresponse.symnatec.com/avcenter/venc/data/w32.sober.o at ...1512...
        2001914 || BLEEDING-EDGE VIRUS Possible Sober.P Inbound || url,securityresponse.symnatec.com/avcenter/venc/data/w32.sober.o at ...1512...
        2001919 || BLEEDING-EDGE VIRUS - Greeting card gif.exe email incoming SMTP || url,securityresponse.symantec.com/avcenter/venc/data/vbs.postcard at ...1512...
        2001920 || BLEEDING-EDGE VIRUS - Greeting card gif.exe email incoming POP3/IMAP || url,securityresponse.symantec.com/avcenter/venc/data/vbs.postcard at ...1512...
        2001921 || BLEEDING-EDGE VIRUS - Greeting card gif.exe email incoming HTTP || url,securityresponse.symantec.com/avcenter/venc/data/vbs.postcard at ...1512...
        2001922 || BLEEDING-EDGE VIRUS Mytob.ED email attachment 1 Outbound || url,securityresponse.symantec.com/avcenter/venc/data/w32.mytob.ed at ...1512...
        2001923 || BLEEDING-EDGE VIRUS Mytob.ED email attachment 2 Outbound || url,securityresponse.symantec.com/avcenter/venc/data/w32.mytob.ed at ...1512...
        2001924 || BLEEDING-EDGE VIRUS Mytob.ED email attachment 3 Outbound || url,securityresponse.symantec.com/avcenter/venc/data/w32.mytob.ed at ...1512...
        2001925 || BLEEDING-EDGE VIRUS Mytob.ED email attachment 1 Inbound || url,securityresponse.symantec.com/avcenter/venc/data/w32.mytob.ed at ...1512...
        2001926 || BLEEDING-EDGE VIRUS Mytob.ED email attachment 2 Inbound || url,securityresponse.symantec.com/avcenter/venc/data/w32.mytob.ed at ...1512...
        2001927 || BLEEDING-EDGE VIRUS Mytob.ED email attachment 3 Inbound || url,securityresponse.symantec.com/avcenter/venc/data/w32.mytob.ed at ...1512...
        2001933 || BLEEDING-EDGE VIRUS PWS Banker Trojan Sending Report of Infection || url,securityresponse.symantec.com/avcenter/venc/data/pwsteal.banker.b.html
        2001967 || BLEEDING-EDGE VIRUS Fireby proxy trojan port report || url,securityresponse.symantec.com/avcenter/venc/data/backdoor.staprew.b.html
        2002059 || BLEEDING-EDGE VIRUS Possible Sober.P Outbound || url,securityresponse.symnatec.com/avcenter/venc/data/w32.sober.o at ...1512...
        2002060 || BLEEDING-EDGE VIRUS Possible Sober.P Inbound || url,securityresponse.symnatec.com/avcenter/venc/data/w32.sober.o at ...1512...

     -> Added to bleeding-web.rules (1):
        #By Blake Hartstein

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (62):
        2000040 || BLEEDING-EDGE VIRUS Sasser FTP Traffic
        2000047 || BLEEDING-EDGE VIRUS Sasser Transfer up.exe
        2000310 || BLEEDING-EDGE VIRUS Probable Zafi VIRUS Outbound via SMTP
        2000561 || BLEEDING-EDGE VIRUS Possible Bagle.AI Worm Outbound
        2001045 || BLEEDING-EDGE MyDoom.P Query
        2001065 || BLEEDING-EDGE VIRUS Possible Bagle.AQ Worm Outbound
        2001234 || BLEEDING-EDGE Win32/Small.AR outbound activity
        2001268 || BLEEDING-EDGE VIRUS SWEN.A Worm detected
        2001269 || BLEEDING-EDGE VIRUS Beagle User Agent Detected
        2001270 || BLEEDING-EDGE VIRUS Bagle Worm
        2001273 || BLEEDING-EDGE VIRUS Outbound W32.Novarg.A worm
        2001274 || BLEEDING-EDGE VIRUS MyDoom/MIMAIL.R Outbound 1
        2001275 || BLEEDING-EDGE VIRUS MyDoom/MIMAIL.R Outbound 2
        2001276 || BLEEDING-EDGE VIRUS MyDoom/MIMAIL.R Outbound 3
        2001277 || BLEEDING-EDGE VIRUS MyDoom/MIMAIL.R Variant Outbound
        2001278 || BLEEDING-EDGE VIRUS W32.Novarg.A SCO DOS
        2001279 || BLEEDING-EDGE VIRUS MyDoom.F Worm
        2001280 || BLEEDING-EDGE VIRUS Netsky message.zip HEX port 139
        2001281 || BLEEDING-EDGE VIRUS Netsky message.zip HEX port 445
        2001282 || BLEEDING-EDGE VIRUS Netsky base64 port 1352
        2001283 || BLEEDING-EDGE VIRUS Netsky base64 port 25
        2001284 || BLEEDING-EDGE VIRUS Sober.F Outbound
        2001285 || BLEEDING-EDGE VIRUS Sober.F Outbound
        2001287 || BLEEDING-EDGE VIRUS W32/Stdbot.worm.a
        2001288 || BLEEDING-EDGE VIRUS W32/Stdbot.worm.b
        2001292 || BLEEDING-EDGE VIRUS Possible Bagle.AI Worm
        2001367 || BLEEDING-EDGE WORM RBOT inbound Bestfriends.scr
        2001547 || BLEEDING-EDGE VIRUS Sobig.E-F Trojan Site Download Request
        2001565 || BLEEDING-EDGE Virus Netsky.P Worm - incoming
        2001566 || BLEEDING-EDGE Virus Netsky.P Worm detected
        2001567 || BLEEDING-EDGE VIRUS Bagel - outbound
        2001568 || BLEEDING-EDGE VIRUS Bagel - incoming
        2001572 || BLEEDING-EDGE VIRUS Zafi Worm - incoming
        2001573 || BLEEDING-EDGE VIRUS Zafi Worm outgoing detected
        2001577 || BLEEDING-EDGE VIRUS Sober.I - incoming
        2001578 || BLEEDING-EDGE VIRUS Sober.I - outbound
        2001607 || BLEEDING-EDGE Virus Possible santy.A Worm Defaced Page || url,securityresponse.symantec.com/avcenter/venc/data/perl.santy.html
        2001617 || BLEEDING-EDGE Virus Santy.B worm variants searching for targets
        2001618 || BLEEDING-EDGE Virus Santy.B worm variants searching for targets
        2001619 || BLEEDING-EDGE Virus Santy.B worm variants serarching for targets (yahoo)
        2001726 || BLEEDING-EDGE Virus Trojan-Spy.Win32.Bancos Download
        2001743 || BLEEDING-EDGE Trojan HackerDefender Root Kit Remote Connection Attempt Detected
        2001879 || BLEEDING-EDGE VIRUS Sober-style Ehlo - noalert
        2001880 || BLEEDING-EDGE VIRUS Sober-style Ehlo followed by SMTP AUTH - noalert
        2001881 || BLEEDING-EDGE VIRUS Possible Sober virus attachment Outbound
        2001899 || BLEEDING-EDGE Botnet HTTP Botnet reg
        2001900 || BLEEDING-EDGE BwB Botnet Checkin
        2001913 || BLEEDING-EDGE VIRUS Possible Sober.P Outbound
        2001914 || BLEEDING-EDGE VIRUS Possible Sober.P Inbound
        2001919 || BLEEDING-EDGE VIRUS - Greeting card gif.exe email incoming SMTP
        2001920 || BLEEDING-EDGE VIRUS - Greeting card gif.exe email incoming POP3/IMAP
        2001921 || BLEEDING-EDGE VIRUS - Greeting card gif.exe email incoming HTTP
        2001922 || BLEEDING-EDGE VIRUS Mytob.ED email attachment 1 Outbound
        2001923 || BLEEDING-EDGE VIRUS Mytob.ED email attachment 2 Outbound
        2001924 || BLEEDING-EDGE VIRUS Mytob.ED email attachment 3 Outbound
        2001925 || BLEEDING-EDGE VIRUS Mytob.ED email attachment 1 Inbound
        2001926 || BLEEDING-EDGE VIRUS Mytob.ED email attachment 2 Inbound
        2001927 || BLEEDING-EDGE VIRUS Mytob.ED email attachment 3 Inbound
        2001933 || BLEEDING-EDGE VIRUS PWS Banker Trojan Sending Report of Infection
        2001967 || BLEEDING-EDGE VIRUS Fireby proxy trojan port report
        2002059 || BLEEDING-EDGE VIRUS Possible Sober.P Outbound
        2002060 || BLEEDING-EDGE VIRUS Possible Sober.P Inbound

     -> Removed from bleeding-web.rules (1):
        #By Blake Harstein





More information about the Snort-sigs mailing list