[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Thu Jul 14 18:07:05 EDT 2005


[***] Results from Oinkmaster started Thu Jul 14 20:00:05 2005 [***]

[+++]          Added rules:          [+++]

 2002088 - BLEEDING-EDGE MALWARE C4tdoanload.com Spyware Activity (bleeding-malware.rules)
 2002089 - BLEEDING-EDGE MALWARE CWS qck.cc Spyware Installer (bleeding-malware.rules)
 2002090 - BLEEDING-EDGE MALWARE IEHelp.net Spyware Installer (bleeding-malware.rules)
 2002091 - BLEEDING-EDGE Malware Searchmiracle.com Spyware Install -- silent.exe (bleeding-malware.rules)
 2002092 - BLEEDING-EDGE Malware yupsearch.com Spyware Install -- protector.exe (bleeding-malware.rules)
 2002093 - BLEEDING-EDGE MALWARE Likely Trojan/Spyware Installer Requested (bleeding-malware.rules)
 2002094 - BLEEDING-EDGE MALWARE MSUpdater.net Spyware Checkin (bleeding-malware.rules)
 2002095 - BLEEDING-EDGE MALWARE CWS qck.cc Spyware Installer (bleeding-malware.rules)
 2002096 - BLEEDING-EDGE MALWARE IEHelp.net Spyware checkin (bleeding-malware.rules)
 2002097 - BLEEDING-EDGE Malware IEHelp.net Spyware User Agent Activity (bleeding-malware.rules)
 2002098 - BLEEDING-EDGE Malware yupsearch.com Spyware Install -- sideb.exe (bleeding-malware.rules)


[///]     Modified active rules:     [///]

 2000587 - BLEEDING-EDGE Malware SpywareLabs VirtualBouncer Seeking Instructions (bleeding-malware.rules)
 2000900 - BLEEDING-EDGE Malware JoltID Agent Probing or Announcing UDP (bleeding-malware.rules)
 2001015 - BLEEDING-EDGE Malware JoltID Agent Keep-Alive (bleeding-malware.rules)
 2001266 - BLEEDING-EDGE MALWARE Browseraid.com Agent Reporting Data (bleeding-malware.rules)
 2001293 - BLEEDING-EDGE Malware Featured-Results.com Agent Reporting Data (bleeding-malware.rules)
 2001308 - BLEEDING-EDGE Malware Internet Optomizer Reporting Data (bleeding-malware.rules)
 2001336 - BLEEDING-EDGE Malware Internet Optimizer Spyware Agent Upload (bleeding-malware.rules)
 2001396 - BLEEDING-EDGE Malware Internet Optimizer Spyware Install (bleeding-malware.rules)
 2001441 - BLEEDING-EDGE MALWARE Abox Install Report (bleeding-malware.rules)
 2001442 - BLEEDING-EDGE Malware Statblaster.MemoryWatcher Download (bleeding-malware.rules)
 2001445 - BLEEDING-EDGE Malware PeopleOnPage Install (bleeding-malware.rules)
 2001448 - BLEEDING-EDGE Malware MediaTickets Download (bleeding-malware.rules)
 2001450 - BLEEDING-EDGE MALWARE Wintools Download/Configure (bleeding-malware.rules)
 2001459 - BLEEDING-EDGE Malware Overpro Spyware Games (bleeding-malware.rules)
 2001479 - BLEEDING-EDGE Malware Coolsearch Spyware Install (bleeding-malware.rules)
 2001481 - BLEEDING-EDGE Malware MediaTickets Spyware Install (bleeding-malware.rules)
 2001490 - BLEEDING-EDGE Malware ICQ-Update.biz Reporting Install (bleeding-malware.rules)
 2001499 - BLEEDING-EDGE Malware Look2me Spyware Activity (bleeding-malware.rules)
 2001502 - BLEEDING-EDGE Malware Look2me Spyware Activity (bleeding-malware.rules)
 2001505 - BLEEDING-EDGE Malware Smartpops.com Spyware Install (bleeding-malware.rules)
 2001513 - BLEEDING-EDGE Malware Smartpops.com Spyware Update (bleeding-malware.rules)
 2001514 - BLEEDING-EDGE Malware SurfAssistant.com Spyware Reporting (bleeding-malware.rules)
 2001516 - BLEEDING-EDGE Malware Smartpops.com Spyware Install (bleeding-malware.rules)
 2001521 - BLEEDING-EDGE MALWARE Spywaremover Activity (bleeding-malware.rules)
 2001529 - BLEEDING-EDGE MALWARE Casalemedia Access, Likely Spyware (bleeding-malware.rules)
 2001531 - BLEEDING-EDGE MALWARE C4tdoanload.com Access, Likely Spyware (bleeding-malware.rules)
 2001532 - BLEEDING-EDGE Malware Searchmiracle.com Access, Likely Spyware (bleeding-malware.rules)
 2001534 - BLEEDING-EDGE Malware Searchmiracle.com Spyware Install (bleeding-malware.rules)
 2001662 - BLEEDING-EDGE Malware MyWebSearch Toolbar Traffic (bleeding-malware.rules)
 2001679 - BLEEDING-EDGE Malware JoltID Agent P2P via Proxy Server (bleeding-malware.rules)
 2001696 - BLEEDING-EDGE Malware Search Relevancy Spyware (bleeding-malware.rules)
 2001702 - BLEEDING-EDGE Malware Shop at Home Select Spyware Activity (bleeding-malware.rules)
 2001708 - BLEEDING-EDGE Malware Shop at Home Select Spyware Heartbeat (bleeding-malware.rules)
 2001709 - BLEEDING-EDGE Malware Shop at Home Select Spyware Config Download (bleeding-malware.rules)
 2001747 - BLEEDING-EDGE Malware My-Stats.com Spyware Checkin (bleeding-malware.rules)
 2001884 - BLEEDING-EDGE MALWARE DesktopTraffic Toolbar Spyware (bleeding-malware.rules)
 2001885 - BLEEDING-EDGE MALWARE Begin2Search.com Spyware (bleeding-malware.rules)
 2002000 - BLEEDING-EDGE MALWARE Shopnav Spyware Install (bleeding-malware.rules)
 2002017 - BLEEDING-EDGE Malware Overpro Spyware Install Report (bleeding-malware.rules)
 2002037 - BLEEDING-EDGE Malware Shop at Home Select Spyware Install (bleeding-malware.rules)
 2002043 - BLEEDING-EDGE Malware Shop at Home Select Spyware Config Download (bleeding-malware.rules)


[///]    Modified inactive rules:    [///]

 2000901 - BLEEDING-EDGE Malware JoltID Agent Communicating TCP (bleeding-malware.rules)


[---]         Disabled rules:        [---]

 2000935 - BLEEDING-EDGE Malware EUniverse-thunderdownloads Update Engine (bleeding-malware.rules)
 2001665 - BLEEDING-EDGE Malware Unknown Suspicious PrintMe Suspected Spyware (bleeding-malware.rules)


[---]         Removed rules:         [---]

 2001519 - BLEEDING-EDGE Malware ICQ-Update.biz Reporting Install (bleeding-malware.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (36):
        2000587 || BLEEDING-EDGE Malware SpywareLabs VirtualBouncer Seeking Instructions || url,securityresponse.symantec.com/avcenter/venc/data/adware.virtualbouncer.html
        2000900 || BLEEDING-EDGE Malware JoltID Agent Probing or Announcing UDP || url,securityresponse.symantec.com/avcenter/venc/data/adware/p2pnetworking.html || url,forum.treweeke.com/lofiversion/index.php/t597.html || url,www.joltid.com
        2000901 || BLEEDING-EDGE Malware JoltID Agent Communicating TCP || url,securityresponse.symantec.com/avcenter/venc/data/adware/p2pnetworking.html || url,forum.treweeke.com/lofiversion/index.php/t597.html || url,www.joltid.com
        2001015 || BLEEDING-EDGE Malware JoltID Agent Keep-Alive || url,securityresponse.symantec.com/avcenter/venc/data/adware/p2pnetworking.html || url,forum.treweeke.com/lofiversion/index.php/t597.html || url,www.joltid.com
        2001308 || BLEEDING-EDGE Malware Internet Optomizer Reporting Data || url,securityresponse.symantec.com/avcenter/venc/data/adware.netoptimizer.html
        2001336 || BLEEDING-EDGE Malware Internet Optimizer Spyware Agent Upload || url,securityresponse.symantec.com/avcenter/venc/data/adware.netoptimizer.html
        2001396 || BLEEDING-EDGE Malware Internet Optimizer Spyware Install || url,securityresponse.symantec.com/avcenter/venc/data/adware.netoptimizer.html
        2001448 || BLEEDING-EDGE Malware MediaTickets Download || url,securityresponse.symantec.com/avcenter/venc/data/adware.winad.html
        2001459 || BLEEDING-EDGE Malware Overpro Spyware Games || url,securityresponse.symnatec.com/avcenter/venc/data/adware.overpro.html
        2001481 || BLEEDING-EDGE Malware MediaTickets Spyware Install || url,securityresponse.symantec.com/avcenter/venc/data/adware.winad.html
        2001499 || BLEEDING-EDGE Malware Look2me Spyware Activity || url,securityresponse.symantec.com/avcenter/venc/data/adware.look2me.html
        2001502 || BLEEDING-EDGE Malware Look2me Spyware Activity || url,securityresponse.symantec.com/avcenter/venc/data/adware.look2me.html
        2001505 || BLEEDING-EDGE Malware Smartpops.com Spyware Install || url,securityresponse.symantec.com/avcenter/venc/data/adware.smartpops.html
        2001513 || BLEEDING-EDGE Malware Smartpops.com Spyware Update || url,securityresponse.symantec.com/avcenter/venc/data/adware.smartpops.html
        2001516 || BLEEDING-EDGE Malware Smartpops.com Spyware Install || url,securityresponse.symantec.com/avcenter/venc/data/adware.smartpops.html
        2001531 || BLEEDING-EDGE MALWARE C4tdoanload.com Access, Likely Spyware || url,sarc.com/avcenter/venc/data/adware.clickdloader.b.html
        2001532 || BLEEDING-EDGE Malware Searchmiracle.com Access, Likely Spyware || url,securityresponse.symantec.com/avcenter/venc/data/adware.elitebar.html
        2001679 || BLEEDING-EDGE Malware JoltID Agent P2P via Proxy Server || url,securityresponse.symantec.com/avcenter/venc/data/adware/p2pnetworking.html
        2001696 || BLEEDING-EDGE Malware Search Relevancy Spyware || url,securityresponse.symantec.com/avcenter/venc/data/spyware.relevancy
        2001708 || BLEEDING-EDGE Malware Shop at Home Select Spyware Heartbeat || url,securityresponse.symantec.com/avcenter/venc/data/adware.sahagent.html
        2001709 || BLEEDING-EDGE Malware Shop at Home Select Spyware Config Download || url,securityresponse.symantec.com/avcenter/venc/data/adware.sahagent.html
        2002000 || BLEEDING-EDGE MALWARE Shopnav Spyware Install || url,securityresponse.symantec.com/avcenter/venc/data/spyware.shopnav.html
        2002017 || BLEEDING-EDGE Malware Overpro Spyware Install Report || url,securityresponse.symnatec.com/avcenter/venc/data/adware.overpro.html
        2002037 || BLEEDING-EDGE Malware Shop at Home Select Spyware Install || url,securityresponse.symantec.com/avcenter/venc/data/adware.sahagent.html
        2002043 || BLEEDING-EDGE Malware Shop at Home Select Spyware Config Download || url,securityresponse.symantec.com/avcenter/venc/data/adware.sahagent.html
        2002088 || BLEEDING-EDGE MALWARE C4tdoanload.com Spyware Activity || url,sarc.com/avcenter/venc/data/adware.clickdloader.b.html
        2002089 || BLEEDING-EDGE MALWARE CWS qck.cc Spyware Installer
        2002090 || BLEEDING-EDGE MALWARE IEHelp.net Spyware Installer || url,securityresponse.symantec.com/avcenter/venc/data/trojan.domcom.html
        2002091 || BLEEDING-EDGE Malware Searchmiracle.com Spyware Install -- silent.exe || url,www.searchmiracle.com
        2002092 || BLEEDING-EDGE Malware yupsearch.com Spyware Install -- protector.exe || url,www.yupsearch.com
        2002093 || BLEEDING-EDGE MALWARE Likely Trojan/Spyware Installer Requested
        2002094 || BLEEDING-EDGE MALWARE MSUpdater.net Spyware Checkin
        2002095 || BLEEDING-EDGE MALWARE CWS qck.cc Spyware Installer
        2002096 || BLEEDING-EDGE MALWARE IEHelp.net Spyware checkin || url,securityresponse.symantec.com/avcenter/venc/data/trojan.domcom.html
        2002097 || BLEEDING-EDGE Malware IEHelp.net Spyware User Agent Activity
        2002098 || BLEEDING-EDGE Malware yupsearch.com Spyware Install -- sideb.exe || url,www.yupsearch.com

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (26):
        2000587 || BLEEDING-EDGE Malware SpywareLabs VirtualBouncer Seeking Instructions
        2000900 || BLEEDING-EDGE Malware JoltID Agent Probing or Announcing UDP || url,forum.treweeke.com/lofiversion/index.php/t597.html || url,www.joltid.com
        2000901 || BLEEDING-EDGE Malware JoltID Agent Communicating TCP || url,forum.treweeke.com/lofiversion/index.php/t597.html || url,www.joltid.com
        2001015 || BLEEDING-EDGE Malware JoltID Agent Keep-Alive || url,forum.treweeke.com/lofiversion/index.php/t597.html || url,www.joltid.com
        2001308 || BLEEDING-EDGE Malware Internet Optomizer Reporting Data
        2001336 || BLEEDING-EDGE Malware Internet Optimizer Spyware Agent Upload
        2001396 || BLEEDING-EDGE Malware Internet Optimizer Spyware Install
        2001448 || BLEEDING-EDGE Malware MediaTickets Download
        2001459 || BLEEDING-EDGE Malware Overpro Spyware Games
        2001481 || BLEEDING-EDGE Malware MediaTickets Spyware Install
        2001499 || BLEEDING-EDGE Malware Look2me Spyware Activity
        2001502 || BLEEDING-EDGE Malware Look2me Spyware Activity
        2001505 || BLEEDING-EDGE Malware Smartpops.com Spyware Install
        2001513 || BLEEDING-EDGE Malware Smartpops.com Spyware Update
        2001516 || BLEEDING-EDGE Malware Smartpops.com Spyware Install
        2001519 || BLEEDING-EDGE Malware ICQ-Update.biz Reporting Install
        2001531 || BLEEDING-EDGE MALWARE C4tdoanload.com Access, Likely Spyware
        2001532 || BLEEDING-EDGE Malware Searchmiracle.com Access, Likely Spyware
        2001679 || BLEEDING-EDGE Malware JoltID Agent P2P via Proxy Server
        2001696 || BLEEDING-EDGE Malware Search Relevancy Spyware
        2001708 || BLEEDING-EDGE Malware Shop at Home Select Spyware Heartbeat
        2001709 || BLEEDING-EDGE Malware Shop at Home Select Spyware Config Download
        2002000 || BLEEDING-EDGE MALWARE Shopnav Spyware Install
        2002017 || BLEEDING-EDGE Malware Overpro Spyware Install Report
        2002037 || BLEEDING-EDGE Malware Shop at Home Select Spyware Install
        2002043 || BLEEDING-EDGE Malware Shop at Home Select Spyware Config Download





More information about the Snort-sigs mailing list