[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Sun Jul 24 18:01:50 EDT 2005


[***] Results from Oinkmaster started Sun Jul 24 20:00:03 2005 [***]

[+++]          Added rules:          [+++]

 2002138 - BLEEDING-EDGE GAMES World of Warcraft connection (bleeding-game.rules)
 2002139 - BLEEDING-EDGE GAMES World of Warcraft failed logon (bleeding-game.rules)
 2002140 - BLEEDING-EDGE GAMES Battle.net user joined channel (bleeding-game.rules)
 2002141 - BLEEDING-EDGE GAMES Battle.net user left channel (bleeding-game.rules)
 2002142 - BLEEDING-EDGE GAMES Battle.net received whisper message (bleeding-game.rules)
 2002143 - BLEEDING-EDGE GAMES Battle.net received server broadcast (bleeding-game.rules)
 2002144 - BLEEDING-EDGE GAMES Battle.net joined channel (bleeding-game.rules)
 2002145 - BLEEDING-EDGE GAMES Battle.net user had a flags update (bleeding-game.rules)
 2002146 - BLEEDING-EDGE GAMES Battle.net sent a whisper (bleeding-game.rules)
 2002147 - BLEEDING-EDGE GAMES Battle.net channel full (bleeding-game.rules)
 2002148 - BLEEDING-EDGE GAMES Battle.net channel doesn't exist (bleeding-game.rules)
 2002149 - BLEEDING-EDGE GAMES Battle.net channel is restricted (bleeding-game.rules)
 2002150 - BLEEDING-EDGE GAMES Battle.net informational message (bleeding-game.rules)
 2002151 - BLEEDING-EDGE GAMES Battle.net error message (bleeding-game.rules)
 2002152 - BLEEDING-EDGE GAMES Battle.net 'emote' message (bleeding-game.rules)
 2002153 - BLEEDING-EDGE MALWARE EXE as User Agent -- Potential Spyware (bleeding-malware.rules)
 2002154 - BLEEDINg-EDGE GAMES Guild Wars connection (bleeding-game.rules)


[///]     Modified active rules:     [///]

 2000026 - BLEEDING-EDGE Malware Gator Agent Traffic (bleeding-malware.rules)
 2000586 - BLEEDING-EDGE Malware Ezula Related Calling Home (bleeding-malware.rules)
 2001019 - BLEEDING-EDGE Malware SideStep Bar Autoupdate (bleeding-malware.rules)
 2001295 - BLEEDING-EDGE MALWARE Browseraid.com Agent (bleeding-malware.rules)
 2001487 - BLEEDING-EDGE Malware Tibsystems Spyware Activity (bleeding-malware.rules)
 2001492 - BLEEDING-EDGE Malware ISearchTech.com XXXPornToolbar Activity (bleeding-malware.rules)
 2001493 - BLEEDING-EDGE Malware ISearchTech.com XXXPornToolbar Activity (bleeding-malware.rules)
 2001498 - BLEEDING-EDGE Malware Internet Optimizer Activity (bleeding-malware.rules)
 2001504 - BLEEDING-EDGE Malware Medialoads.com Spyware Activity (bleeding-malware.rules)
 2001507 - BLEEDING-EDGE Malware Medialoads.com Spyware Identifying Country of Origin (bleeding-malware.rules)
 2001522 - BLEEDING-EDGE Malware SpywareLabs Application Install (bleeding-malware.rules)
 2001562 - BLEEDING-EDGE Malware MarketScore.com Spyware User Configuration and Setup Access (bleeding-malware.rules)
 2001639 - BLEEDING-EDGE Malware Wild Tangent Agent Activity (bleeding-malware.rules)
 2001640 - BLEEDING-EDGE MALWARE Altnet PeerPoints Manager Traffic (bleeding-malware.rules)
 2001652 - BLEEDING-EDGE Malware JoltID Agent New Code Download (bleeding-malware.rules)
 2001654 - BLEEDING-EDGE Malware JoltID Agent Requesting File (bleeding-malware.rules)
 2001699 - BLEEDING-EDGE Malware YourSiteBar Activity (bleeding-malware.rules)
 2001702 - BLEEDING-EDGE Malware Shop at Home Select Spyware Activity (bleeding-malware.rules)
 2001703 - BLEEDING-EDGE Malware Context Plus Spyware Activity (bleeding-malware.rules)
 2001706 - BLEEDING-EDGE Malware Context Plus Spyware Activity (bleeding-malware.rules)
 2001707 - BLEEDING-EDGE Malware Shop at Home Select Spyware Activity (bleeding-malware.rules)
 2001732 - BLEEDING-EDGE Malware Top Converting Agent Activity (bleeding-malware.rules)
 2001736 - BLEEDING-EDGE Malware UCMore Spyware Activity (bleeding-malware.rules)
 2001746 - BLEEDING-EDGE Malware Enhance My Search Spyware Activity (bleeding-malware.rules)
 2001852 - BLEEDING-EDGE MALWARE 404Search Spyware User Agent (bleeding-malware.rules)
 2001853 - BLEEDING-EDGE MALWARE Easy Search Bar Spyware User Agent (bleeding-malware.rules)
 2001854 - BLEEDING-EDGE MALWARE EZULA Spyware User Agent (bleeding-malware.rules)
 2001855 - BLEEDING-EDGE MALWARE Fun Web Products Spyware User Agent (bleeding-malware.rules)
 2001858 - BLEEDING-EDGE MALWARE Hotbar Spyware User Agent (bleeding-malware.rules)
 2001859 - BLEEDING-EDGE MALWARE Cool Web Search Spyware User Agent (bleeding-malware.rules)
 2001860 - BLEEDING-EDGE MALWARE Kontiki Spyware User Agent (bleeding-malware.rules)
 2001861 - BLEEDING-EDGE MALWARE Micro-Gaming Spyware User Agent (bleeding-malware.rules)
 2001863 - BLEEDING-EDGE MALWARE Fun Web Products Spyware User Agent (bleeding-malware.rules)
 2001864 - BLEEDING-EDGE MALWARE Fun Web Products Spyware User Agent (bleeding-malware.rules)
 2001865 - BLEEDING-EDGE MALWARE MyWebSearch Spyware User Agent (bleeding-malware.rules)
 2001866 - BLEEDING-EDGE MALWARE Smartpops/Mediaload Spyware User Agent (bleeding-malware.rules)
 2001867 - BLEEDING-EDGE MALWARE Search Engine 2000 Spyware User Agent (bleeding-malware.rules)
 2001868 - BLEEDING-EDGE MALWARE SureSeeker Spyware User Agent (bleeding-malware.rules)
 2001869 - BLEEDING-EDGE MALWARE Sidesearch Spyware User Agent (bleeding-malware.rules)
 2001870 - BLEEDING-EDGE MALWARE Surfplayer Spyware User Agent (bleeding-malware.rules)
 2001871 - BLEEDING-EDGE MALWARE Target Saver Spyware User Agent (bleeding-malware.rules)
 2001872 - BLEEDING-EDGE MALWARE Visicom Spyware User Agent (bleeding-malware.rules)
 2002002 - BLEEDING-EDGE Malware Better Internet Spyware User Agent Activity (bleeding-malware.rules)
 2002011 - BLEEDING-EDGE Malware PeopleonPage Spyware User Agent Activity (bleeding-malware.rules)
 2002014 - BLEEDING-EDGE Malware Grandstreet Interactive Spyware User Agent Activity (bleeding-malware.rules)
 2002020 - BLEEDING-EDGE Malware Overpro Spyware User Agent Activity (bleeding-malware.rules)
 2002038 - BLEEDING-EDGE Malware Shopathomeselect.com Spyware User Agent Activity (bleeding-malware.rules)
 2002039 - BLEEDING-EDGE Malware Better Internet Spyware User Agent Activity (bleeding-malware.rules)
 2002071 - BLEEDING-EDGE Malware XupiterToolbar Spyware User Agent Activity (bleeding-malware.rules)
 2002073 - BLEEDING-EDGE Malware General Spyware User Agent Activity (bleeding-malware.rules)
 2002074 - BLEEDING-EDGE Malware Win32.Stubby Spyware User Agent Activity (bleeding-malware.rules)
 2002076 - BLEEDING-EDGE Malware New.net Spyware User Agent Activity (bleeding-malware.rules)
 2002077 - BLEEDING-EDGE Malware IEBar Spyware User Agent Activity (bleeding-malware.rules)
 2002078 - BLEEDING-EDGE Malware SideStep Spyware User Agent Activity (bleeding-malware.rules)
 2002079 - BLEEDING-EDGE MALWARE MyWaySearch Products Spyware User Agent (bleeding-malware.rules)
 2002080 - BLEEDING-EDGE MALWARE MySearch Products Spyware User Agent (bleeding-malware.rules)
 2002082 - BLEEDING-EDGE Malware Unknown Spyware User Agent Activity -- Please report to bleedingsnort.com (bleeding-malware.rules)
 2002097 - BLEEDING-EDGE Malware IEHelp.net Spyware User Agent Activity (bleeding-malware.rules)
 2002101 - BLEEDING-EDGE GAMES Battle.net Starcraft login (bleeding-game.rules)
 2002102 - BLEEDING-EDGE GAMES Battle.net Brood War login (bleeding-game.rules)
 2002103 - BLEEDING-EDGE GAMES Battle.net Diablo login (bleeding-game.rules)
 2002104 - BLEEDING-EDGE GAMES Battle.net Diablo 2 login (bleeding-game.rules)
 2002105 - BLEEDING-EDGE GAMES Battle.net Diablo 2 Lord of Destruction login (bleeding-game.rules)
 2002106 - BLEEDING-EDGE GAMES Battle.net Warcraft 2 login (bleeding-game.rules)
 2002107 - BLEEDING-EDGE GAMES Battle.net Warcraft 3 login (bleeding-game.rules)
 2002108 - BLEEDING-EDGE GAMES Battle.net Warcraft 3\: The Frozen throne login (bleeding-game.rules)
 2002109 - BLEEDING-EDGE GAMES Battle.net old game version (bleeding-game.rules)
 2002112 - BLEEDING-EDGE GAMES Battle.net cdkey in use (bleeding-game.rules)
 2002117 - BLEEDING-EDGE GAMES Battle.net connection reset (possible IP-Ban) (bleeding-game.rules)
 2002118 - BLEEDING-EDGE GAMES Battle.net user in channel (bleeding-game.rules)
 2002119 - BLEEDING-EDGE GAMES Battle.net outgoing chat message (bleeding-game.rules)


[---]         Removed rules:         [---]

 2001506 - BLEEDING-EDGE Malware Smartpops.com Spyware Activity (bleeding-malware.rules)
 2001851 - BLEEDING-EDGE MALWARE Thinking Media Spyware User Agent (bleeding-malware.rules)
 2002075 - BLEEDING-EDGE Malware OCSLab AutoUpdater Unknown/Spyware User Agent Activity (bleeding-malware.rules)
 2002081 - BLEEDING-EDGE Malware Possible Funwebproducts or Unknown/Spyware User Agent Activity -- Please report to bleedingsnort.com (bleeding-malware.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-game.rules (2):
        # World of Warcraft rules, though written by Ron, are thanks to information from Justin (UserLoser)
        # Guild wars rues, again written by Ron, are thanks to information from Ian (Romi)

     -> Added to bleeding-sid-msg.map (2):
        2002082 || BLEEDING-EDGE Malware Unknown Spyware User Agent Activity -- Please report to bleedingsnort.com || url,www.bleedingsnort.com/staticpages/index.php?page=unknown
        2002153 || BLEEDING-EDGE MALWARE EXE as User Agent -- Potential Spyware

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-malware.rules (1):
        #Disabling, this user-agent is used in many legit apps as well, although not MSIE

     -> Removed from bleeding-sid-msg.map (5):
        2001506 || BLEEDING-EDGE Malware Smartpops.com Spyware Activity
        2001851 || BLEEDING-EDGE MALWARE Thinking Media Spyware User Agent || url,www.bleedingsnort.com/article.php?story=20050303190103553
        2002075 || BLEEDING-EDGE Malware OCSLab AutoUpdater Unknown/Spyware User Agent Activity || url,www.bleedingsnort.com/staticpages/index.php?page=unknown
        2002081 || BLEEDING-EDGE Malware Possible Funwebproducts or Unknown/Spyware User Agent Activity -- Please report to bleedingsnort.com || url,www.bleedingsnort.com/staticpages/index.php?page=unknown
        2002082 || BLEEDING-EDGE Malware Unknown Spyware User Agent Activity || url,www.bleedingsnort.com/staticpages/index.php?page=unknown





More information about the Snort-sigs mailing list