[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Thu Jul 28 18:03:29 EDT 2005


[***] Results from Oinkmaster started Thu Jul 28 20:00:05 2005 [***]

[+++]          Added rules:          [+++]

 2002157 - BLEEDING-EDGE POLICY Skype User-Agent detected (bleeding-policy.rules)


[///]     Modified active rules:     [///]

 2000025 - BLEEDING-EDGE Malware Gator Cookie (bleeding-malware.rules)
 2000335 - BLEEDING-EDGE P2P Overnet Server Announce (bleeding-p2p.rules)
 2000338 - BLEEDING-EDGE P2P iroffer IRC Bot help message (bleeding-p2p.rules)
 2000339 - BLEEDING-EDGE P2P iroffer IRC Bot offered files advertisement (bleeding-p2p.rules)
 2000595 - BLEEDING-EDGE Malware Gator Checkin (bleeding-malware.rules)
 2000596 - BLEEDING-EDGE Malware Gator/Claria Data Submission (bleeding-malware.rules)
 2000597 - BLEEDING-EDGE Malware Gator New Code Download (bleeding-malware.rules)
 2001090 - BLEEDING-EDGE WEB-MISC cross site scripting stealth attempt to execute Javascript code (bleeding-web.rules)
 2001091 - BLEEDING-EDGE WEB-MISC cross site scripting stealth attempt to execute VBScript code (bleeding-web.rules)
 2001092 - BLEEDING-EDGE WEB-MISC cross site scripting stealth attempt to access SHELL\: (bleeding-web.rules)
 2001101 - BLEEDING-EDGE EXPLOIT Stealth attempt to execute Javascript code (bleeding-exploit.rules)
 2001102 - BLEEDING-EDGE EXPLOIT Stealth attempt to execute VBScript code (bleeding-exploit.rules)
 2001103 - BLEEDING-EDGE EXPLOIT Stealth attempt to access SHELL\: (bleeding-exploit.rules)
 2001185 - BLEEDING-EDGE P2P Soulseek traffic (bleeding-p2p.rules)
 2001186 - BLEEDING-EDGE P2P Soulseek traffic (bleeding-p2p.rules)
 2001187 - BLEEDING-EDGE P2P Soulseek Filesearch Results (bleeding-p2p.rules)
 2001188 - BLEEDING-EDGE P2P Soulseek (bleeding-p2p.rules)
 2001296 - BLEEDING-EDGE P2P eDonkey File Status (bleeding-p2p.rules)
 2001297 - BLEEDING-EDGE P2P eDonkey File Status Request (bleeding-p2p.rules)
 2001298 - BLEEDING-EDGE P2P eDonkey Server Status Request (bleeding-p2p.rules)
 2001299 - BLEEDING-EDGE P2P eDonkey Server Status (bleeding-p2p.rules)
 2001305 - BLEEDING-EDGE P2P eDonkey Search (bleeding-p2p.rules)
 2001306 - BLEEDING-EDGE Malware Gator/Clarian Agent (bleeding-malware.rules)
 2001345 - BLEEDING-EDGE MALWARE Bonziportal Traffic (bleeding-malware.rules)
 2001493 - BLEEDING-EDGE Malware ISearchTech.com XXXPornToolbar Activity (bleeding-malware.rules)
 2001521 - BLEEDING-EDGE MALWARE Spywaremover Activity (bleeding-malware.rules)
 2001546 - BLEEDING-EDGE WEB-MISC LINK Method (bleeding-web.rules)
 2001635 - BLEEDING-EDGE DOS HTTP GET with newline appended (bleeding-dos.rules)
 2001636 - BLEEDING-EDGE DOS squ1rt Apache DoS (bleeding-dos.rules)
 2001664 - BLEEDING-EDGE P2P Gnutella Connect (bleeding-p2p.rules)
 2001705 - BLEEDING-EDGE Malware Flingstone Spyware Install (bleeding-malware.rules)
 2001710 - BLEEDING-EDGE Malware Flingstone Spyware Install (bleeding-malware.rules)
 2001796 - BLEEDING-EDGE P2P kazaa over UDP (bleeding-p2p.rules)
 2001808 - BLEEDING-EDGE P2P LimeWire P2P Traffic (bleeding-p2p.rules)
 2001809 - BLEEDING-EDGE P2P Limewire P2P UDP Traffic (bleeding-p2p.rules)
 2001812 - BLEEDING-EDGE KazaaClient P2P Traffic (bleeding-p2p.rules)
 2001841 - BLEEDING-EDGE P2P UDP traffic -- Likely Limewire (bleeding-p2p.rules)
 2002033 - BLEEDING-EDGE TROJAN BOT - potential response (bleeding-virus.rules)
 2002089 - BLEEDING-EDGE MALWARE CWS qck.cc Spyware Installer (bleeding-malware.rules)
 2002095 - BLEEDING-EDGE MALWARE CWS qck.cc Spyware Installer (bleeding-malware.rules)


[///]    Modified inactive rules:    [///]

 2001300 - BLEEDING-EDGE P2P eDonkey Hello Request (bleeding-p2p.rules)


[---]         Disabled rules:        [---]

 2002124 - BLEEDING-EDGE EXPLOIT Potential MS05-036 exploit -- PNG with embedded ICC document (bleeding-exploit.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-exploit.rules (1):
        # This is disabled by default because it hits on any PNG. It is a good sig, but you must understand more than average to use it

     -> Added to bleeding-policy.rules (1):
        #By Robert Grabowsky

     -> Added to bleeding-sid-msg.map (32):
        2000025 || BLEEDING-EDGE Malware Gator Cookie || url,www3.ca.com/securityadvisor/pest/content.aspx?q=67999
        2000335 || BLEEDING-EDGE P2P Overnet Server Announce || url,www.overnet.com
        2000338 || BLEEDING-EDGE P2P iroffer IRC Bot help message || url,iroffer.org
        2000339 || BLEEDING-EDGE P2P iroffer IRC Bot offered files advertisement || url,iroffer.org
        2000595 || BLEEDING-EDGE Malware Gator Checkin || url,www3.ca.com/securityadvisor/pest/content.aspx?q=67999
        2000596 || BLEEDING-EDGE Malware Gator/Claria Data Submission || url,www3.ca.com/securityadvisor/pest/content.aspx?q=67999
        2000597 || BLEEDING-EDGE Malware Gator New Code Download || url,www3.ca.com/securityadvisor/pest/content.aspx?q=67999
        2001185 || BLEEDING-EDGE P2P Soulseek traffic || url,www.slsknet.org
        2001186 || BLEEDING-EDGE P2P Soulseek traffic || url,www.slsknet.org
        2001187 || BLEEDING-EDGE P2P Soulseek Filesearch Results || url,www.slsknet.org
        2001188 || BLEEDING-EDGE P2P Soulseek || url,www.slsknet.org
        2001296 || BLEEDING-EDGE P2P eDonkey File Status || url,www.edonkey.com
        2001297 || BLEEDING-EDGE P2P eDonkey File Status Request || url,www.edonkey.com
        2001298 || BLEEDING-EDGE P2P eDonkey Server Status Request || url,www.edonkey.com
        2001299 || BLEEDING-EDGE P2P eDonkey Server Status || url,www.edonkey.com
        2001300 || BLEEDING-EDGE P2P eDonkey Hello Request || url,www.edonkey.com
        2001305 || BLEEDING-EDGE P2P eDonkey Search || url,www.edonkey.com
        2001306 || BLEEDING-EDGE Malware Gator/Clarian Agent || url,www3.ca.com/securityadvisor/pest/content.aspx?q=67999
        2001345 || BLEEDING-EDGE MALWARE Bonziportal Traffic || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=59256
        2001521 || BLEEDING-EDGE MALWARE Spywaremover Activity || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453087903
        2001546 || BLEEDING-EDGE WEB-MISC LINK Method || url,www.w3.org/Protocols/HTTP/Methods/Link.html
        2001635 || BLEEDING-EDGE DOS HTTP GET with newline appended || cve,2004-0942
        2001636 || BLEEDING-EDGE DOS squ1rt Apache DoS || cve,2004-0942
        2001664 || BLEEDING-EDGE P2P Gnutella Connect || url,www.gnutella.com
        2001705 || BLEEDING-EDGE Malware Flingstone Spyware Install || url,securityresponse.symantec.com/avcenter/venc/data/adware.winfavorites.html
        2001710 || BLEEDING-EDGE Malware Flingstone Spyware Install || url,securityresponse.symantec.com/avcenter/venc/data/adware.winfavorites.html
        2001796 || BLEEDING-EDGE P2P kazaa over UDP || url,www.kazaa.com/us/index.htm
        2001812 || BLEEDING-EDGE KazaaClient P2P Traffic || url,www.kazaa.com/us/index.htm
        2001841 || BLEEDING-EDGE P2P UDP traffic -- Likely Limewire || url,www.limewire.com
        2002089 || BLEEDING-EDGE MALWARE CWS qck.cc Spyware Installer || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453076035
        2002095 || BLEEDING-EDGE MALWARE CWS qck.cc Spyware Installer || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453076035
        2002157 || BLEEDING-EDGE POLICY Skype User-Agent detected

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (31):
        2000025 || BLEEDING-EDGE Malware Gator Cookie
        2000335 || BLEEDING-EDGE P2P Overnet Server Announce
        2000338 || BLEEDING-EDGE P2P iroffer IRC Bot help message
        2000339 || BLEEDING-EDGE P2P iroffer IRC Bot offered files advertisement
        2000595 || BLEEDING-EDGE Malware Gator Checkin
        2000596 || BLEEDING-EDGE Malware Gator/Claria Data Submission
        2000597 || BLEEDING-EDGE Malware Gator New Code Download
        2001185 || BLEEDING-EDGE P2P Soulseek traffic
        2001186 || BLEEDING-EDGE P2P Soulseek traffic
        2001187 || BLEEDING-EDGE P2P Soulseek Filesearch Results
        2001188 || BLEEDING-EDGE P2P Soulseek
        2001296 || BLEEDING-EDGE P2P eDonkey File Status
        2001297 || BLEEDING-EDGE P2P eDonkey File Status Request
        2001298 || BLEEDING-EDGE P2P eDonkey Server Status Request
        2001299 || BLEEDING-EDGE P2P eDonkey Server Status
        2001300 || BLEEDING-EDGE P2P eDonkey Hello Request
        2001305 || BLEEDING-EDGE P2P eDonkey Search
        2001306 || BLEEDING-EDGE Malware Gator/Clarian Agent
        2001345 || BLEEDING-EDGE MALWARE Bonziportal Traffic || url,www.bonzibuddy.com
        2001521 || BLEEDING-EDGE MALWARE Spywaremover Activity || www3.ca.com/securityadvisor/pest/pest.aspx?id=453087903
        2001546 || BLEEDING-EDGE WEB-MISC LINK Method
        2001635 || BLEEDING-EDGE DOS HTTP GET with newline appended
        2001636 || BLEEDING-EDGE DOS squ1rt Apache DoS
        2001664 || BLEEDING-EDGE P2P Gnutella Connect
        2001705 || BLEEDING-EDGE Malware Flingstone Spyware Install
        2001710 || BLEEDING-EDGE Malware Flingstone Spyware Install
        2001796 || BLEEDING-EDGE P2P kazaa over UDP
        2001812 || BLEEDING-EDGE KazaaClient P2P Traffic
        2001841 || BLEEDING-EDGE P2P UDP traffic -- Likely Limewire
        2002089 || BLEEDING-EDGE MALWARE CWS qck.cc Spyware Installer
        2002095 || BLEEDING-EDGE MALWARE CWS qck.cc Spyware Installer





More information about the Snort-sigs mailing list