[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Wed Jun 1 18:23:06 EDT 2005


[***] Results from Oinkmaster started Wed Jun  1 20:00:04 2005 [***]

[///]     Modified active rules:     [///]

 2001269 - BLEEDING-EDGE VIRUS Beagle User Agent Detected (bleeding-virus.rules)
 2001370 - BLEEDING-EDGE IRC Trojan Reporting (Exploit) (bleeding-virus.rules)
 2001371 - BLEEDING-EDGE IRC Trojan Reporting (lsass) (bleeding-virus.rules)
 2001372 - BLEEDING-EDGE IRC Trojan Reporting (Scan) (bleeding-virus.rules)
 2001373 - BLEEDING-EDGE IRC Trojan Reporting (zombie) (bleeding-virus.rules)
 2001556 - BLEEDING-EDGE Virus W32/Bagle.z at ...871... Requesting 5.php (bleeding-virus.rules)
 2001638 - BLEEDING-EDGE VIRUS W32/Bagle.dldr Trojan - download attempt (bleeding-virus.rules)


[---]         Removed rules:         [---]

 2001291 - BLEEDING-EDGE VIRUS Possible Atak.mm Worm (bleeding-virus.rules)
 2001629 - BLEEDING-EDGE Virus Rbot DNS Lookup - giuse.ns0.it (bleeding-virus.rules)
 2001630 - BLEEDING-EDGE Virus Rbot IRC OUTGOING activity - Trying to join IRC (bleeding-virus.rules)
 2001631 - BLEEDING-EDGE Virus Rbot IRC INCOMING activity - Trying to join IRC (bleeding-virus.rules)
 2001632 - BLEEDING-EDGE Virus Rbot IRC activity - ReDirectMe hosts (bleeding-virus.rules)
 2001797 - BLEEDING-EDGE TROJAN IRC Bot - exploited.lsass.cc DNS look-up (bleeding-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (1):
        2001269 || BLEEDING-EDGE VIRUS Beagle User Agent Detected

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (7):
        2001269 || BLEEDING-EDGE VIRUS Bagle Worm
        2001291 || BLEEDING-EDGE VIRUS Possible Atak.mm Worm || url,securityresponse.symantec.com/avcenter/venc/data/w32.atak at ...1512...
        2001629 || BLEEDING-EDGE Virus Rbot DNS Lookup - giuse.ns0.it || url,secunia.com/virus_information/11709/
        2001630 || BLEEDING-EDGE Virus Rbot IRC OUTGOING activity - Trying to join IRC || url,secunia.com/virus_information/11709/
        2001631 || BLEEDING-EDGE Virus Rbot IRC INCOMING activity - Trying to join IRC || url,secunia.com/virus_information/11709/
        2001632 || BLEEDING-EDGE Virus Rbot IRC activity - ReDirectMe hosts || url,secunia.com/virus_information/11709/
        2001797 || BLEEDING-EDGE TROJAN IRC Bot - exploited.lsass.cc DNS look-up || url,isc.sans.org/diary.php?date=2005-03-20

     -> Removed from bleeding-virus.rules (2):
        # Added by Frank Knobbe (hastily after reading an ISC diary)
        #Submitted by Mark Scott, 12/27/2004, for robot





More information about the Snort-sigs mailing list