[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Fri Jun 3 18:04:14 EDT 2005


[***] Results from Oinkmaster started Fri Jun  3 20:00:06 2005 [***]

[+++]          Added rules:          [+++]

 2001959 - BLEEDING-EDGE VIRUS Hotword Trojan in Transit (bleeding-virus.rules)
 2001960 - BLEEDING-EDGE VIRUS Hotword Trojan inbound via http (bleeding-virus.rules)
 2001961 - BLEEDING-EDGE VIRUS Hotword Trojan -- Possible File Upload CHJO (bleeding-virus.rules)
 2001962 - BLEEDING-EDGE VIRUS Hotword Trojan -- Possible File Upload CFXP (bleeding-virus.rules)
 2001963 - BLEEDING-EDGE VIRUS Hotword Trojan -- Possible FTP File Request pspv.exe (bleeding-virus.rules)
 2001964 - BLEEDING-EDGE VIRUS Hotword Trojan -- Possible FTP File Request .tea (bleeding-virus.rules)
 2001965 - BLEEDING-EDGE VIRUS Hotword Trojan -- Possible FTP File Status Upload ___ (bleeding-virus.rules)
 2001966 - BLEEDING-EDGE VIRUS Hotword Trojan -- Possible FTP File Status Check ___ (bleeding-virus.rules)
 2001967 - BLEEDING-EDGE VIRUS Fireby proxy trojan port report (bleeding-virus.rules)
 2001968 - BLEEDING-EDGE Covert Non-Standard Inbound SSH Port Usage (OpenSSH) (bleeding-policy.rules)
 2001969 - BLEEDING-EDGE Covert Non-Standard Inbound SSH Port Usage (SecureCRT) (bleeding-policy.rules)
 2001970 - BLEEDING-EDGE Covert Non-Standard Outbound SSH Port Usage (OpenSSH) (bleeding-policy.rules)
 2001971 - BLEEDING-EDGE Covert Non-Standard Outbound SSH Port Usage (SecureCRT) (bleeding-policy.rules)


[///]     Modified active rules:     [///]

 2001955 - BLEEDING-EDGE VIRUS Win32.Mytob.CU Worm Infection / DNS lookup (bleeding-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-policy.rules (1):
        # Alternatively, choose the ones without pcre below (by Frank Knobbe)

     -> Added to bleeding-sid-msg.map (13):
        2001959 || BLEEDING-EDGE VIRUS Hotword Trojan in Transit || url,securityresponse.symantec.com/avcenter/venc/data/trojan.rona.html || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2001960 || BLEEDING-EDGE VIRUS Hotword Trojan inbound via http || url,securityresponse.symantec.com/avcenter/venc/data/trojan.rona.html || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2001961 || BLEEDING-EDGE VIRUS Hotword Trojan -- Possible File Upload CHJO || url,securityresponse.symantec.com/avcenter/venc/data/trojan.rona.html || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2001962 || BLEEDING-EDGE VIRUS Hotword Trojan -- Possible File Upload CFXP || url,securityresponse.symantec.com/avcenter/venc/data/trojan.rona.html || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2001963 || BLEEDING-EDGE VIRUS Hotword Trojan -- Possible FTP File Request pspv.exe || url,securityresponse.symantec.com/avcenter/venc/data/trojan.rona.html || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2001964 || BLEEDING-EDGE VIRUS Hotword Trojan -- Possible FTP File Request .tea || url,securityresponse.symantec.com/avcenter/venc/data/trojan.rona.html || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2001965 || BLEEDING-EDGE VIRUS Hotword Trojan -- Possible FTP File Status Upload ___ || url,securityresponse.symantec.com/avcenter/venc/data/trojan.rona.html || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2001966 || BLEEDING-EDGE VIRUS Hotword Trojan -- Possible FTP File Status Check ___ || url,securityresponse.symantec.com/avcenter/venc/data/trojan.rona.html || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
        2001967 || BLEEDING-EDGE VIRUS Fireby proxy trojan port report
        2001968 || BLEEDING-EDGE Covert Non-Standard Inbound SSH Port Usage (OpenSSH)
        2001969 || BLEEDING-EDGE Covert Non-Standard Inbound SSH Port Usage (SecureCRT)
        2001970 || BLEEDING-EDGE Covert Non-Standard Outbound SSH Port Usage (OpenSSH)
        2001971 || BLEEDING-EDGE Covert Non-Standard Outbound SSH Port Usage (SecureCRT)

     -> Added to bleeding-virus.rules (2):
        #By Joe Stewart of Lurhq
        #Matt Jonkman





More information about the Snort-sigs mailing list