[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Mon Jun 20 18:01:13 EDT 2005


[***] Results from Oinkmaster started Mon Jun 20 20:00:04 2005 [***]

[+++]          Added rules:          [+++]

 2002048 - BLEEDING-EDGE MALWARE 180solutions Spyware Defs Download (bleeding-malware.rules)


[///]     Modified active rules:     [///]

 2001034 - BLEEDING-EDGE Malware Fun Web Products Agent Traffic (bleeding-malware.rules)
 2001043 - BLEEDING-EDGE Malware Fun Web Products MyWay Agent Traffic (bleeding-malware.rules)
 2001566 - BLEEDING-EDGE Virus Netsky.P Worm detected  (bleeding-virus.rules)
 2001573 - BLEEDING-EDGE Virus Zafi Worm outgoing detected  (bleeding-virus.rules)
 2001578 - BLEEDING-EDGE VIRUS Sober.I - outbound (bleeding-virus.rules)
 2001591 - BLEEDING-EDGE Virus NetSky.C Worm - outgoing detected (bleeding-virus.rules)
 2001599 - BLEEDING-EDGE Virus Zafi.D Worm [.zip] - outgoing detected  (bleeding-virus.rules)
 2001601 - BLEEDING-EDGE Virus Zafi.D Worm [.cmd, .com, .pif or .bat] - outgoing detected  (bleeding-virus.rules)
 2001603 - BLEEDING-EDGE Virus Netsky.Z Worm - outgoing detected (bleeding-virus.rules)
 2001695 - BLEEDING-EDGE Virus Bagle.BJ [alias .AY, .BC] - download attempt (bleeding-virus.rules)
 2001752 - BLEEDING-EDGE Virus Bagle.BE Download attempt (bleeding-virus.rules)
 2001814 - BLEEDING-EDGE Spambot Proxy Control Channel (bleeding-malware.rules)
 2001956 - BLEEDING-EDGE VIRUS Win32.Mytob.CU Worm Infection (bleeding-virus.rules)
 2002007 - BLEEDING-EDGE Malware Wildmedia Spyware User Agent Activity (bleeding-malware.rules)
 2002023 - BLEEDING-EDGE TROJAN IRC USER command (bleeding-virus.rules)
 2002024 - BLEEDING-EDGE TROJAN IRC NICK command (bleeding-virus.rules)
 2002025 - BLEEDING-EDGE TROJAN IRC JOIN command (bleeding-virus.rules)


[---]         Removed rules:         [---]

 2001011 - BLEEDING-EDGE Worm Zincite Probing port 1034 (bleeding-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (1):
        2002048 || BLEEDING-EDGE MALWARE 180solutions Spyware Defs Download || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (1):
        2001011 || BLEEDING-EDGE Worm Zincite Probing port 1034 || url,securityresponse.symantec.com/avcenter/venc/data/w32.zindos.a.html

     -> Removed from bleeding-virus.rules (2):
        #	Zincite worm
        #Too many falses, needs improvement





More information about the Snort-sigs mailing list