[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Thu Jun 23 18:04:48 EDT 2005


[***] Results from Oinkmaster started Thu Jun 23 20:00:05 2005 [***]

[///]     Modified active rules:     [///]

 2000014 - BLEEDING-EDGE VIRUS Agobot/Phatbot Infection Successful (bleeding-virus.rules)
 2000040 - BLEEDING-EDGE Sasser FTP Traffic (bleeding-virus.rules)
 2000047 - BLEEDING-EDGE Sasser Transfer up.exe (bleeding-virus.rules)
 2000310 - BLEEDING-EDGE VIRUS Probable Zafi Virus Outbound via SMTP (bleeding-virus.rules)
 2000343 - BLEEDING-EDGE VIRUS Possible Evaman Worm Outbound (bleeding-virus.rules)
 2000345 - BLEEDING-EDGE ATTACK RESPONSE IRC - Nick change on non-std port (bleeding-attack_response.rules)
 2000346 - BLEEDING-EDGE ATTACK RESPONSE IRC - Name response on non-std port (bleeding-attack_response.rules)
 2000347 - BLEEDING-EDGE ATTACK RESPONSE IRC - Private message on non-std port (bleeding-attack_response.rules)
 2000348 - BLEEDING-EDGE ATTACK RESPONSE IRC - Channel JOIN on non-std port (bleeding-attack_response.rules)
 2000349 - BLEEDING-EDGE ATTACK RESPONSE IRC - DCC file transfer request on non-std port (bleeding-attack_response.rules)
 2000350 - BLEEDING-EDGE ATTACK RESPONSE IRC - DCC chat request on non-std port (bleeding-attack_response.rules)
 2000351 - BLEEDING-EDGE ATTACK RESPONSE IRC - channel join on non-std port (bleeding-attack_response.rules)
 2000352 - BLEEDING-EDGE ATTACK RESPONSE IRC - dns request on non-std port (bleeding-attack_response.rules)
 2000365 - BLEEDING-EDGE VIRUS Psyme Trojan Download (bleeding-virus.rules)
 2000494 - BLEEDING-EDGE VIRUS Possible Atak.mm Worm Outbound (bleeding-virus.rules)
 2000499 - BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access COM1 (bleeding-attack_response.rules)
 2000500 - BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access COM2 (bleeding-attack_response.rules)
 2000501 - BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access COM3 (bleeding-attack_response.rules)
 2000502 - BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access COM4 (bleeding-attack_response.rules)
 2000503 - BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access LPT1 (bleeding-attack_response.rules)
 2000504 - BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access LPT2 (bleeding-attack_response.rules)
 2000505 - BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access LPT3 (bleeding-attack_response.rules)
 2000506 - BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access LPT4 (bleeding-attack_response.rules)
 2000507 - BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access AUX (bleeding-attack_response.rules)
 2000508 - BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access NULL (bleeding-attack_response.rules)
 2000561 - BLEEDING-EDGE VIRUS Possible Bagle.AI Worm Outbound (bleeding-virus.rules)
 2000562 - BLEEDING-EDGE VIRUS OUTBOUND Suspicious Email Attachment (bleeding-virus.rules)
 2001012 - BLEEDING-EDGE Mailto domain search possible MyDoom.M,O (bleeding-virus.rules)
 2001045 - BLEEDING-EDGE MyDoom.P Query (bleeding-virus.rules)
 2001046 - BLEEDING-EDGE UPX compressed file download - possible worm (bleeding-virus.rules)
 2001047 - BLEEDING-EDGE UPX encrypted file download - possible worm (bleeding-virus.rules)
 2001056 - BLEEDING-EDGE W32/Sasser.worm.b [NAI]) (bleeding-virus.rules)
 2001057 - BLEEDING-EDGE W32/Sasser.worm.a [NAI]) (bleeding-virus.rules)
 2001064 - BLEEDING-EDGE VIRUS Bagle Variant Checking In (bleeding-virus.rules)
 2001065 - BLEEDING-EDGE VIRUS Possible Bagle.AQ Worm Outbound (bleeding-virus.rules)
 2001066 - BLEEDING-EDGE IE Ilookup Trojan (bleeding-virus.rules)
 2001184 - BLEEDING-EDGE RXBOT / RBOT Vulnerability Scan (bleeding-virus.rules)
 2001196 - BLEEDING-EDGE WORM MyDoom.S Outbound (bleeding-virus.rules)
 2001220 - BLEEDING-EDGE RXBOT / RBOT Exploit Report (bleeding-virus.rules)
 2001233 - BLEEDING-EDGE Possible CIA download/upload attempt (bleeding-virus.rules)
 2001234 - BLEEDING-EDGE Win32/Small.AR outbound activity (bleeding-virus.rules)
 2001236 - BLEEDING-EDGE Akak trojan protocol hello (bleeding-virus.rules)
 2001237 - BLEEDING-EDGE Akak trojan protocol response from infected host (bleeding-virus.rules)
 2001247 - BLEEDING-EDGE WORM General MSN Worm URL Attempt (bleeding-virus.rules)
 2001268 - BLEEDING-EDGE VIRUS SWEN.A Worm detected (bleeding-virus.rules)
 2001269 - BLEEDING-EDGE VIRUS Beagle User Agent Detected (bleeding-virus.rules)
 2001270 - BLEEDING-EDGE VIRUS Bagle Worm (bleeding-virus.rules)
 2001273 - BLEEDING-EDGE VIRUS Outbound W32.Novarg.A worm (bleeding-virus.rules)
 2001274 - BLEEDING-EDGE VIRUS MyDoom/MIMAIL.R Outbound 1 (bleeding-virus.rules)
 2001275 - BLEEDING-EDGE VIRUS MyDoom/MIMAIL.R Outbound 2 (bleeding-virus.rules)
 2001276 - BLEEDING-EDGE VIRUS MyDoom/MIMAIL.R Outbound 3 (bleeding-virus.rules)
 2001277 - BLEEDING-EDGE VIRUS MyDoom/MIMAIL.R Variant Outbound (bleeding-virus.rules)
 2001278 - BLEEDING-EDGE VIRUS W32.Novarg.A SCO DOS (bleeding-virus.rules)
 2001279 - BLEEDING-EDGE VIRUS MyDoom.F Worm (bleeding-virus.rules)
 2001280 - BLEEDING-EDGE VIRUS Netsky message.zip HEX port 139 (bleeding-virus.rules)
 2001281 - BLEEDING-EDGE VIRUS Netsky message.zip HEX port 445 (bleeding-virus.rules)
 2001282 - BLEEDING-EDGE VIRUS Netsky base64 port 1352 (bleeding-virus.rules)
 2001283 - BLEEDING-EDGE VIRUS Netsky base64 port 25 (bleeding-virus.rules)
 2001284 - BLEEDING-EDGE VIRUS Sober.F Outbound (bleeding-virus.rules)
 2001285 - BLEEDING-EDGE VIRUS Sober.F Outbound (bleeding-virus.rules)
 2001286 - BLEEDING-EDGE VIRUS Sasser/Korgo Worm (bleeding-virus.rules)
 2001287 - BLEEDING-EDGE VIRUS W32/Stdbot.worm.a (bleeding-virus.rules)
 2001288 - BLEEDING-EDGE VIRUS W32/Stdbot.worm.b (bleeding-virus.rules)
 2001290 - BLEEDING-EDGE VIRUS Possible Evaman Worm (bleeding-virus.rules)
 2001292 - BLEEDING-EDGE Virus Possible Bagle.AI Worm (bleeding-virus.rules)
 2001302 - BLEEDING-EDGE VIRUS Nachi/Phatbot Worm (bleeding-virus.rules)
 2001303 - BLEEDING-EDGE Webber/Berbew Trojan keystroke log upload (bleeding-virus.rules)
 2001337 - BLEEDING-EDGE Korgo.P offering executable (bleeding-virus.rules)
 2001338 - BLEEDING-EDGE Korgo.P binary upload (bleeding-virus.rules)
 2001390 - BLEEDING-EDGE VIRUS Possible Beagle.AV Worm Outbound (bleeding-virus.rules)
 2001406 - BLEEDING-EDGE Possible hidden zip extension .cpl (bleeding-policy.rules)
 2001407 - BLEEDING-EDGE Possible hidden zip extension .pif (bleeding-policy.rules)
 2001408 - BLEEDING-EDGE Possible hidden zip extension .scr (bleeding-policy.rules)
 2001428 - BLEEDING-EDGE WORM MyDoom.AH Victim Accessing Infected Page (bleeding-virus.rules)
 2001430 - BLEEDING-EDGE WORM Bofra Victim Accessing Reactor Page (bleeding-virus.rules)
 2001432 - BLEEDING-EDGE WORM Potential MyDoom.AH Email Outbound (bleeding-virus.rules)
 2001434 - BLEEDING-EDGE WORM Potential MyDoom.AH Email Outbound (bleeding-virus.rules)
 2001436 - BLEEDING-EDGE WORM Potential MyDoom.AH Email Outbound (bleeding-virus.rules)
 2001438 - BLEEDING-EDGE WORM Potential MyDoom.AI Email Outbound (bleeding-virus.rules)
 2001545 - BLEEDING-EDGE ATTACK RESPONSE Potential root shell connection detected! (bleeding-attack_response.rules)
 2001547 - BLEEDING-EDGE VIRUS Sobig.E-F Trojan Site Download Request (bleeding-virus.rules)
 2001548 - BLEEDING-EDGE Sasser FTP exploit attempt (bleeding-virus.rules)
 2001554 - BLEEDING-EDGE Worm Rbot.Gen Infection Attempt (bleeding-virus.rules)
 2001556 - BLEEDING-EDGE Virus W32/Bagle.z at ...871... Requesting 5.php (bleeding-virus.rules)
 2001566 - BLEEDING-EDGE Virus Netsky.P Worm detected (bleeding-virus.rules)
 2001567 - BLEEDING-EDGE Virus Bagel - outbound (bleeding-virus.rules)
 2001573 - BLEEDING-EDGE Virus Zafi Worm outgoing detected (bleeding-virus.rules)
 2001578 - BLEEDING-EDGE VIRUS Sober.I - outbound (bleeding-virus.rules)
 2001584 - BLEEDING-EDGE Virus Bot Reporting Scan/Exploit (bleeding-virus.rules)
 2001591 - BLEEDING-EDGE Virus NetSky.C Worm - outgoing detected (bleeding-virus.rules)
 2001592 - BLEEDING-EDGE Virus Zafi.d P2P Infection Attempt (bleeding-virus.rules)
 2001593 - BLEEDING-EDGE Virus Zafi.d P2P Infection Attempt (bleeding-virus.rules)
 2001594 - BLEEDING-EDGE Virus Zafi.d a.exe file upload (bleeding-virus.rules)
 2001599 - BLEEDING-EDGE Virus Zafi.D Worm [.zip] - outgoing detected (bleeding-virus.rules)
 2001601 - BLEEDING-EDGE Virus Zafi.D Worm [.cmd, .com, .pif or .bat] - outgoing detected (bleeding-virus.rules)
 2001603 - BLEEDING-EDGE Virus Netsky.Z Worm - outgoing detected (bleeding-virus.rules)
 2001607 - BLEEDING-EDGE Virus Possible santy.A Worm Defaced Page (bleeding-virus.rules)
 2001614 - BLEEDING-EDGE Virus PHPInclude.Worm Inbound Attack (bleeding-virus.rules)
 2001615 - BLEEDING-EDGE Virus PHPInclude.Worm Outbound Attack --LOCAL INFECTION-- (bleeding-virus.rules)
 2001616 - BLEEDING-EDGE ATTACK RESPONSE Zone-H.org defacement notification (bleeding-attack_response.rules)
 2001617 - BLEEDING-EDGE Virus Santy.B worm variants searching for targets (bleeding-virus.rules)
 2001618 - BLEEDING-EDGE Virus Santy.B worm variants searching for targets (bleeding-virus.rules)
 2001619 - BLEEDING-EDGE Virus Santy.B worm variants serarching for targets (yahoo) (bleeding-virus.rules)
 2001620 - BLEEDING-EDGE ATTACK RESPONSE Likely Botnet Activity (bleeding-attack_response.rules)
 2001628 - BLEEDING-EDGE ATTACK RESPONSE Outbound PHP Connection (bleeding-attack_response.rules)
 2001638 - BLEEDING-EDGE VIRUS W32/Bagle.dldr Trojan - download attempt (bleeding-virus.rules)
 2001672 - BLEEDING-EDGE Virus MyDoom.I worm - outbound (bleeding-virus.rules)
 2001676 - BLEEDING-EDGE Virus Bot Reporting/Commencing DDoS (bleeding-virus.rules)
 2001681 - BLEEDING-EDGE Virus VBSun.A Tsunami Scam Worm OUTBOUND (bleeding-virus.rules)
 2001688 - BLEEDING-EDGE MySQL bot DNS lookup (bleeding-virus.rules)
 2001689 - BLEEDING-EDGE Potential MySQL bot scanning for SQL server (bleeding-virus.rules)
 2001690 - BLEEDING-EDGE Potential MySQL bot connecting to IRC server (bleeding-virus.rules)
 2001691 - BLEEDING-EDGE Virus Bagle.BJ [alias .AY, .BC] worm [.com, exe extensions] - outbound (bleeding-virus.rules)
 2001693 - BLEEDING-EDGE VIRUS Bagle.BJ [alias .AY, .BC] worm [.cpl extension] - outbound (bleeding-virus.rules)
 2001695 - BLEEDING-EDGE Virus Bagle.BJ [alias .AY, .BC] - download attempt (bleeding-virus.rules)
 2001715 - BLEEDING-EDGE Virus Bropia.F Worm Propagation (bleeding-virus.rules)
 2001726 - BLEEDING-EDGE Virus Trojan-Spy.Win32.Bancos Download (bleeding-virus.rules)
 2001739 - BLEEDING-EDGE Virus Dipnet infected host response (bleeding-virus.rules)
 2001740 - BLEEDING-EDGE Virus Dipnet infected host response (bleeding-virus.rules)
 2001743 - BLEEDING-EDGE Trojan HackerDefender Root Kit Remote Connection Attempt Detected (bleeding-virus.rules)
 2001750 - BLEEDING-EDGE VIRUS Sober.K Worm - outgoing (bleeding-virus.rules)
 2001752 - BLEEDING-EDGE Virus Bagle.BE Download attempt (bleeding-virus.rules)
 2001757 - BLEEDING_EDGE VIRUS BagleDl-M SMTP Outbound (bleeding-virus.rules)
 2001759 - BLEEDING-EDGE Virus Beagle.BK - outbound (bleeding-virus.rules)
 2001763 - BLEEDING-EDGE VIRUS - W32.Opaserv Worm Infection (bleeding-virus.rules)
 2001764 - BLEEDING-EDGE VIRUS - Bugbear at ...871... virus in SMTP (bleeding-virus.rules)
 2001765 - BLEEDING-EDGE VIRUS - BugBear at ...871... virus in Network share (bleeding-virus.rules)
 2001766 - BLEEDING-EDGE VIRUS - BugBear at ...871... Worm Copied to Startup Folder (bleeding-virus.rules)
 2001799 - BLEEDING-EDGE Unknown Yahoo Messenger Worm DNS lookup (bleeding-virus.rules)
 2001800 - BLEEDING-EDGE Unknown Yahoo Messenger Worm URL access (bleeding-virus.rules)
 2001878 - BLEEDING-EDGE WORM General MSN Worm URL Outbound (bleeding-virus.rules)
 2001879 - BLEEDING-EDGE VIRUS Sober-style Ehlo - noalert (bleeding-virus.rules)
 2001880 - BLEEDING-EDGE VIRUS Sober-style Ehlo followed by SMTP AUTH - noalert (bleeding-virus.rules)
 2001881 - BLEEDING-EDGE VIRUS Possible Sober virus attachment Outbound (bleeding-virus.rules)
 2001899 - BLEEDING-EDGE Botnet HTTP Botnet reg (bleeding-virus.rules)
 2001900 - BLEEDING-EDGE BwB Botnet Checkin (bleeding-virus.rules)
 2001901 - BLEEDING-EDGE TROJAN Possible Bobax trojan infection (bleeding-virus.rules)
 2001902 - BLEEDING-EDGE WORM Sober.O Attachment Outbound (bleeding-virus.rules)
 2001905 - BLEEDING-EDGE VIRUS AIM Bot im.exe Activity (bleeding-virus.rules)
 2001910 - BLEEDING-EDGE VIRUS AIM Bot Outbound Control Channel Open and Login (bleeding-virus.rules)
 2001911 - BLEEDING-EDGE VIRUS Beaconing DREMN Trojan (bleeding-virus.rules)
 2001912 - BLEEDING-EDGE VIRUS Answering DREMN Trojan (bleeding-virus.rules)
 2001913 - BLEEDING-EDGE VIRUS Possible Sober.P Outbound (bleeding-virus.rules)
 2001919 - BLEEDING-EDGE VIRUS - Greeting card gif.exe email incoming SMTP (bleeding-virus.rules)
 2001920 - BLEEDING-EDGE VIRUS - Greeting card gif.exe email incoming POP3/IMAP (bleeding-virus.rules)
 2001921 - BLEEDING-EDGE VIRUS - Greeting card gif.exe email incoming HTTP (bleeding-virus.rules)
 2001922 - BLEEDING-EDGE VIRUS Mytob.ED email attachment 1 Outbound (bleeding-virus.rules)
 2001923 - BLEEDING-EDGE VIRUS Mytob.ED email attachment 2 Outbound (bleeding-virus.rules)
 2001924 - BLEEDING-EDGE VIRUS Mytob.ED email attachment 3 Outbound (bleeding-virus.rules)
 2001930 - BLEEDING-EDGE Virus Maslan.C - outbound (bleeding-virus.rules)
 2001933 - BLEEDING-EDGE VIRUS PWS Banker Trojan Sending Report of Infection (bleeding-virus.rules)
 2001952 - BLEEDING-EDGE VIRUS Bagle.BO or variant - OUTBOUND (bleeding-virus.rules)
 2001955 - BLEEDING-EDGE VIRUS Win32.Mytob.CU Worm Infection / DNS lookup (bleeding-virus.rules)
 2001956 - BLEEDING-EDGE VIRUS Win32.Mytob.CU Worm Infection (bleeding-virus.rules)
 2001959 - BLEEDING-EDGE VIRUS Hotword Trojan in Transit (bleeding-virus.rules)
 2001960 - BLEEDING-EDGE VIRUS Hotword Trojan inbound via http (bleeding-virus.rules)
 2001961 - BLEEDING-EDGE VIRUS Hotword Trojan -- Possible File Upload CHJO (bleeding-virus.rules)
 2001962 - BLEEDING-EDGE VIRUS Hotword Trojan -- Possible File Upload CFXP (bleeding-virus.rules)
 2001963 - BLEEDING-EDGE VIRUS Hotword Trojan -- Possible FTP File Request pspv.exe (bleeding-virus.rules)
 2001964 - BLEEDING-EDGE VIRUS Hotword Trojan -- Possible FTP File Request .tea (bleeding-virus.rules)
 2001965 - BLEEDING-EDGE VIRUS Hotword Trojan -- Possible FTP File Status Upload ___ (bleeding-virus.rules)
 2001966 - BLEEDING-EDGE VIRUS Hotword Trojan -- Possible FTP File Status Check ___ (bleeding-virus.rules)
 2001967 - BLEEDING-EDGE VIRUS Fireby proxy trojan port report (bleeding-virus.rules)
 2001979 - BLEEDING-EDGE POLICY SSH Server Banner Detected on Unusual Port (bleeding-policy.rules)
 2001980 - BLEEDING-EDGE POLICY SSH Client Banner Detected on Unusual Port (bleeding-policy.rules)
 2001981 - BLEEDING-EDGE POLICY SSHv2 Server KEX Detected on Unusual Port (bleeding-policy.rules)
 2001982 - BLEEDING-EDGE POLICY SSHv2 Client KEX Detected on Unusual Port (bleeding-policy.rules)
 2001983 - BLEEDING-EDGE POLICY SSHv2 Client New Keys Detected on Unusual Port (bleeding-policy.rules)
 2001984 - BLEEDING-EDGE POLICY SSH session in progress on Unusual Port (bleeding-policy.rules)
 2001985 - BLEEDING-EDGE VIRUS HTTP Challenge/Response Authentication (bleeding-virus.rules)
 2001986 - Mytob.DI - outbound (bleeding-virus.rules)
 2002023 - BLEEDING-EDGE TROJAN IRC USER command (bleeding-virus.rules)
 2002024 - BLEEDING-EDGE TROJAN IRC NICK command (bleeding-virus.rules)
 2002025 - BLEEDING-EDGE TROJAN IRC JOIN command (bleeding-virus.rules)
 2002026 - BLEEDING-EDGE TROJAN IRC PRIVMSG command (bleeding-virus.rules)
 2002027 - BLEEDING-EDGE TROJAN IRC PING command (bleeding-virus.rules)
 2002028 - BLEEDING-EDGE TROJAN IRC PONG response (bleeding-virus.rules)
 2002029 - BLEEDING-EDGE TROJAN BOT - channel topic scan/exploit command (bleeding-virus.rules)
 2002030 - BLEEDING-EDGE TROJAN BOT - potential scan/exploit command (bleeding-virus.rules)
 2002031 - BLEEDING-EDGE TROJAN BOT - potential update/download (bleeding-virus.rules)
 2002032 - BLEEDING-EDGE TROJAN BOT - potential DDoS command (bleeding-virus.rules)
 2002033 - BLEEDING-EDGE TROJAN BOT - potential response (bleeding-virus.rules)
 2002034 - BLEEDING-EDGE ATTACK RESPONSE Possible /etc/passwd via HTTP (bleeding-attack_response.rules)
 2002049 - Mytob.GC - outbound (bleeding-virus.rules)


[///]    Modified inactive rules:    [///]

 2001332 - BLEEDING-EDGE GDI Exploit - Worm 1 Successful Execution (bleeding-virus.rules)
 2001367 - BLEEDING-EDGE WORM RBOT inbound Bestfriends.scr (bleeding-virus.rules)
 2001370 - BLEEDING-EDGE IRC Trojan Reporting (Exploit) (bleeding-virus.rules)
 2001371 - BLEEDING-EDGE IRC Trojan Reporting (lsass) (bleeding-virus.rules)
 2001372 - BLEEDING-EDGE IRC Trojan Reporting (Scan) (bleeding-virus.rules)
 2001373 - BLEEDING-EDGE IRC Trojan Reporting (zombie) (bleeding-virus.rules)
 2001391 - BLEEDING-EDGE VIRUS Possible Beagle.AV Worm Inbound (bleeding-virus.rules)
 2001431 - BLEEDING-EDGE WORM Potential MyDoom.AH Email Inbound (bleeding-virus.rules)
 2001433 - BLEEDING-EDGE WORM Potential MyDoom.AH Email Inbound (bleeding-virus.rules)
 2001435 - BLEEDING-EDGE WORM Potential MyDoom.AH Email Inbound (bleeding-virus.rules)
 2001437 - BLEEDING-EDGE WORM Potential MyDoom.AI Email Inbound (bleeding-virus.rules)
 2001542 - BLEEDING-EDGE VIRUS Possible Sober.j - outbound (bleeding-virus.rules)
 2001565 - BLEEDING-EDGE Virus Netsky.P Worm - incoming (bleeding-virus.rules)
 2001568 - BLEEDING-EDGE Virus Bagel - incoming (bleeding-virus.rules)
 2001572 - BLEEDING-EDGE Virus Zafi Worm - incoming (bleeding-virus.rules)
 2001577 - BLEEDING-EDGE VIRUS Sober.I - incoming (bleeding-virus.rules)
 2001590 - BLEEDING-EDGE Virus NetSky.C Worm - incoming (bleeding-virus.rules)
 2001598 - BLEEDING-EDGE Virus Zafi.D Worm [.zip] - incoming detected (bleeding-virus.rules)
 2001600 - BLEEDING-EDGE Virus Zafi.D Worm [.cmd, .com, .pif or .bat] - incoming detected (bleeding-virus.rules)
 2001602 - BLEEDING-EDGE Virus Netsky.Z Worm - incoming detected (bleeding-virus.rules)
 2001673 - BLEEDING-EDGE Virus MyDoom.I worm - inbound (bleeding-virus.rules)
 2001680 - BLEEDING-EDGE Virus VBSun.A Tsunami Scam Worm INCOMING (bleeding-virus.rules)
 2001687 - BLEEDING-EDGE MySQL bot DNS lookup (bleeding-virus.rules)
 2001692 - BLEEDING-EDGE Virus Bagle.BJ [alias .AY, .BC] worm [.com, .exe extensions] - incoming (bleeding-virus.rules)
 2001694 - BLEEDING-EDGE Virus Bagle.BJ [alias .AY, .BC] worm [.cpl extension] - incoming (bleeding-virus.rules)
 2001717 - BLEEDING-EDGE ATTACK RESPONSE Successful user connection AFTER Brute Force Attack (bleeding-attack_response.rules)
 2001749 - BLEEDING-EDGE VIRUS Sober.K Worm - incoming (bleeding-virus.rules)
 2001758 - BLEEDING-EDGE VIRUS BagleDl-M SMTP Inbound (bleeding-virus.rules)
 2001760 - BLEEDING-EDGE Virus Beagle.BK - incoming (bleeding-virus.rules)
 2001786 - BLEEDING-EDGE TROJAN potential update/download IRC Bot command (bleeding-virus.rules)
 2001787 - BLEEDING-EDGE TROJAN IRC Bot scan/exploit command (bleeding-virus.rules)
 2001788 - BLEEDING-EDGE TROJAN IRC Bot DDoS command (bleeding-virus.rules)
 2001789 - BLEEDING-EDGE TROJAN Suspicious IRC Bot response (bleeding-virus.rules)
 2001903 - BLEEDING-EDGE WORM Sober.O Attachment Inbound (bleeding-virus.rules)
 2001914 - BLEEDING-EDGE VIRUS Possible Sober.P Inbound (bleeding-virus.rules)
 2001925 - BLEEDING-EDGE VIRUS Mytob.ED email attachment 1 Inbound (bleeding-virus.rules)
 2001926 - BLEEDING-EDGE VIRUS Mytob.ED email attachment 2 Inbound (bleeding-virus.rules)
 2001927 - BLEEDING-EDGE VIRUS Mytob.ED email attachment 3 Inbound (bleeding-virus.rules)
 2001931 - BLEEDING-EDGE Virus Maslan.C - inbound (bleeding-virus.rules)
 2001953 - BLEEDING-EDGE VIRUS Bagle.BO or variant - INBOUND (bleeding-virus.rules)
 2001973 - BLEEDING-EDGE POLICY SSH Server Banner Detected on Expected Port (bleeding-policy.rules)
 2001974 - BLEEDING-EDGE POLICY SSH Client Banner Detected on Expected Port (bleeding-policy.rules)
 2001975 - BLEEDING-EDGE POLICY SSHv2 Server KEX Detected on Expected Port (bleeding-policy.rules)
 2001976 - BLEEDING-EDGE POLICY SSHv2 Client KEX Detected on Expected Port (bleeding-policy.rules)
 2001977 - BLEEDING-EDGE POLICY SSHv2 Client New Keys detected on Expected Port (bleeding-policy.rules)
 2001978 - BLEEDING-EDGE POLICY SSH session in progress on Expected Port (bleeding-policy.rules)
 2001987 - Mytob.DI - incoming (bleeding-virus.rules)
 2002050 - Mytob.GC - incoming (bleeding-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (4):
        2001598 || BLEEDING-EDGE Virus Zafi.D Worm [.zip] - incoming detected || url,secunia.com/virus_information/13874/
        2001599 || BLEEDING-EDGE Virus Zafi.D Worm [.zip] - outgoing detected || url,secunia.com/virus_information/13874/
        2001600 || BLEEDING-EDGE Virus Zafi.D Worm [.cmd, .com, .pif or .bat] - incoming detected || url,secunia.com/virus_information/13874/
        2001601 || BLEEDING-EDGE Virus Zafi.D Worm [.cmd, .com, .pif or .bat] - outgoing detected || url,secunia.com/virus_information/13874/

     -> Added to bleeding-virus.rules (51):
        # BugBear
        # Agobot/Phatbot
        # Sober
        # Sobig
        # Spy.Win32.Bancos Trojan
        # Webber/Berbew
        # Zafi Virus
        # Akak Trojan
        # Bofra Worm
        # Dipnet
        # Hacker Defender Root Kit
        # IE Ilookup Trojan
        # IRC Trojan Reporting
        ### Client login process. flowbits needs an OR.
        ### Client needs to tell the server who they are, join
        ### join a group, and someone needs to say something to
        ### someone else.
        ### Alternate path to is_proto_irc, Catch PING/PONG.
        # Bot potty
        # Psyme Trojan
        # Atak Worm
        # Bagle variants
        #Submitted by Mark Scott for generic Bagle (this seems to trip on most Bagles)
        # Bropia Worm
        # CIA
        # Evaman Worm
        # GDI Exploit
        # Korgo Worm
        # Maslan
        # MyDoom variants
        # MySQL Worm
        # Mytob
        # Mytob.DI
        # Mytob.GC
        # Nachi/Phatbot Worm
        # Netsky Worm
        # Novarg Worm
        # OpaServ Worm
        # PHPInclude Worm
        # Rbot trojan
        # Santy Worm
        #Submitted Erik Fichtner for Santy.B
        # Sasser Worm
        # Small Trojan
        # Stdbot
        # Suspicious Extensions
        # ade, adp, asd, asf, asx, bat, bas, chm, cli, cmd, com, crt, cpl, cpp, diz, dll, ebs, emf, eml, exe, fol, folder, hlp, hsq, hta, ini, inf, ins,
        # isp, js, jse, lnk, mda, mdb, mde, mdw, mdz, mht, mhtm, msi, msc, msg, msp, mst, nws, ocx, pcd, pif, pl, pls, plc,plx, pm, pot, rar,
        # reg, scr, sct, shs, swf, sys, url, vb, vbe, vbs, vxd, wmd, wmf, wms, wmz, wpm, wps, wpz, wsc, wsf, wsh, xlt, xlw, zip
        # Swen Worm
        # VBSun Worm

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (4):
        2001598 || BLEEDING-EDGE Virus Zafi.D Worm [.zip] - incoming detected  || url,secunia.com/virus_information/13874/
        2001599 || BLEEDING-EDGE Virus Zafi.D Worm [.zip] - outgoing detected  || url,secunia.com/virus_information/13874/
        2001600 || BLEEDING-EDGE Virus Zafi.D Worm [.cmd, .com, .pif or .bat] - incoming detected  || url,secunia.com/virus_information/13874/
        2001601 || BLEEDING-EDGE Virus Zafi.D Worm [.cmd, .com, .pif or .bat] - outgoing detected  || url,secunia.com/virus_information/13874/

     -> Removed from bleeding-virus.rules (51):
        #	BugBear
        #	Agobot/Phatbot
        #	Sober
        #	Sobig
        #	Spy.Win32.Bancos Trojan
        #	Webber/Berbew
        #	Zafi Virus
        #	Akak Trojan
        #	Bofra Worm
        #	Dipnet
        #	Hacker Defender Root Kit
        #	IE Ilookup Trojan
        #	IRC Trojan Reporting
        ###  Client login process.  flowbits needs an OR.
        ###  Client needs to tell the server who they are, join
        ###  join a group, and someone needs to say something to
        ###  someone else.
        ###  Alternate path to is_proto_irc, Catch PING/PONG.
        #  Bot potty
        #	Psyme Trojan
        #	Atak Worm
        #	Bagle variants
        #Submitted by Mark Scott for  generic Bagle (this seems to trip on most Bagles)
        #	Bropia Worm
        #	CIA
        #	Evaman Worm
        #	GDI Exploit
        #	Korgo Worm
        #       Maslan
        #	MyDoom variants
        #	MySQL Worm
        #	Mytob
        #	Mytob.DI
        #	Mytob.GC
        #	Nachi/Phatbot Worm
        #	Netsky Worm
        #	Novarg Worm
        #	OpaServ Worm
        #	PHPInclude Worm
        #	Rbot trojan
        #	Santy Worm
        #Submitted  Erik Fichtner for Santy.B
        #	Sasser Worm
        #	Small Trojan
        #	Stdbot
        #	Suspicious Extensions
        #   ade, adp, asd, asf, asx, bat, bas, chm, cli, cmd, com, crt, cpl, cpp, diz, dll, ebs, emf, eml, exe, fol, folder, hlp, hsq, hta, ini, inf, ins,
        #   isp, js, jse, lnk, mda, mdb, mde, mdw, mdz, mht, mhtm, msi, msc, msg, msp, mst, nws, ocx, pcd, pif, pl, pls, plc,plx, pm, pot, rar,
        #   reg, scr, sct, shs, swf, sys, url, vb, vbe, vbs, vxd, wmd, wmf, wms, wmz, wpm, wps, wpz, wsc, wsf, wsh, xlt, xlw, zip
        #	Swen Worm
        #	VBSun Worm





More information about the Snort-sigs mailing list