[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Tue Mar 1 17:00:45 EST 2005


[***] Results from Oinkmaster started Tue Mar  1 20:00:04 2005 [***]

[+++]          Added rules:          [+++]

     -> Added to bleeding-virus.rules (1):
        alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE Virus Bagle.BE Download attempt"; pcre:"/(GET |GET (http|https)\:\/\/[-0-9a-z.]*)\/zo2\.jpg/i"; reference:url,secunia.com/virus_information/15815/bagle.be/; flow:established,to_server; classtype:trojan-activity; sid:2001752; rev:2;)

[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-attack_response.rules (1):
        #  Copyright (c) 2005, Bleedingsnort.com

     -> Added to bleeding-custom.rules (1):
        #  Copyright (c) 2005, Bleedingsnort.com

     -> Added to bleeding-dos.rules (1):
        #  Copyright (c) 2005, Bleedingsnort.com

     -> Added to bleeding-exploit.rules (1):
        #  Copyright (c) 2005, Bleedingsnort.com

     -> Added to bleeding-inappropriate.rules (1):
        #  Copyright (c) 2005, Bleedingsnort.com

     -> Added to bleeding-malware.rules (1):
        #  Copyright (c) 2005, Bleedingsnort.com

     -> Added to bleeding-p2p.rules (1):
        #  Copyright (c) 2005, Bleedingsnort.com

     -> Added to bleeding-policy.rules (1):
        #  Copyright (c) 2005, Bleedingsnort.com

     -> Added to bleeding-scan.rules (1):
        #  Copyright (c) 2005, Bleedingsnort.com

     -> Added to bleeding-sid-msg.map (1):
        2001752 || BLEEDING-EDGE Virus Bagle.BE Download attempt || url,secunia.com/virus_information/15815/bagle.be/

     -> Added to bleeding-virus.rules (2):
        #  Copyright (c) 2005, Bleedingsnort.com
        #Submitted by Mark Scott, 3/1/2005, for Bagle.BE downloader

     -> Added to bleeding-web.rules (1):
        #  Copyright (c) 2005, Bleedingsnort.com

     -> Added to bleeding.rules (1):
        #  Copyright (c) 2005, Bleedingsnort.com

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-attack_response.rules (1):
        #  Copyright (c) 2004, Bleedingsnort.com

     -> Removed from bleeding-custom.rules (1):
        #  Copyright (c) 2004, Bleedingsnort.com

     -> Removed from bleeding-dos.rules (1):
        #  Copyright (c) 2004, Bleedingsnort.com

     -> Removed from bleeding-exploit.rules (1):
        #  Copyright (c) 2004, Bleedingsnort.com

     -> Removed from bleeding-inappropriate.rules (1):
        #  Copyright (c) 2004, Bleedingsnort.com

     -> Removed from bleeding-malware.rules (1):
        #  Copyright (c) 2004, Bleedingsnort.com

     -> Removed from bleeding-p2p.rules (1):
        #  Copyright (c) 2004, Bleedingsnort.com

     -> Removed from bleeding-policy.rules (1):
        #  Copyright (c) 2004, Bleedingsnort.com

     -> Removed from bleeding-scan.rules (1):
        #  Copyright (c) 2004, Bleedingsnort.com

     -> Removed from bleeding-virus.rules (1):
        #  Copyright (c) 2004, Bleedingsnort.com

     -> Removed from bleeding-web.rules (1):
        #  Copyright (c) 2004, Bleedingsnort.com

     -> Removed from bleeding.rules (1):
        #  Copyright (c) 2004, Bleedingsnort.com

[*] Added files: [*]
    None.





More information about the Snort-sigs mailing list