[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Sat Mar 12 17:01:41 EST 2005


[***] Results from Oinkmaster started Sat Mar 12 20:00:06 2005 [***]

[+++]          Added rules:          [+++]

 2001785 - BLEEDING-EDGE EXPLOIT PHP (allow_url_fopen) File Injection Bug Feature (bleeding-exploit.rules)
 2001786 - BLEEDING-EDGE TROJAN potential update/download IRC Bot command (bleeding-virus.rules)
 2001787 - BLEEDING-EDGE TROJAN IRC Bot scan/exploit command (bleeding-virus.rules)
 2001788 - BLEEDING-EDGE TROJAN IRC Bot DDoS command (bleeding-virus.rules)
 2001789 - BLEEDING-EDGE TROJAN Suspicious IRC Bot response (bleeding-virus.rules)


[///]     Modified active rules:     [///]

 2000378 - BLEEDING-EDGE MS-SQL DOS attempt (08) (bleeding-exploit.rules)
 2000381 - BLEEDING-EDGE MS-SQL DOS bouncing packets (bleeding-exploit.rules)
 2001584 - BLEEDING-EDGE Virus Bot Reporting Scan/Exploit (bleeding-virus.rules)
 2001676 - BLEEDING-EDGE Virus Bot Reporting/Commencing DDoS (bleeding-virus.rules)
 2001728 - BLEEDING-EDGE Policy TOR1.0 nodes negotiation (bleeding-policy.rules)
 2001730 - BLEEDING-EDGE Malware A-d-w-a-r-e.com Activity (bleeding-malware.rules)
 2001731 - BLEEDING-EDGE Malware SurfSidekick Activity (bleeding-malware.rules)
 2001732 - BLEEDING-EDGE Malware Top Converting Agent Activity (bleeding-malware.rules)
 2001733 - BLEEDING-EDGE Malware CrazyWinnings.com Activity (bleeding-malware.rules)
 2001735 - BLEEDING-EDGE Malware A-d-w-a-r-e.com Activity (bleeding-malware.rules)
 2001739 - BLEEDING-EDGE Virus Dipnet infected host response (bleeding-virus.rules)
 2001740 - BLEEDING-EDGE Virus Dipnet infected host response (bleeding-virus.rules)
 2001745 - BLEEDING-EDGE Malware Enhance My Search Spyware Install (bleeding-malware.rules)
 2001746 - BLEEDING-EDGE Malware Enhance My Search Spyware Activity (bleeding-malware.rules)
 2001747 - BLEEDING-EDGE Malware My-Stats.com Spyware Checkin (bleeding-malware.rules)
 2001762 - BLEEDING-EDGE WEB phpbb Session Cookie (bleeding-web.rules)
 2001763 - BLEEDING-EDGE VIRUS - W32.Opaserv Worm Infection (bleeding-virus.rules)
 2001764 - BLEEDING-EDGE VIRUS - Bugbear at ...871... virus in SMTP (bleeding-virus.rules)
 2001765 - BLEEDING-EDGE VIRUS - BugBear at ...871... virus in Network share (bleeding-virus.rules)
 2001766 - BLEEDING-EDGE VIRUS - BugBear at ...871... Worm Copied to Startup Folder (bleeding-virus.rules)
 2001767 - BLEEDING-EDGE WEB ORACLE OLEDB asp error (bleeding-web.rules)
 2001768 - BLEEDING-EDGE WEB MS SQL Server OLEDB asp error (bleeding-web.rules)
 2001781 - BLEEDING-EDGE WEB ORACLE rwcgi60 information leak attempt (bleeding-web.rules)


[///]    Modified inactive rules:    [///]

 2001569 - BLEEDING-EDGE Behavioral Unusual Port 445 traffic, Potential Scan or Infection (bleeding-custom.rules)
 2001579 - BLEEDING-EDGE Behavioral Unusual Port 139 traffic, Potential Scan or Infection (bleeding-custom.rules)
 2001580 - BLEEDING-EDGE Behavioral Unusual Port 137 traffic, Potential Scan or Infection (bleeding-custom.rules)
 2001581 - BLEEDING-EDGE Behavioral Unusual Port 135 traffic, Potential Scan or Infection (bleeding-custom.rules)
 2001582 - BLEEDING-EDGE Behavioral Unusual Port 1434 traffic, Potential Scan or Infection (bleeding-custom.rules)
 2001583 - BLEEDING-EDGE Behavioral Unusual Port 1433 traffic, Potential Scan or Infection (bleeding-custom.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (5):
        2001785 || BLEEDING-EDGE EXPLOIT PHP (allow_url_fopen) File Injection Bug Feature || url,bugs.php.net/bug.php?id=30236
        2001786 || BLEEDING-EDGE TROJAN potential update/download IRC Bot command || url,cert.uni-stuttgart.de/doc/netsec/bots.php
        2001787 || BLEEDING-EDGE TROJAN IRC Bot scan/exploit command || url,cert.uni-stuttgart.de/doc/netsec/bots.php
        2001788 || BLEEDING-EDGE TROJAN IRC Bot DDoS command || url,cert.uni-stuttgart.de/doc/netsec/bots.php
        2001789 || BLEEDING-EDGE TROJAN Suspicious IRC Bot response || url,cert.uni-stuttgart.de/doc/netsec/bots.php

     -> Added to bleeding-virus.rules (1):
        #From Tomfi





More information about the Snort-sigs mailing list