[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Tue Mar 15 17:01:27 EST 2005


[***] Results from Oinkmaster started Tue Mar 15 20:00:06 2005 [***]

[+++]          Added rules:          [+++]

 2001793 - BLEEDING-EDGE MALWARE Incredisearch.com Spyware Ping (bleeding-malware.rules)
 2001794 - BLEEDING-EDGE MALWARE Incredisearch.com Spyware Activity (bleeding-malware.rules)


[///]     Modified active rules:     [///]

 2001786 - BLEEDING-EDGE TROJAN potential update/download IRC Bot command (bleeding-virus.rules)
 2001787 - BLEEDING-EDGE TROJAN IRC Bot scan/exploit command (bleeding-virus.rules)
 2001788 - BLEEDING-EDGE TROJAN IRC Bot DDoS command (bleeding-virus.rules)
 2001789 - BLEEDING-EDGE TROJAN Suspicious IRC Bot response (bleeding-virus.rules)
 2001790 - BLEEDING-EDGE POLICY ICQ Login (bleeding-policy.rules)
 2001791 - BLEEDING-EDGE POLICY ICQ Status Change (bleeding-policy.rules)
 2001792 - BLEEDING-EDGE POLICY ICQ Message (bleeding-policy.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-malware.rules (1):
        # Matt Jonkman

     -> Added to bleeding-sid-msg.map (7):
        2001786 || BLEEDING-EDGE TROJAN potential update/download IRC Bot command || url,www.honeynet.org/papers/bots/ || url,cert.uni-stuttgart.de/doc/netsec/bots.php
        2001787 || BLEEDING-EDGE TROJAN IRC Bot scan/exploit command || url,www.honeynet.org/papers/bots/ || url,cert.uni-stuttgart.de/doc/netsec/bots.php
        2001788 || BLEEDING-EDGE TROJAN IRC Bot DDoS command || url,www.honeynet.org/papers/bots/ || url,cert.uni-stuttgart.de/doc/netsec/bots.php
        2001789 || BLEEDING-EDGE TROJAN Suspicious IRC Bot response || url,www.honeynet.org/papers/bots/ || url,cert.uni-stuttgart.de/doc/netsec/bots.php
        2001790 || BLEEDING-EDGE POLICY ICQ Login || url,www.icq.com/icqtour/firewall/netadmin.html
        2001793 || BLEEDING-EDGE MALWARE Incredisearch.com Spyware Ping
        2001794 || BLEEDING-EDGE MALWARE Incredisearch.com Spyware Activity

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (5):
        2001786 || BLEEDING-EDGE TROJAN potential update/download IRC Bot command || url,cert.uni-stuttgart.de/doc/netsec/bots.php
        2001787 || BLEEDING-EDGE TROJAN IRC Bot scan/exploit command || url,cert.uni-stuttgart.de/doc/netsec/bots.php
        2001788 || BLEEDING-EDGE TROJAN IRC Bot DDoS command || url,cert.uni-stuttgart.de/doc/netsec/bots.php
        2001789 || BLEEDING-EDGE TROJAN Suspicious IRC Bot response || url,cert.uni-stuttgart.de/doc/netsec/bots.php
        2001790 || BLEEDING-EDGE POLICY ICQ Login





More information about the Snort-sigs mailing list