[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Thu Mar 17 17:03:10 EST 2005


[***] Results from Oinkmaster started Thu Mar 17 20:00:05 2005 [***]

[+++]          Added rules:          [+++]

 2001795 - BLEEDING-EDGE DOS Excessive SMTP MAIL-FROM DDoS (bleeding-dos.rules)


[///]     Modified active rules:     [///]

 2000496 - BLEEDING-EDGE DOS Microsoft SMS dos attempt (bleeding-dos.rules)
 2000587 - BLEEDING-EDGE Malware SpywareLabs VirtualBouncer Seeking Instructions (bleeding-malware.rules)
 2000588 - BLEEDING-EDGE Malware TopMoxie Reporting Data to External Host (bleeding-malware.rules)
 2000596 - BLEEDING-EDGE Malware Gator/Claria Data Submission (bleeding-malware.rules)
 2001021 - BLEEDING-EDGE Suspicious Encrypted Webpage Content (bleeding-web.rules)
 2001049 - BLEEDING-EDGE Buffer Overflow Exploit in Adobe Acrobat Reader (bleeding-exploit.rules)
 2001060 - BLEEDING-EDGE P2P Ares GET (bleeding-p2p.rules)
 2001076 - BLEEDING-EDGE WEB-MISC cross site scripting attempt TYPE + JAVASCRIPT (bleeding-web.rules)
 2001077 - BLEEDING-EDGE WEB-MISC cross site scripting attempt STYLE + JAVASCRIPT (bleeding-web.rules)
 2001078 - BLEEDING-EDGE WEB-MISC cross site scripting attempt STYLE + JSCRIPT (bleeding-web.rules)
 2001079 - BLEEDING-EDGE WEB-MISC cross site scripting attempt STYLE + VBSCRIPT (bleeding-web.rules)
 2001080 - BLEEDING-EDGE WEB-MISC cross site scripting attempt STYLE + VBSCRIPT (bleeding-web.rules)
 2001081 - BLEEDING-EDGE WEB-MISC cross site scripting attempt STYLE + ECMACRIPT (bleeding-web.rules)
 2001082 - BLEEDING-EDGE WEB-MISC cross site scripting attempt STYLE + EXPRESSION (bleeding-web.rules)
 2001083 - BLEEDING-EDGE WEB-MISC cross site scripting attempt STYLE + EXPRESSION (bleeding-web.rules)
 2001085 - BLEEDING-EDGE WEB-MISC cross site scripting attempt executing hidden Javascript (bleeding-web.rules)
 2001086 - BLEEDING-EDGE WEB-MISC cross site scripting attempt executing hidden Javascript (bleeding-web.rules)
 2001087 - BLEEDING-EDGE WEB-MISC cross site scripting attempt to execute Javascript code (bleeding-web.rules)
 2001088 - BLEEDING-EDGE WEB-MISC cross site scripting attempt to execute VBScript code (bleeding-web.rules)
 2001089 - BLEEDING-EDGE WEB-MISC cross site scripting attempt to access SHELL\: (bleeding-web.rules)
 2001094 - BLEEDING-EDGE Internet Explorer URL parsing vulnerability (bleeding-exploit.rules)
 2001099 - BLEEDING-EDGE Attempt to execute VBScript code (bleeding-exploit.rules)
 2001105 - BLEEDING-EDGE Javascript execution with expression eval (bleeding-exploit.rules)
 2001106 - BLEEDING-EDGE Javascript execution with expression eval hex (bleeding-exploit.rules)
 2001205 - BLEEDING-EDGE Internet Explorer Memory Corruption Bug (bleeding-dos.rules)
 2001206 - BLEEDING-EDGE Mozilla Firefox Certificate Spoofing (bleeding-exploit.rules)
 2001207 - BLEEDING-EDGE Mozilla Cookie theft (bleeding-exploit.rules)
 2001215 - BLEEDING-EDGE FTP Serv-U Server Long Filename Stack Overflow Vulnerability (bleeding-exploit.rules)
 2001370 - BLEEDING-EDGE IRC Trojan Reporting (Exploit) (bleeding-virus.rules)
 2001371 - BLEEDING-EDGE IRC Trojan Reporting (lsass) (bleeding-virus.rules)
 2001372 - BLEEDING-EDGE IRC Trojan Reporting (Scan) (bleeding-virus.rules)
 2001373 - BLEEDING-EDGE IRC Trojan Reporting (zombie) (bleeding-virus.rules)
 2001437 - BLEEDING-EDGE WORM Potential MyDoom.AI Email Inbound (bleeding-virus.rules)
 2001438 - BLEEDING-EDGE WORM Potential MyDoom.AI Email Outbound (bleeding-virus.rules)
 2001528 - BLEEDING-EDGE Malware ak-networks.com Access, Likely Spyware (bleeding-malware.rules)
 2001529 - BLEEDING-EDGE Malware Casalemedia Access, Likely Spyware (bleeding-malware.rules)
 2001530 - BLEEDING-EDGE Malware ak-networks.com Spyware Code Download (bleeding-malware.rules)
 2001531 - BLEEDING-EDGE Malware C4tdoanload.com Access, Likely Spyware (bleeding-malware.rules)
 2001532 - BLEEDING-EDGE Malware Searchmiracle.com Access, Likely Spyware (bleeding-malware.rules)
 2001537 - BLEEDING-EDGE Malware Spyspotter.com Access, Likely Spyware (bleeding-malware.rules)
 2001539 - BLEEDING-EDGE Malware Spyspotter.com Access, Likely Spyware (bleeding-malware.rules)
 2001541 - BLEEDING-EDGE Malware Xpire.info Install Report (bleeding-malware.rules)
 2001556 - BLEEDING-EDGE Virus W32/Bagle.z at ...871... Requesting 5.php (bleeding-virus.rules)
 2001616 - BLEEDING-EDGE Attack Response Zone-H.org defacement notification (bleeding-attack_response.rules)
 2001633 - BLEEDING-EDGE Exploit Probable MSIE XPSP2 Remote Compromise (bleeding-exploit.rules)
 2001638 - BLEEDING-EDGE VIRUS W32/Bagle.dldr Trojan - download attempt (bleeding-virus.rules)
 2001695 - BLEEDING-EDGE Virus Bagle.BJ [alias .AY, .BC] - download attempt (bleeding-virus.rules)
 2001737 - BLEEDING-EDGE Malware ak-networks.com Spyware Code Install (bleeding-malware.rules)
 2001752 - BLEEDING-EDGE Virus Bagle.BE Download attempt (bleeding-virus.rules)
 2001784 - BLEEDING-EDGE EXPLOIT AWStats (awstats_shell) Remote Code Execution (bleeding-exploit.rules)
 2001785 - BLEEDING-EDGE EXPLOIT PHP (allow_url_fopen) File Injection Bug Feature (bleeding-exploit.rules)
 2001787 - BLEEDING-EDGE TROJAN IRC Bot scan/exploit command (bleeding-virus.rules)
 2001788 - BLEEDING-EDGE TROJAN IRC Bot DDoS command (bleeding-virus.rules)
 2001789 - BLEEDING-EDGE TROJAN Suspicious IRC Bot response (bleeding-virus.rules)
 2001793 - BLEEDING-EDGE MALWARE Incredisearch.com Spyware Ping (bleeding-malware.rules)
 2001794 - BLEEDING-EDGE MALWARE Incredisearch.com Spyware Activity (bleeding-malware.rules)


[///]    Modified inactive rules:    [///]

 2001061 - BLEEDING-EDGE VIRUS Bagle Variant Requesting 2.jpg (bleeding-virus.rules)
 2001098 - BLEEDING-EDGE Attempt to execute Javascript code (bleeding-custom.rules)
 2001100 - BLEEDING-EDGE Attempt to access SHELL\: (bleeding-custom.rules)
 2001180 - BLEEDING-EDGE Internet Explorer Object Type Property Overflow (bleeding-custom.rules)
 2001208 - BLEEDING-EDGE Reading Local Files in Netscape 6 and Mozilla (bleeding-exploit.rules)
 2001527 - BLEEDING-EDGE Malware Casalemedia Access, Likely Spyware (bleeding-malware.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-dos.rules (1):
        #Erik Fichtner

     -> Added to bleeding-sid-msg.map (1):
        2001795 || BLEEDING-EDGE DOS Excessive SMTP MAIL-FROM DDoS





More information about the Snort-sigs mailing list