[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Mon Mar 21 17:00:45 EST 2005


[***] Results from Oinkmaster started Mon Mar 21 20:00:03 2005 [***]

[+++]          Added rules:          [+++]

 2001797 - BLEEDING-EDGE TROJAN IRC Bot - exploited.lsass.cc DNS look-up (bleeding-virus.rules)
 2001798 - BLEEDING-EDGE TROJAN IRC Bot - exploited.lsass.cc access (bleeding-virus.rules)
 2001799 - BLEEDING-EDGE Unknown Yahoo Messenger Worm DNS lookup (bleeding-virus.rules)
 2001800 - BLEEDING-EDGE Unknown Yahoo Messenger Worm URL access (bleeding-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-attack_response.rules (1):
        # $Id: bleeding-attack_response.rules $

     -> Added to bleeding-custom.rules (1):
        # $Id: bleeding-custom.rules $

     -> Added to bleeding-dos.rules (1):
        # $Id: bleeding-dos.rules $

     -> Added to bleeding-exploit.rules (1):
        # $Id: bleeding-exploit.rules $

     -> Added to bleeding-inappropriate.rules (1):
        # $Id: bleeding-inappropriate.rules $

     -> Added to bleeding-malware.rules (1):
        # $Id: bleeding-malware.rules $

     -> Added to bleeding-p2p.rules (1):
        # $Id: bleeding-p2p.rules $

     -> Added to bleeding-policy.rules (1):
        # $Id: bleeding-policy.rules $

     -> Added to bleeding-scan.rules (1):
        # $Id: bleeding-scan.rules $

     -> Added to bleeding-sid-msg.map (4):
        2001797 || BLEEDING-EDGE TROJAN IRC Bot - exploited.lsass.cc DNS look-up || url,isc.sans.org/diary.php?date=2005-03-20
        2001798 || BLEEDING-EDGE TROJAN IRC Bot - exploited.lsass.cc access || url,isc.sans.org/diary.php?date=2005-03-20
        2001799 || BLEEDING-EDGE Unknown Yahoo Messenger Worm DNS lookup || url,isc.sans.org/diary.php?date=2005-03-20
        2001800 || BLEEDING-EDGE Unknown Yahoo Messenger Worm URL access || url,isc.sans.org/diary.php?date=2005-03-20

     -> Added to bleeding-virus.rules (4):
        # $Id: bleeding-virus.rules $
        # Added by Frank Knobbe (hastily after reading an ISC diary)
        # This file should hold any unknown or yet to be named Worms
        # Added by Frank Knobbe (hastily after reading an ISC Diary)

     -> Added to bleeding-web.rules (1):
        # $Id: bleeding-web.rules $

     -> Added to bleeding.rules (1):
        # $Id: bleeding.rules $





More information about the Snort-sigs mailing list