[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Fri Aug 25 21:00:21 EDT 2006


[***] Results from Oinkmaster started Fri Aug 25 21:00:20 2006 [***]

[+++]          Added rules:          [+++]

 2003090 - BLEEDING-EDGE CURRENT TROJAN Unknown Bot C&C Traffic Outbound (bleeding.rules)
 2003091 - BLEEDING-EDGE CURRENT TROJAN Unknown Bot C&C Traffic Inbound (bleeding.rules)


[///]     Modified active rules:     [///]

 2400000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2401000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (12):
        2003090 || BLEEDING-EDGE CURRENT TROJAN Unknown Bot C&C Traffic Outbound
        2003091 || BLEEDING-EDGE CURRENT TROJAN Unknown Bot C&C Traffic Inbound
        2410000 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 1)  || url,www.shadowserver.org
        2410001 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 2)  || url,www.shadowserver.org
        2410002 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 3)  || url,www.shadowserver.org
        2410003 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 4)  || url,www.shadowserver.org
        2410004 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 5)  || url,www.shadowserver.org
        2411000 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE || url,www.shadowserver.org
        2411001 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE || url,www.shadowserver.org
        2411002 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE || url,www.shadowserver.org
        2411003 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE || url,www.shadowserver.org
        2411004 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE || url,www.shadowserver.org

     -> Added to bleeding.rules (2):
        #Matt Jonkman
        #A new bot. It appears to have an encrypted or obfucated c&c channel. More as we get it, watch ISC for a diary entry and more info

[+] Added files (consider updating your snort.conf to include them if needed): [+]

    -> bleeding-botcc-BLOCK.rules
    -> bleeding-botcc.rules





More information about the Snort-sigs mailing list