[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Fri Feb 17 17:01:02 EST 2006


[***] Results from Oinkmaster started Fri Feb 17 20:00:13 2006 [***]

[+++]          Added rules:          [+++]

 2002807 - BLEEDING-EDGE MALWARE Spyaxe Spyware User Agent (bleeding-malware.rules)
 2002808 - BLEEDING-EDGE MALWARE Spyaxe Spyware User Agent 2 (bleeding-malware.rules)
 2002809 - BLEEDING-EDGE ATTACK RESPONSE Hostile FTP Server Banner (StnyFtpd) (bleeding-attack_response.rules)
 2002810 - BLEEDING-EDGE ATTACK RESPONSE Hostile FTP Server Banner (Reptile) (bleeding-attack_response.rules)
 2002811 - BLEEDING-EDGE ATTACK RESPONSE Hostile FTP Server Banner (Bot Server) (bleeding-attack_response.rules)
 2002812 - BLEEDING-EDGE TROJAN PWS-LDPinch Reporting User Activity (bleeding-virus.rules)


[///]     Modified active rules:     [///]

 2001549 - BLEEDING-EDGE EXPLOIT Possible Sun Java Plugin arbitrary package access exploit (1) (bleeding-exploit.rules)
 2001550 - BLEEDING-EDGE EXPLOIT Possible Sun Java Plugin arbitrary package access exploit (2) (bleeding-exploit.rules)
 2001551 - BLEEDING-EDGE EXPLOIT Possible Sun Java Plugin arbitrary package access exploit (3) (bleeding-exploit.rules)
 2001552 - BLEEDING-EDGE EXPLOIT Possible Sun Java Plugin arbitrary package access exploit (4) (bleeding-exploit.rules)
 2002750 - BLEEDING-EDGE POLICY Reserved IP Space Traffic - Bogon Nets 2 (bleeding-policy.rules)
 2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source (bleeding-dshield.rules)
 2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING (bleeding-dshield-BLOCK.rules)


[---]         Removed rules:         [---]

2002002807 - BLEEDING-EDGE MALWARE Spyaxe Spyware User Agent (bleeding-malware.rules)
2002002808 - BLEEDING-EDGE MALWARE Spyaxe Spyware User Agent 2 (bleeding-malware.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-attack_response.rules (1):
        #Matt Jonkman, information from Stephen Gill at Cymru

     -> Added to bleeding-sid-msg.map (10):
        2001549 || BLEEDING-EDGE EXPLOIT Possible Sun Java Plugin arbitrary package access exploit (1) || cve,CAN-2004-1029 || url,www.kb.cert.org/vuls/id/760344 || url,secunia.com/advisories/13271/ || url,archives.neohapsis.com/archives/bugtraq/2004-11/0299.html || url,www.idefense.com/application/poi/display?id=158 || url,sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1 || url,jouko.iki.fi/adv/javaplugin.html
        2001550 || BLEEDING-EDGE EXPLOIT Possible Sun Java Plugin arbitrary package access exploit (2) || cve,CAN-2004-1029 || url,www.kb.cert.org/vuls/id/760344 || url,secunia.com/advisories/13271/ || url,archives.neohapsis.com/archives/bugtraq/2004-11/0299.html || url,www.idefense.com/application/poi/display?id=158 || url,sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1 || url,jouko.iki.fi/adv/javaplugin.html
        2001551 || BLEEDING-EDGE EXPLOIT Possible Sun Java Plugin arbitrary package access exploit (3) || cve,CAN-2004-1029 || url,www.kb.cert.org/vuls/id/760344 || url,secunia.com/advisories/13271/ || url,archives.neohapsis.com/archives/bugtraq/2004-11/0299.html || url,www.idefense.com/application/poi/display?id=158 || url,sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1 || url,jouko.iki.fi/adv/javaplugin.html
        2001552 || BLEEDING-EDGE EXPLOIT Possible Sun Java Plugin arbitrary package access exploit (4) || cve,CAN-2004-1029 || url,www.kb.cert.org/vuls/id/760344 || url,secunia.com/advisories/13271/ || url,archives.neohapsis.com/archives/bugtraq/2004-11/0299.html || url,www.idefense.com/application/poi/display?id=158 || url,sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1 || url,jouko.iki.fi/adv/javaplugin.html
        2002807 || BLEEDING-EDGE MALWARE Spyaxe Spyware User Agent
        2002808 || BLEEDING-EDGE MALWARE Spyaxe Spyware User Agent 2
        2002809 || BLEEDING-EDGE ATTACK RESPONSE Hostile FTP Server Banner (StnyFtpd)
        2002810 || BLEEDING-EDGE ATTACK RESPONSE Hostile FTP Server Banner (Reptile)
        2002811 || BLEEDING-EDGE ATTACK RESPONSE Hostile FTP Server Banner (Bot Server)
        2002812 || BLEEDING-EDGE TROJAN PWS-LDPinch Reporting User Activity

     -> Added to bleeding-virus.rules (1):
        #by Tom Fischer

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (6):
        2001549 || BLEEDING-EDGE EXPLOIT Possible Sun Java Plugin arbitrary package access exploit (1) || cve,CAN-2004-1029 || url,www.kb.cert.org/vuls/id/760344 || url,secunia.com/advisories/13271/ || url,archives.neohapsis.com/archives/bugtraq/2004-11/0299.html || url,www.idefense.com/application/poi/display?id=158&type=vulnerabilities&flashstatus=true || url,sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1 || url,jouko.iki.fi/adv/javaplugin.html
        2001550 || BLEEDING-EDGE EXPLOIT Possible Sun Java Plugin arbitrary package access exploit (2) || cve,CAN-2004-1029 || url,www.kb.cert.org/vuls/id/760344 || url,secunia.com/advisories/13271/ || url,archives.neohapsis.com/archives/bugtraq/2004-11/0299.html || url,www.idefense.com/application/poi/display?id=158&type=vulnerabilities&flashstatus=true || url,sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1 || url,jouko.iki.fi/adv/javaplugin.html
        2001551 || BLEEDING-EDGE EXPLOIT Possible Sun Java Plugin arbitrary package access exploit (3) || cve,CAN-2004-1029 || url,www.kb.cert.org/vuls/id/760344 || url,secunia.com/advisories/13271/ || url,archives.neohapsis.com/archives/bugtraq/2004-11/0299.html || url,www.idefense.com/application/poi/display?id=158&type=vulnerabilities&flashstatus=true || url,sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1 || url,jouko.iki.fi/adv/javaplugin.html
        2001552 || BLEEDING-EDGE EXPLOIT Possible Sun Java Plugin arbitrary package access exploit (4) || cve,CAN-2004-1029 || url,www.kb.cert.org/vuls/id/760344 || url,secunia.com/advisories/13271/ || url,archives.neohapsis.com/archives/bugtraq/2004-11/0299.html || url,www.idefense.com/application/poi/display?id=158&type=vulnerabilities&flashstatus=true || url,sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1 || url,jouko.iki.fi/adv/javaplugin.html
        2002002807 || BLEEDING-EDGE MALWARE Spyaxe Spyware User Agent
        2002002808 || BLEEDING-EDGE MALWARE Spyaxe Spyware User Agent 2





More information about the Snort-sigs mailing list