[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Thu Jul 27 21:00:12 EDT 2006


[***] Results from Oinkmaster started Thu Jul 27 21:00:12 2006 [***]

[+++]          Added rules:          [+++]

 2003056 - BLEEDING-EDGE WEB-MISC EiQNetworks Security Analyzer Buffer Overflow (bleeding-web.rules)
 2003057 - BLEEDING-EDGE MALWARE 180solutions Spyware Actionlibs Download (bleeding-malware.rules)
 2003058 - BLEEDING-EDGE MALWARE 180solutions (Zango) Spyware Installer Download (bleeding-malware.rules)
 2003059 - BLEEDING-EDGE MALWARE 180solutions (Zango) Spyware TB Installer Download (bleeding-malware.rules)
 2003060 - BLEEDING-EDGE MALWARE 180solutions (Zango) Spyware Local Stats Post (bleeding-malware.rules)
 2003061 - BLEEDING-EDGE MALWARE 180solutions (Zango) Spyware Event Activity Post (bleeding-malware.rules)
 2003062 - BLEEDING-EDGE MALWARE 180 Solutions (Zango Installer) User Agent (bleeding-malware.rules)


[///]     Modified active rules:     [///]

 2400000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2401000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)


[---]         Removed rules:         [---]

 2003043 - BLEEDING-EDGE VIRUS Suspicious SMTP HELO Outbound [zombie] - Possible Bot (bleeding-virus.rules)
 2003044 - BLEEDING-EDGE VIRUS Suspicious SMTP EHLO Outbound [zombie] - Possible Bot (bleeding-virus.rules)
 2003049 - BLEEDING-EDGE VIRUS Suspicious SMTP EHLO Outbound [billy] - Possible Bot (bleeding-virus.rules)
 2003050 - BLEEDING-EDGE VIRUS Suspicious SMTP EHLO Intbound [billy] (bleeding-virus.rules)
 2003051 - BLEEDING-EDGE VIRUS Suspicious SMTP HELO Outbound [billy] - Possible Bot (bleeding-virus.rules)
 2003052 - BLEEDING-EDGE VIRUS Suspicious SMTP HELO Intbound [billy] (bleeding-virus.rules)
 2003053 - BLEEDING-EDGE VIRUS Suspicious SMTP HELO Inbound [zombie] (bleeding-virus.rules)
 2003054 - BLEEDING-EDGE VIRUS Suspicious SMTP EHLO Inbound [zombie] (bleeding-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-malware.rules (1):
        #Matt Jonkman. Bundled from Warner Brothers Kids site.. can you believe that crap? Guess where my kids WON'T be spending my money....

     -> Added to bleeding-sid-msg.map (7):
        2003056 || BLEEDING-EDGE WEB-MISC EiQNetworks Security Analyzer Buffer Overflow || url,secunia.com/advisories/21211/ || cve,2006-3838
        2003057 || BLEEDING-EDGE MALWARE 180solutions Spyware Actionlibs Download || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html
        2003058 || BLEEDING-EDGE MALWARE 180solutions (Zango) Spyware Installer Download || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html
        2003059 || BLEEDING-EDGE MALWARE 180solutions (Zango) Spyware TB Installer Download || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html
        2003060 || BLEEDING-EDGE MALWARE 180solutions (Zango) Spyware Local Stats Post || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html
        2003061 || BLEEDING-EDGE MALWARE 180solutions (Zango) Spyware Event Activity Post || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html
        2003062 || BLEEDING-EDGE MALWARE 180 Solutions (Zango Installer) User Agent

     -> Added to bleeding-web.rules (1):
        #by Blake Hartstein from Demarc

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (8):
        2003043 || BLEEDING-EDGE VIRUS Suspicious SMTP HELO Outbound [zombie] - Possible Bot
        2003044 || BLEEDING-EDGE VIRUS Suspicious SMTP EHLO Outbound [zombie] - Possible Bot
        2003049 || BLEEDING-EDGE VIRUS Suspicious SMTP EHLO Outbound [billy] - Possible Bot
        2003050 || BLEEDING-EDGE VIRUS Suspicious SMTP EHLO Intbound [billy]
        2003051 || BLEEDING-EDGE VIRUS Suspicious SMTP HELO Outbound [billy] - Possible Bot
        2003052 || BLEEDING-EDGE VIRUS Suspicious SMTP HELO Intbound [billy]
        2003053 || BLEEDING-EDGE VIRUS Suspicious SMTP HELO Inbound [zombie]
        2003054 || BLEEDING-EDGE VIRUS Suspicious SMTP EHLO Inbound [zombie]

     -> Removed from bleeding-virus.rules (2):
        #These sigs are for the unique things that spam bots do in how they talk
        #Submitted by Scott Melnick





More information about the Snort-sigs mailing list