[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Wed Mar 1 17:01:01 EST 2006


[***] Results from Oinkmaster started Wed Mar  1 20:00:09 2006 [***]

[+++]          Added rules:          [+++]

 2002838 - BLEEDING-EDGE Google Search Appliance browsing the Internet (bleeding-web.rules)
 2002839 - BLEEDING-EDGE Malware My Search Spyware Config Download (bleeding-malware.rules)
 2002840 - BLEEDING-EDGE Malware Freeze.com Spyware/Adware (Install) (bleeding-malware.rules)
 2002841 - BLEEDING-EDGE Malware Freeze.com Spyware/Adware (Install Registration) (bleeding-malware.rules)


[///]     Modified active rules:     [///]

 2001040 - BLEEDING-EDGE Malware My Search Bar Install (bleeding-malware.rules)
 2002821 - BLEEDING-EDGE Malware SideStep Bar Reporting Data (sbstart) (bleeding-malware.rules)
 2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source (bleeding-dshield.rules)
 2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING (bleeding-dshield-BLOCK.rules)


[---]         Disabled rules:        [---]

 2002077 - BLEEDING-EDGE Malware IEBar Spyware User Agent Activity (bleeding-malware.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-malware.rules (1):
        #disabling, it hits on normal traffic from Windows Media Player, and others. Needs more research

     -> Added to bleeding-sid-msg.map (4):
        2002838 || BLEEDING-EDGE Google Search Appliance browsing the Internet || url,www.google.com/enterprise/gsa/index.html
        2002839 || BLEEDING-EDGE Malware My Search Spyware Config Download
        2002840 || BLEEDING-EDGE Malware Freeze.com Spyware/Adware (Install)
        2002841 || BLEEDING-EDGE Malware Freeze.com Spyware/Adware (Install Registration)

     -> Added to bleeding-web.rules (1):
        # Submitted 2006-02-28 by Mark Warren. For Google appliances that "should" only spider internal web sites (but sometimes go wild and spider the Internet)





More information about the Snort-sigs mailing list