[Snort-sigs] Bleeding Edge Threats Daily Update

bleeding at ...3254... bleeding at ...3254...
Wed Nov 1 20:00:09 EST 2006


[***] Results from Oinkmaster started Wed Nov  1 20:00:09 2006 [***]

[+++]          Added rules:          [+++]

 2003158 - BLEEDING-EDGE EXPLOIT Microsoft WMIScriptUtils.WMIObjectBroker object call CSLID (bleeding-exploit.rules)
 2003159 - BLEEDING-EDGE EXPLOIT Microsoft VsmIDE.DTE object call CSLID (bleeding-exploit.rules)
 2003160 - BLEEDING-EDGE EXPLOIT Microsoft DExplore.AppObj.8.0 object call CSLID (bleeding-exploit.rules)
 2003161 - BLEEDING-EDGE EXPLOIT Microsoft VisualStudio.DTE.8.0 object call CSLID (bleeding-exploit.rules)
 2003162 - BLEEDING-EDGE EXPLOIT Microsoft Microsoft.DbgClr.DTE.8.0 object call CSLID (bleeding-exploit.rules)
 2003163 - BLEEDING-EDGE EXPLOIT Microsoft VsaIDE.DTE object call CSLID (bleeding-exploit.rules)
 2003164 - BLEEDING-EDGE EXPLOIT Microsoft Business Object Factory object call CSLID (bleeding-exploit.rules)
 2003165 - BLEEDING-EDGE EXPLOIT Microsoft Outlook Data Object object call CSLID (bleeding-exploit.rules)
 2003166 - BLEEDING-EDGE EXPLOIT Microsoft Outlook.Application object call CSLID (bleeding-exploit.rules)
 2003167 - BLEEDING-EDGE tikiwiki featured link XSS attempt (bleeding-web.rules)


[///]     Modified active rules:     [///]

 2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source (bleeding-dshield.rules)
 2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING (bleeding-dshield-BLOCK.rules)
 2410000 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 1)  (bleeding-botcc.rules)
 2410001 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 2)  (bleeding-botcc.rules)
 2410002 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 3)  (bleeding-botcc.rules)
 2410003 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 4)  (bleeding-botcc.rules)
 2410004 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 5)  (bleeding-botcc.rules)
 2410005 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 6)  (bleeding-botcc.rules)
 2410006 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 7)  (bleeding-botcc.rules)
 2410007 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 8)  (bleeding-botcc.rules)
 2410008 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 9)  (bleeding-botcc.rules)
 2411000 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411001 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411002 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411003 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411004 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411005 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411006 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411007 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 8) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411008 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 9) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-exploit.rules (1):
        # Submitted 2006-11-01 by Frank Knobbe

     -> Added to bleeding-sid-msg.map (10):
        2003158 || BLEEDING-EDGE EXPLOIT Microsoft WMIScriptUtils.WMIObjectBroker object call CSLID || cve,2006-4704 || url,secunia.com/advisories/22603 || url,www.securityfocus.com/bid/20843
        2003159 || BLEEDING-EDGE EXPLOIT Microsoft VsmIDE.DTE object call CSLID
        2003160 || BLEEDING-EDGE EXPLOIT Microsoft DExplore.AppObj.8.0 object call CSLID
        2003161 || BLEEDING-EDGE EXPLOIT Microsoft VisualStudio.DTE.8.0 object call CSLID
        2003162 || BLEEDING-EDGE EXPLOIT Microsoft Microsoft.DbgClr.DTE.8.0 object call CSLID
        2003163 || BLEEDING-EDGE EXPLOIT Microsoft VsaIDE.DTE object call CSLID
        2003164 || BLEEDING-EDGE EXPLOIT Microsoft Business Object Factory object call CSLID
        2003165 || BLEEDING-EDGE EXPLOIT Microsoft Outlook Data Object object call CSLID
        2003166 || BLEEDING-EDGE EXPLOIT Microsoft Outlook.Application object call CSLID
        2003167 || BLEEDING-EDGE tikiwiki featured link XSS attempt || url,www.securityfocus.com/archive/1/450268/30/0

     -> Added to bleeding-web.rules (1):
        # Submitted 2006-11-01 by Victor Julien as sighted on Bugtraq





More information about the Snort-sigs mailing list