[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Fri Oct 6 21:00:08 EDT 2006


[***] Results from Oinkmaster started Fri Oct  6 21:00:08 2006 [***]

[+++]          Added rules:          [+++]

 2003111 - BLEEDING-EDGE CURRENT Lookup for Trojan.Proxy.PPAgent.A - v.1 (bleeding.rules)
 2003112 - BLEEDING-EDGE CURRENT Lookup for Trojan.Proxy.PPAgent.A - v.2 (bleeding.rules)
 2003113 - BLEEDING-EDGE CURRENT Lookup for Trojan.Proxy.PPAgent.A - v.3 (bleeding.rules)
 2003114 - BLEEDING-EDGE CURRENT Lookup for Trojan.Proxy.PPAgent.A - v.4 (bleeding.rules)
 2003115 - BLEEDING-EDGE TROJAN - Trojan.Proxy.PPAgent.t (updatea) (bleeding-virus.rules)
 2003116 - BLEEDING-EDGE TROJAN - Trojan.Proxy.PPAgent.t (updateb) (bleeding-virus.rules)


[///]     Modified active rules:     [///]

 2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source (bleeding-dshield.rules)
 2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING (bleeding-dshield-BLOCK.rules)
 2410000 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 1)  (bleeding-botcc.rules)
 2410001 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 2)  (bleeding-botcc.rules)
 2410002 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 3)  (bleeding-botcc.rules)
 2410003 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 4)  (bleeding-botcc.rules)
 2410004 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 5)  (bleeding-botcc.rules)
 2410005 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 6)  (bleeding-botcc.rules)
 2411000 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411001 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411002 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411003 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411004 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411005 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (6):
        2003111 || BLEEDING-EDGE CURRENT Lookup for Trojan.Proxy.PPAgent.A - v.1 || url,original.avira.com/en/threats/vdf_history.html?id_vdf=2738
        2003112 || BLEEDING-EDGE CURRENT Lookup for Trojan.Proxy.PPAgent.A - v.2 || url,original.avira.com/en/threats/vdf_history.html?id_vdf=2738
        2003113 || BLEEDING-EDGE CURRENT Lookup for Trojan.Proxy.PPAgent.A - v.3 || url,original.avira.com/en/threats/vdf_history.html?id_vdf=2738
        2003114 || BLEEDING-EDGE CURRENT Lookup for Trojan.Proxy.PPAgent.A - v.4 || url,original.avira.com/en/threats/vdf_history.html?id_vdf=2738
        2003115 || BLEEDING-EDGE TROJAN - Trojan.Proxy.PPAgent.t (updatea) || url,original.avira.com/en/threats/vdf_history.html?id_vdf=2738
        2003116 || BLEEDING-EDGE TROJAN - Trojan.Proxy.PPAgent.t (updateb) || url,original.avira.com/en/threats/vdf_history.html?id_vdf=2738

     -> Added to bleeding-virus.rules (1):
        #by Russ McRee of expedia.com

     -> Added to bleeding.rules (2):
        # Trojan.Proxy.PPAgent.A ruleset from Russ McRee
        # These for dns are temporary, the domains will surely change soon. To be removed in a few days.





More information about the Snort-sigs mailing list