[Snort-sigs] Bleeding Edge Threats Daily Update

bleeding at ...3254... bleeding at ...3254...
Thu Oct 26 21:00:08 EDT 2006


[***] Results from Oinkmaster started Thu Oct 26 21:00:07 2006 [***]

[+++]          Added rules:          [+++]

 2003148 - BLEEDING-EDGE EXPLOIT Novell HttpStk Remote Code Execution Attempt /nds (linewrap) (bleeding-exploit.rules)
 2003149 - BLEEDING-EDGE ATTACK RESPONSE Possible /etc/passwd via SMTP (linux style) (bleeding-attack_response.rules)
 2003150 - BLEEDING-EDGE ATTACK RESPONSE Possible /etc/passwd via SMTP (BSD style) (bleeding-attack_response.rules)
 2003151 - BLEEDING-EDGE Malware Fun Web Products SmileyCentral IEsp2 Install (bleeding-malware.rules)
 2003152 - BLEEDING-EDGE WEB CutePHP CuteNews directory traversal vulnerability - show_archives (bleeding-web.rules)
 2410021 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 22)  (bleeding-botcc.rules)
 2411021 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 22) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)


[///]     Modified active rules:     [///]

 2002668 - BLEEDING-EDGE WEB CutePHP CuteNews directory traversal vulnerability - show_news (bleeding-web.rules)
 2003126 - BLEEDING-EDGE POLICY NON-SMTP and NON-SSL/TLS traffic on port 25 (bleeding-policy.rules)
 2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source (bleeding-dshield.rules)
 2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING (bleeding-dshield-BLOCK.rules)
 2410000 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 1)  (bleeding-botcc.rules)
 2410001 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 2)  (bleeding-botcc.rules)
 2410002 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 3)  (bleeding-botcc.rules)
 2410003 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 4)  (bleeding-botcc.rules)
 2410004 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 5)  (bleeding-botcc.rules)
 2410005 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 6)  (bleeding-botcc.rules)
 2410006 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 7)  (bleeding-botcc.rules)
 2410007 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 8)  (bleeding-botcc.rules)
 2410008 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 9)  (bleeding-botcc.rules)
 2410009 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 10)  (bleeding-botcc.rules)
 2410010 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 11)  (bleeding-botcc.rules)
 2410011 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 12)  (bleeding-botcc.rules)
 2410012 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 13)  (bleeding-botcc.rules)
 2410013 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 14)  (bleeding-botcc.rules)
 2410014 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 15)  (bleeding-botcc.rules)
 2410015 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 16)  (bleeding-botcc.rules)
 2410016 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 17)  (bleeding-botcc.rules)
 2410017 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 18)  (bleeding-botcc.rules)
 2410018 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 19)  (bleeding-botcc.rules)
 2410019 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 20)  (bleeding-botcc.rules)
 2410020 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 21)  (bleeding-botcc.rules)
 2411000 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411001 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411002 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411003 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411004 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411005 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411006 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411007 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 8) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411008 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 9) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411009 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 10) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411010 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 11) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411011 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 12) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411012 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 13) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411013 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 14) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411014 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 15) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411015 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 16) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411016 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 17) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411017 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 18) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411018 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 19) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411019 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 20) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411020 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 21) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)


[---]         Disabled rules:        [---]

 2001284 - BLEEDING-EDGE VIRUS Sober.F Outbound (1) (bleeding-virus.rules)
 2001285 - BLEEDING-EDGE VIRUS Sober.F Outbound (2) (bleeding-virus.rules)
 2001578 - BLEEDING-EDGE VIRUS Sober.I - outbound (bleeding-virus.rules)
 2001750 - BLEEDING-EDGE VIRUS Sober.K Worm - outgoing (bleeding-virus.rules)
 2001902 - BLEEDING-EDGE WORM Sober.O Attachment Outbound (2) (bleeding-virus.rules)
 2001913 - BLEEDING-EDGE VIRUS Possible Sober.P Outbound (2) (bleeding-virus.rules)
 2002055 - BLEEDING-EDGE WORM Sober.O Attachment Outbound (1) (bleeding-virus.rules)
 2002057 - BLEEDING-EDGE WORM Sober.O Attachment Outbound (3) (bleeding-virus.rules)
 2002059 - BLEEDING-EDGE VIRUS Possible Sober.P Outbound (1) (bleeding-virus.rules)
 2002391 - BLEEDING-EDGE VIRUS CME-151 Sober.R SMTP Outbound (bleeding-virus.rules)
 2002686 - BLEEDING-EDGE VIRUS Sober.AA (.Z,.AG,.X,.Y,.W) worm SMTP Outbound (bleeding-virus.rules)


[---]         Removed rules:         [---]

 2001545 - BLEEDING-EDGE ATTACK RESPONSE Potential root shell connection detected! (bleeding-attack_response.rules)
 2001717 - BLEEDING-EDGE ATTACK RESPONSE Successful user connection AFTER Brute Force Attack (bleeding-attack_response.rules)
 3003147 - BLEEDING-EDGE EXPLOIT Novell HttpStk Remote Code Execution Attempt /nds (linewrap) (bleeding-exploit.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (8):
        2002668 || BLEEDING-EDGE WEB CutePHP CuteNews directory traversal vulnerability - show_news || bugtraq,15295
        2003148 || BLEEDING-EDGE EXPLOIT Novell HttpStk Remote Code Execution Attempt /nds (linewrap)
        2003149 || BLEEDING-EDGE ATTACK RESPONSE Possible /etc/passwd via SMTP (linux style)
        2003150 || BLEEDING-EDGE ATTACK RESPONSE Possible /etc/passwd via SMTP (BSD style)
        2003151 || BLEEDING-EDGE Malware Fun Web Products SmileyCentral IEsp2 Install || url,www.myfuncards.com
        2003152 || BLEEDING-EDGE WEB CutePHP CuteNews directory traversal vulnerability - show_archives || bugtraq,15295
        2410021 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 22)  || url,www.shadowserver.org
        2411021 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 22) - BLOCKING SOURCE || url,www.shadowserver.org

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-attack_response.rules (4):
        # Access to backdoor created by some SSL exploit
        #No longer very useful. Disablnig, delete in the future
        #By Matt Jonkman
        # Still doesn't work, but we hope to figure out a way in the future...

     -> Removed from bleeding-sid-msg.map (4):
        2001545 || BLEEDING-EDGE ATTACK RESPONSE Potential root shell connection detected!
        2001717 || BLEEDING-EDGE ATTACK RESPONSE Successful user connection AFTER Brute Force Attack
        2002668 || BLEEDING-EDGE WEB CutePHP CuteNews directory traversal vulnerability || bugtraq,15295
        3003147 || BLEEDING-EDGE EXPLOIT Novell HttpStk Remote Code Execution Attempt /nds (linewrap)





More information about the Snort-sigs mailing list