[Snort-sigs] Bleeding Edge Threats Daily Update

bleeding at ...3254... bleeding at ...3254...
Fri Oct 27 21:00:08 EDT 2006


[***] Results from Oinkmaster started Fri Oct 27 21:00:08 2006 [***]

[+++]          Added rules:          [+++]

 2003153 - BLEEDING-EDGE MALWARE Bestcount.net Spyware Exploit Download (bleeding-malware.rules)
 2003154 - BLEEDING-EDGE MALWARE Bestcount.net Spyware Data Upload (bleeding-malware.rules)
 2003155 - BLEEDING-EDGE CURRENT Microsoft TEREDO IPv6 tunneling (bleeding.rules)


[///]     Modified active rules:     [///]

 2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source (bleeding-dshield.rules)
 2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING (bleeding-dshield-BLOCK.rules)
 2410000 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 1)  (bleeding-botcc.rules)
 2410001 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 2)  (bleeding-botcc.rules)
 2410002 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 3)  (bleeding-botcc.rules)
 2410003 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 4)  (bleeding-botcc.rules)
 2410004 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 5)  (bleeding-botcc.rules)
 2410005 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 6)  (bleeding-botcc.rules)
 2410006 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 7)  (bleeding-botcc.rules)
 2410007 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 8)  (bleeding-botcc.rules)
 2410008 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 9)  (bleeding-botcc.rules)
 2410009 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 10)  (bleeding-botcc.rules)
 2411000 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411001 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411002 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411003 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411004 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411005 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411006 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411007 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 8) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411008 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 9) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411009 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 10) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)


[---]         Removed rules:         [---]

 2410010 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 11)  (bleeding-botcc.rules)
 2410011 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 12)  (bleeding-botcc.rules)
 2410012 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 13)  (bleeding-botcc.rules)
 2410013 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 14)  (bleeding-botcc.rules)
 2410014 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 15)  (bleeding-botcc.rules)
 2410015 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 16)  (bleeding-botcc.rules)
 2410016 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 17)  (bleeding-botcc.rules)
 2410017 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 18)  (bleeding-botcc.rules)
 2410018 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 19)  (bleeding-botcc.rules)
 2410019 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 20)  (bleeding-botcc.rules)
 2410020 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 21)  (bleeding-botcc.rules)
 2410021 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 22)  (bleeding-botcc.rules)
 2411010 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 11) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411011 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 12) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411012 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 13) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411013 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 14) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411014 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 15) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411015 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 16) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411016 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 17) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411017 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 18) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411018 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 19) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411019 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 20) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411020 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 21) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2411021 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 22) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (3):
        2003153 || BLEEDING-EDGE MALWARE Bestcount.net Spyware Exploit Download || url,reports.internic.net/cgi/whois?whois_nic=bestcount.net&type=domain
        2003154 || BLEEDING-EDGE MALWARE Bestcount.net Spyware Data Upload || url,reports.internic.net/cgi/whois?whois_nic=bestcount.net&type=domain
        2003155 || BLEEDING-EDGE CURRENT Microsoft TEREDO IPv6 tunneling

     -> Added to bleeding.rules (2):
        #by Jef Kell
        # Microsoft teredo tunnel

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (24):
        2410010 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 11)  || url,www.shadowserver.org
        2410011 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 12)  || url,www.shadowserver.org
        2410012 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 13)  || url,www.shadowserver.org
        2410013 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 14)  || url,www.shadowserver.org
        2410014 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 15)  || url,www.shadowserver.org
        2410015 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 16)  || url,www.shadowserver.org
        2410016 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 17)  || url,www.shadowserver.org
        2410017 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 18)  || url,www.shadowserver.org
        2410018 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 19)  || url,www.shadowserver.org
        2410019 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 20)  || url,www.shadowserver.org
        2410020 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 21)  || url,www.shadowserver.org
        2410021 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 22)  || url,www.shadowserver.org
        2411010 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 11) - BLOCKING SOURCE || url,www.shadowserver.org
        2411011 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 12) - BLOCKING SOURCE || url,www.shadowserver.org
        2411012 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 13) - BLOCKING SOURCE || url,www.shadowserver.org
        2411013 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 14) - BLOCKING SOURCE || url,www.shadowserver.org
        2411014 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 15) - BLOCKING SOURCE || url,www.shadowserver.org
        2411015 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 16) - BLOCKING SOURCE || url,www.shadowserver.org
        2411016 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 17) - BLOCKING SOURCE || url,www.shadowserver.org
        2411017 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 18) - BLOCKING SOURCE || url,www.shadowserver.org
        2411018 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 19) - BLOCKING SOURCE || url,www.shadowserver.org
        2411019 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 20) - BLOCKING SOURCE || url,www.shadowserver.org
        2411020 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 21) - BLOCKING SOURCE || url,www.shadowserver.org
        2411021 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 22) - BLOCKING SOURCE || url,www.shadowserver.org





More information about the Snort-sigs mailing list