[Snort-sigs] Bleeding Edge Threats Daily Signature Changes

bleeding at ...3254... bleeding at ...3254...
Fri Apr 27 16:00:05 EDT 2007


[***] Results from Oinkmaster started Fri Apr 27 16:00:05 2007 [***]

[///]     Modified active rules:     [///]

 2001409 - BLEEDING-EDGE MALWARE Mastermind Related Reporting (bleeding-malware.rules)
 2001410 - BLEEDING-EDGE MALWARE Mastermind Related Reporting 8081 (bleeding-malware.rules)
 2001411 - BLEEDING-EDGE MALWARE Mastermind Related Downloading mm20.ocx (bleeding-malware.rules)
 2001413 - BLEEDING-EDGE MALWARE Medis-Motor Related Downloading ast_4_mm.exe (bleeding-malware.rules)
 2001414 - BLEEDING-EDGE MALWARE Media-Motor Related Downloading MediaMotor25.exe (bleeding-malware.rules)
 2001419 - BLEEDING-EDGE MALWARE Avres.net Downloading cpr_mm2.exe (bleeding-malware.rules)
 2001420 - BLEEDING-EDGE MALWARE Avres.net Downloading ab1.exe (bleeding-malware.rules)
 2001421 - BLEEDING-EDGE MALWARE Avres.net Downloading tvm_bundle.exe (bleeding-malware.rules)
 2001422 - BLEEDING-EDGE MALWARE Avres.net Reporting Data (bleeding-malware.rules)
 2001531 - BLEEDING-EDGE MALWARE C4tdownload.com Access, Likely Spyware (bleeding-malware.rules)
 2001536 - BLEEDING-EDGE MALWARE Spyspotter.com Install (bleeding-malware.rules)
 2001537 - BLEEDING-EDGE MALWARE Spyspotter.com Access (bleeding-malware.rules)
 2001622 - BLEEDING-EDGE EXPLOIT winhlp32 ActiveX control attack, phase 1 (bleeding-exploit.rules)
 2001624 - BLEEDING-EDGE EXPLOIT winhlp32 ActiveX control attack, phase 3 (bleeding-exploit.rules)
 2001625 - BLEEDING-EDGE EXPLOIT winhlp32 ActiveX control attack via EMAIL, phase 1 (bleeding-exploit.rules)
 2001626 - BLEEDING-EDGE EXPLOIT winhlp32 ActiveX control attack via EMAIL, phase 2 (bleeding-exploit.rules)
 2001627 - BLEEDING-EDGE EXPLOIT winhlp32 ActiveX control attack via EMAIL, phase 3 (bleeding-exploit.rules)
 2001633 - BLEEDING-EDGE EXPLOIT Probable MSIE XPSP2 Remote Compromise (1) (bleeding-exploit.rules)
 2001634 - BLEEDING-EDGE EXPLOIT Probable MSIE XPSP2 Remote Compromise (2) (bleeding-exploit.rules)
 2002765 - BLEEDING-EDGE MALWARE Corpsespyware.net BlackListed Malicious Domain - google.vc (bleeding-malware.rules)
 2002766 - BLEEDING-EDGE MALWARE Corpsespyware.net BlackList - pcpeek (bleeding-malware.rules)
 2002767 - BLEEDING-EDGE MALWARE Corpsespyware.net Distribution - bos.biz (bleeding-malware.rules)
 2002768 - BLEEDING-EDGE MALWARE Corpsespyware.net Distribution - fesexy (bleeding-malware.rules)
 2002769 - BLEEDING-EDGE MALWARE Corpsespyware.net Distribution - studiolacase (bleeding-malware.rules)
 2003512 - BLEEDING-EDGE CURRENT EVENTS TROJ_MESPAM.A HTTP Request (bleeding.rules)
 2003596 - BLEEDING-EDGE CURRENT EVENTS Likely ANI Exploit Include from Webpage (bleeding.rules)
 2400000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2401000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source (bleeding-dshield.rules)
 2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING (bleeding-dshield-BLOCK.rules)
 2404000 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 1)  (bleeding-botcc.rules)
 2404001 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 2)  (bleeding-botcc.rules)
 2404002 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 3)  (bleeding-botcc.rules)
 2404003 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 4)  (bleeding-botcc.rules)
 2404004 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 5)  (bleeding-botcc.rules)
 2404005 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 6)  (bleeding-botcc.rules)
 2404006 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 7)  (bleeding-botcc.rules)
 2405000 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405001 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405002 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405003 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405004 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405005 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405006 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)


[---]         Removed rules:         [---]

 2001412 - BLEEDING-EDGE Malware Mastermind Related Downloading Daily Executable (bleeding-malware.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-drop-BLOCK.rules (1):
        #  VERSION 166

     -> Added to bleeding-drop.rules (1):
        #  VERSION 166

     -> Added to bleeding-sid-msg.map (11):
        2001409 || BLEEDING-EDGE MALWARE Mastermind Related Reporting
        2001410 || BLEEDING-EDGE MALWARE Mastermind Related Reporting 8081
        2001411 || BLEEDING-EDGE MALWARE Mastermind Related Downloading mm20.ocx
        2001413 || BLEEDING-EDGE MALWARE Medis-Motor Related Downloading ast_4_mm.exe
        2001414 || BLEEDING-EDGE MALWARE Media-Motor Related Downloading MediaMotor25.exe
        2001419 || BLEEDING-EDGE MALWARE Avres.net Downloading cpr_mm2.exe
        2001420 || BLEEDING-EDGE MALWARE Avres.net Downloading ab1.exe
        2001421 || BLEEDING-EDGE MALWARE Avres.net Downloading tvm_bundle.exe
        2001422 || BLEEDING-EDGE MALWARE Avres.net Reporting Data
        2001536 || BLEEDING-EDGE MALWARE Spyspotter.com Install
        2001537 || BLEEDING-EDGE MALWARE Spyspotter.com Access

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-drop-BLOCK.rules (1):
        #  VERSION 165

     -> Removed from bleeding-drop.rules (1):
        #  VERSION 165

     -> Removed from bleeding-sid-msg.map (12):
        2001409 || BLEEDING-EDGE Malware Mastermind Related Reporting
        2001410 || BLEEDING-EDGE Malware Mastermind Related Reporting 8081
        2001411 || BLEEDING-EDGE Malware Mastermind Related Downloading mm20.ocx
        2001412 || BLEEDING-EDGE Malware Mastermind Related Downloading Daily Executable
        2001413 || BLEEDING-EDGE Malware Medis-Motor Related Downloading ast_4_mm.exe
        2001414 || BLEEDING-EDGE Malware Media-Motor Related Downloading MediaMotor25.exe
        2001419 || BLEEDING-EDGE Malware Avres.net Downloading cpr_mm2.exe
        2001420 || BLEEDING-EDGE Malware Avres.net Downloading ab1.exe
        2001421 || BLEEDING-EDGE Malware Avres.net Downloading tvm_bundle.exe
        2001422 || BLEEDING-EDGE Malware Avres.net Reporting Data
        2001536 || BLEEDING-EDGE Malware Spyspotter.com Install
        2001537 || BLEEDING-EDGE Malware Spyspotter.com Access





More information about the Snort-sigs mailing list