[Snort-sigs] Bleeding Edge Threats Daily Signature Changes

bleeding at ...3254... bleeding at ...3254...
Wed Aug 1 20:00:15 EDT 2007


[***] Results from Oinkmaster started Thu Aug  2 00:00:14 2007 [***]

[+++]          Added rules:          [+++]

 2006504 - BLEEDING-EDGE WEB Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct SELECT (bleeding-web.rules)
 2006505 - BLEEDING-EDGE WEB Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct UNION SELECT (bleeding-web.rules)
 2006506 - BLEEDING-EDGE WEB Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct INSERT (bleeding-web.rules)
 2006507 - BLEEDING-EDGE WEB Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct DELETE (bleeding-web.rules)
 2006508 - BLEEDING-EDGE WEB Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct ASCII (bleeding-web.rules)
 2006509 - BLEEDING-EDGE WEB Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct UPDATE (bleeding-web.rules)
 2006510 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID SELECT (bleeding-web.rules)
 2006511 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID UNION SELECT (bleeding-web.rules)
 2006512 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID INSERT (bleeding-web.rules)
 2006513 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID DELETE (bleeding-web.rules)
 2006514 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID ASCII (bleeding-web.rules)
 2006515 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID UPDATE (bleeding-web.rules)
 2006516 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID SELECT (bleeding-web.rules)
 2006517 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID UNION SELECT (bleeding-web.rules)
 2006518 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID INSERT (bleeding-web.rules)
 2006519 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID DELETE (bleeding-web.rules)
 2006520 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID ASCII (bleeding-web.rules)
 2006521 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID UPDATE (bleeding-web.rules)
 2006522 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Project_ID SELECT (bleeding-web.rules)
 2006523 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Project_ID UNION SELECT (bleeding-web.rules)
 2006524 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Project_ID INSERT (bleeding-web.rules)
 2006525 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Project_ID DELETE (bleeding-web.rules)
 2006526 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Project_ID ASCII (bleeding-web.rules)
 2006527 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Project_ID UPDATE (bleeding-web.rules)
 2006528 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Client_ID SELECT (bleeding-web.rules)
 2006529 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Client_ID UNION SELECT (bleeding-web.rules)
 2006530 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Client_ID INSERT (bleeding-web.rules)
 2006531 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Client_ID DELETE (bleeding-web.rules)
 2006532 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Client_ID ASCII (bleeding-web.rules)
 2006533 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Client_ID UPDATE (bleeding-web.rules)
 2006534 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Invoice_ID SELECT (bleeding-web.rules)
 2006535 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Invoice_ID UNION SELECT (bleeding-web.rules)
 2006536 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Invoice_ID INSERT (bleeding-web.rules)
 2006537 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Invoice_ID DELETE (bleeding-web.rules)
 2006538 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Invoice_ID ASCII (bleeding-web.rules)
 2006539 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Invoice_ID UPDATE (bleeding-web.rules)
 2006540 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Vendor_ID SELECT (bleeding-web.rules)
 2006541 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Vendor_ID UNION SELECT (bleeding-web.rules)
 2006542 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Vendor_ID INSERT (bleeding-web.rules)
 2006543 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Vendor_ID DELETE (bleeding-web.rules)
 2006544 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Vendor_ID ASCII (bleeding-web.rules)
 2006545 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Vendor_ID UPDATE (bleeding-web.rules)
 2006546 - BLEEDING-EDGE SCAN LibSSH Based Frequent SSH Connections -- Likely BruteForce Attack! (bleeding-scan.rules)


[///]     Modified active rules:     [///]

 2006434 - BLEEDING-EDGE POLICY Possible Ecard Trojan download (bleeding-policy.rules)
 2400000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2401000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source (bleeding-dshield.rules)
 2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING (bleeding-dshield-BLOCK.rules)
 2404000 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 1)  (bleeding-botcc.rules)
 2404001 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 2)  (bleeding-botcc.rules)
 2404002 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 3)  (bleeding-botcc.rules)
 2404003 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 4)  (bleeding-botcc.rules)
 2404004 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 5)  (bleeding-botcc.rules)
 2404005 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 6)  (bleeding-botcc.rules)
 2404006 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 7)  (bleeding-botcc.rules)
 2404007 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 8)  (bleeding-botcc.rules)
 2404008 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 9)  (bleeding-botcc.rules)
 2404009 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 10)  (bleeding-botcc.rules)
 2405000 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405001 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405002 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405003 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405004 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405005 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405006 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405007 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 8) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405008 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 9) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405009 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 10) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-drop-BLOCK.rules (1):
        #  VERSION 263

     -> Added to bleeding-drop.rules (1):
        #  VERSION 263

     -> Added to bleeding-scan.rules (1):
        #This is the same as above but has a threshold to help keep events down, and more readily identify brute force attacks

     -> Added to bleeding-sid-msg.map (43):
        2006504 || BLEEDING-EDGE WEB Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct SELECT || url,www.securityfocus.com/bid/24562 || cve,CVE-2007-3323
        2006505 || BLEEDING-EDGE WEB Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct UNION SELECT || url,www.securityfocus.com/bid/24562 || cve,CVE-2007-3323
        2006506 || BLEEDING-EDGE WEB Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct INSERT || url,www.securityfocus.com/bid/24562 || cve,CVE-2007-3323
        2006507 || BLEEDING-EDGE WEB Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct DELETE || url,www.securityfocus.com/bid/24562 || cve,CVE-2007-3323
        2006508 || BLEEDING-EDGE WEB Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct ASCII || url,www.securityfocus.com/bid/24562 || cve,CVE-2007-3323
        2006509 || BLEEDING-EDGE WEB Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct UPDATE || url,www.securityfocus.com/bid/24562 || cve,CVE-2007-3323
        2006510 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID SELECT || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006511 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID UNION SELECT || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006512 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID INSERT || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006513 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID DELETE || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006514 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID ASCII || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006515 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID UPDATE || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006516 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID SELECT || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006517 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID UNION SELECT || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006518 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID INSERT || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006519 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID DELETE || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006520 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID ASCII || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006521 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID UPDATE || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006522 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Project_ID SELECT || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006523 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Project_ID UNION SELECT || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006524 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Project_ID INSERT || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006525 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Project_ID DELETE || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006526 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Project_ID ASCII || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006527 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Project_ID UPDATE || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006528 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Client_ID SELECT || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006529 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Client_ID UNION SELECT || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006530 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Client_ID INSERT || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006531 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Client_ID DELETE || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006532 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Client_ID ASCII || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006533 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Client_ID UPDATE || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006534 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Invoice_ID SELECT || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006535 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Invoice_ID UNION SELECT || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006536 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Invoice_ID INSERT || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006537 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Invoice_ID DELETE || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006538 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Invoice_ID ASCII || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006539 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Invoice_ID UPDATE || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006540 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Vendor_ID SELECT || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006541 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Vendor_ID UNION SELECT || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006542 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Vendor_ID INSERT || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006543 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Vendor_ID DELETE || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006544 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Vendor_ID ASCII || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006545 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Vendor_ID UPDATE || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006546 || BLEEDING-EDGE SCAN LibSSH Based Frequent SSH Connections -- Likely BruteForce Attack!

     -> Added to bleeding-web.rules (1):
        #by Tinytwitty

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-drop-BLOCK.rules (1):
        #  VERSION 262

     -> Removed from bleeding-drop.rules (1):
        #  VERSION 262





More information about the Snort-sigs mailing list