[Snort-sigs] Bleeding Edge Threats Daily Signature Changes

bleeding at ...3254... bleeding at ...3254...
Thu Aug 2 20:00:15 EDT 2007


[***] Results from Oinkmaster started Fri Aug  3 00:00:15 2007 [***]

[+++]          Added rules:          [+++]

 2006547 - BLEEDING-EDGE WEB NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id SELECT (bleeding-web.rules)
 2006548 - BLEEDING-EDGE WEB NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id UNION SELECT (bleeding-web.rules)
 2006549 - BLEEDING-EDGE WEB NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id INSERT (bleeding-web.rules)
 2006550 - BLEEDING-EDGE WEB NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id DELETE (bleeding-web.rules)
 2006551 - BLEEDING-EDGE WEB NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id ASCII (bleeding-web.rules)
 2006552 - BLEEDING-EDGE WEB NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id UPDATE (bleeding-web.rules)
 2006553 - BLEEDING-EDGE MALWARE Cpushpop.com Spyware User Agent (CPUSH_UPDATER) (bleeding-malware.rules)


[///]     Modified active rules:     [///]

 2001882 - BLEEDING-EDGE DOS ICMP Path MTU lowered below acceptable threshold (bleeding-dos.rules)
 2006381 - BLEEDING-EDGE MALWARE Ask.com Toolbar/Spyware User Agent (bleeding-malware.rules)
 2006386 - BLEEDING-EDGE MALWARE Deepdo.com Toolbar/Spyware User Agent (DeepdoUpdate) (bleeding-malware.rules)
 2006388 - BLEEDING-EDGE MALWARE Suspicious User Agent (006) (bleeding-malware.rules)
 2006392 - BLEEDING-EDGE MALWARE Win-touch.com Spyware User Agent (WTRecover) (bleeding-malware.rules)
 2006393 - BLEEDING-EDGE MALWARE Win-touch.com Spyware User Agent (WTInstaller) (bleeding-malware.rules)
 2006413 - BLEEDING-EDGE MALWARE Mycashbank.co.kr Spyware User Agent (pint_agency) (bleeding-malware.rules)
 2006418 - BLEEDING-EDGE MALWARE Vaccineprogram.co.kr Related Spyware User Agent (Museon) (bleeding-malware.rules)
 2006419 - BLEEDING-EDGE MALWARE Vaccineprogram.co.kr Related Spyware User Agent (anycleaner) (bleeding-malware.rules)
 2006420 - BLEEDING-EDGE MALWARE Vaccineprogram.co.kr Related Spyware User Agent (pcsafe) (bleeding-malware.rules)
 2006421 - BLEEDING-EDGE MALWARE Doctorvaccine.co.kr Related Spyware User Agent (DoctorVaccine) (bleeding-malware.rules)
 2006422 - BLEEDING-EDGE MALWARE Platinumreward.co.kr Spyware User Agent (WT_GET_COMM) (bleeding-malware.rules)
 2006423 - BLEEDING-EDGE MALWARE Doctorpro.co.kr Related Spyware User Agent (doctorpro1) (bleeding-malware.rules)
 2006424 - BLEEDING-EDGE MALWARE Karine.co.kr Related Spyware User Agent (WebUpdate) (bleeding-malware.rules)
 2006429 - BLEEDING-EDGE MALWARE Karine.co.kr Related Spyware User Agent (chk Profile) (bleeding-malware.rules)
 2006430 - BLEEDING-EDGE MALWARE Karine.co.kr Related Spyware User Agent (Access down) (bleeding-malware.rules)
 2400000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2401000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source (bleeding-dshield.rules)
 2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING (bleeding-dshield-BLOCK.rules)
 2404000 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 1)  (bleeding-botcc.rules)
 2404001 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 2)  (bleeding-botcc.rules)
 2404002 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 3)  (bleeding-botcc.rules)
 2404003 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 4)  (bleeding-botcc.rules)
 2404004 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 5)  (bleeding-botcc.rules)
 2404005 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 6)  (bleeding-botcc.rules)
 2404006 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 7)  (bleeding-botcc.rules)
 2404007 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 8)  (bleeding-botcc.rules)
 2404008 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 9)  (bleeding-botcc.rules)
 2404009 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 10)  (bleeding-botcc.rules)
 2405000 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405001 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405002 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405003 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405004 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405005 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405006 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405007 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 8) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405008 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 9) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405009 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 10) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)


[///]    Modified inactive rules:    [///]

 2002474 - BLEEDING-EDGE POLICY SMTP DSM-IV Code (bleeding-policy.rules)
 2002558 - BLEEDING-EDGE POLICY HTTP - DSM-IV Code (bleeding-policy.rules)
 2002639 - BLEEDING-EDGE POLICY High Ports -  DSM-IV Code (bleeding-policy.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-dos.rules (1):
        #Updated to be 6 in the byte test as per Shane Castle

     -> Added to bleeding-drop-BLOCK.rules (1):
        #  VERSION 264

     -> Added to bleeding-drop.rules (1):
        #  VERSION 264

     -> Added to bleeding-malware.rules (1):
        #from spyware lp

     -> Added to bleeding-sid-msg.map (7):
        2006547 || BLEEDING-EDGE WEB NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id SELECT || url,www.securityfocus.com/bid/24584 || cve,CVE-2007-3354
        2006548 || BLEEDING-EDGE WEB NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id UNION SELECT || url,www.securityfocus.com/bid/24584 || cve,CVE-2007-3354
        2006549 || BLEEDING-EDGE WEB NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id INSERT || url,www.securityfocus.com/bid/24584 || cve,CVE-2007-3354
        2006550 || BLEEDING-EDGE WEB NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id DELETE || url,www.securityfocus.com/bid/24584 || cve,CVE-2007-3354
        2006551 || BLEEDING-EDGE WEB NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id ASCII || url,www.securityfocus.com/bid/24584 || cve,CVE-2007-3354
        2006552 || BLEEDING-EDGE WEB NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id UPDATE || url,www.securityfocus.com/bid/24584 || cve,CVE-2007-3354
        2006553 || BLEEDING-EDGE MALWARE Cpushpop.com Spyware User Agent (CPUSH_UPDATER)

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-drop-BLOCK.rules (1):
        #  VERSION 263

     -> Removed from bleeding-drop.rules (1):
        #  VERSION 263





More information about the Snort-sigs mailing list