[Snort-sigs] Bleeding Edge Threats Daily Signature Changes

bleeding at ...3254... bleeding at ...3254...
Tue Feb 20 13:00:06 EST 2007


[***] Results from Oinkmaster started Tue Feb 20 18:00:06 2007 [***]

[+++]          Added rules:          [+++]

 2003430 - BLEEDING-EDGE CURRENT EVENTS Guard Targeted Phish Email Drop Attempt (bleeding.rules)


[///]     Modified active rules:     [///]

 2003413 - BLEEDING-EDGE CURRENT EVENTS Guard.zip Backdoor Phish Encoded Exploit traveling to client browser (bleeding.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (2):
        2003413 || BLEEDING-EDGE CURRENT EVENTS Guard.zip Backdoor Phish Encoded Exploit traveling to client browser || url,www.bleedingthreats.net/index.php/2007/02/13/guardzip-phish-very-targeted-sig-available/ || url,isc.sans.org/diary.html?n&storyid=2277 || url,asert.arbornetworks.com/2007/02/phpwebguard-and-aspwebguard-attacks/
        2003430 || BLEEDING-EDGE CURRENT EVENTS Guard Targeted Phish Email Drop Attempt || url,isc.sans.org/diary.html?n&storyid=2277 || url,www.bleedingthreats.net/index.php/2007/02/13/guardzip-phish-very-targeted-sig-available/

     -> Added to bleeding.rules (2):
        # These are coming in zips asking you to run on the server. This will hit on the html coming FROM the infected server to a client browser, NOT the zip in transit
        #The email drop is dead, but phishes are still going out with this address. If you see it, someone ran the script... follow up!

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (1):
        2003413 || BLEEDING-EDGE CURRENT EVENTS Guard.zip Backdoor Phish Encoded Exploit traveling to client browser





More information about the Snort-sigs mailing list