[Snort-sigs] Bleeding Edge Threats Daily Signature Changes

bleeding at ...3254... bleeding at ...3254...
Fri Jan 19 15:00:07 EST 2007


[***] Results from Oinkmaster started Fri Jan 19 20:00:06 2007 [***]

[+++]          Added rules:          [+++]

 2003930 - BLEEDING-EDGE POLICY FTP Login Attempt (non-anonymous) (bleeding-policy.rules)
 2003931 - BLEEDING-EDGE MALWARE Effectivebrands.com Spyware Checkin (bleeding-malware.rules)
 2003932 - BLEEDING-EDGE MALWARE Zango-Hotbar User Agent (sbu-hb-) (bleeding-malware.rules)
 2003933 - BLEEDING-EDGE MALWARE 180solutions Spyware (tracked event 2 reporting) (bleeding-malware.rules)


[///]     Modified active rules:     [///]

 2003217 - BLEEDING-EDGE MALWARE 180solutions (Zango) Spyware Installer Config 2 (bleeding-malware.rules)
 2400000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2401000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source (bleeding-dshield.rules)
 2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING (bleeding-dshield-BLOCK.rules)
 2404000 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 1)  (bleeding-botcc.rules)
 2404001 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 2)  (bleeding-botcc.rules)
 2404002 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 3)  (bleeding-botcc.rules)
 2404003 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 4)  (bleeding-botcc.rules)
 2404004 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 5)  (bleeding-botcc.rules)
 2404005 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 6)  (bleeding-botcc.rules)
 2405000 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405001 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405002 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405003 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405004 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405005 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-attack_response.rules (1):
        # $Id: bleeding-attack_response.rules $

     -> Added to bleeding-dos.rules (1):
        # $Id: bleeding-dos.rules $

     -> Added to bleeding-drop-BLOCK.rules (1):
        #  VERSION 60

     -> Added to bleeding-drop.rules (1):
        #  VERSION 60

     -> Added to bleeding-exploit.rules (1):
        # $Id: bleeding-exploit.rules $

     -> Added to bleeding-game.rules (1):
        # $Id: bleeding-game.rules $

     -> Added to bleeding-inappropriate.rules (1):
        # $Id: bleeding-inappropriate.rules $

     -> Added to bleeding-malware.rules (4):
        # $Id: bleeding-malware.rules $
        #more from the spywarelp
        #Matt jonkman
        #from spyware listening post data

     -> Added to bleeding-p2p.rules (1):
        # $Id: bleeding-p2p.rules $

     -> Added to bleeding-policy.rules (4):
        # $Id: bleeding-policy.rules $
        #by Steven Adair at securityzone.org
        #Rule to catch all FTP logins that do not start with "anonymous" or "ftp"
        # and do not contain "pass " (pass followed by a space). -steven at ...3269...

     -> Added to bleeding-scan.rules (1):
        # $Id: bleeding-scan.rules $

     -> Added to bleeding-sid-msg.map (4):
        2003930 || BLEEDING-EDGE POLICY FTP Login Attempt (non-anonymous)
        2003931 || BLEEDING-EDGE MALWARE Effectivebrands.com Spyware Checkin
        2003932 || BLEEDING-EDGE MALWARE Zango-Hotbar User Agent (sbu-hb-)
        2003933 || BLEEDING-EDGE MALWARE 180solutions Spyware (tracked event 2 reporting) || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html

     -> Added to bleeding-virus.rules (1):
        # $Id: bleeding-virus.rules $

     -> Added to bleeding-web.rules (1):
        # $Id: bleeding-web.rules $

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-drop-BLOCK.rules (1):
        #  VERSION 59

     -> Removed from bleeding-drop.rules (1):
        #  VERSION 59





More information about the Snort-sigs mailing list