[Snort-sigs] Bleeding Edge Threats Daily Signature Changes

bleeding at ...3254... bleeding at ...3254...
Mon Mar 19 14:00:05 EDT 2007


[***] Results from Oinkmaster started Mon Mar 19 14:00:05 2007 [***]

[+++]          Added rules:          [+++]

 2003504 - BLEEDING-EDGE Malware E2give Spyware Reporting (check url) (bleeding-malware.rules)
 2003505 - BLEEDING-EDGE MALWARE Toplist.cz Related Spyware User-Agent (BWL Toplist) (bleeding-malware.rules)
 2003506 - BLEEDING-EDGE MALWARE Alawar Toolbar Spyware User-Agent (Alawar Toolbar) (bleeding-malware.rules)
 2003507 - BLEEDING-EDGE CURRENT EVENTS SpaceTalk-QT-js (bleeding.rules)
 2404006 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 7)  (bleeding-botcc.rules)
 2405006 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)


[///]     Modified active rules:     [///]

 2001415 - BLEEDING-EDGE Malware E2give Related Downloading IeBHOs.dll (bleeding-malware.rules)
 2001416 - BLEEDING-EDGE Malware E2give Related Reporting Install (bleeding-malware.rules)
 2001417 - BLEEDING-EDGE Malware E2give Related Receiving Config (bleeding-malware.rules)
 2001418 - BLEEDING-EDGE Malware E2give Related Downloading Code (bleeding-malware.rules)
 2001423 - BLEEDING-EDGE Malware E2give Related Reporting (bleeding-malware.rules)
 2003173 - BLEEDING-EDGE EXPLOIT Possible UTF-8 encoded Shellcode Detected (bleeding-exploit.rules)
 2003174 - BLEEDING-EDGE EXPLOIT Possible UTF-16 encoded Shellcode Detected (bleeding-exploit.rules)
 2003405 - BLEEDING-EDGE MALWARE Freeze.com Spyware User-Agent (YourScreen123) (bleeding-malware.rules)
 2400000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2401000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source (bleeding-dshield.rules)
 2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING (bleeding-dshield-BLOCK.rules)
 2404000 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 1)  (bleeding-botcc.rules)
 2404001 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 2)  (bleeding-botcc.rules)
 2404002 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 3)  (bleeding-botcc.rules)
 2404003 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 4)  (bleeding-botcc.rules)
 2404004 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 5)  (bleeding-botcc.rules)
 2404005 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 6)  (bleeding-botcc.rules)
 2405000 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405001 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405002 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405003 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405004 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405005 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-drop-BLOCK.rules (1):
        #  VERSION 127

     -> Added to bleeding-drop.rules (1):
        #  VERSION 127

     -> Added to bleeding-malware.rules (1):
        #from spyware listening post hits

     -> Added to bleeding-sid-msg.map (11):
        2001415 || BLEEDING-EDGE Malware E2give Related Downloading IeBHOs.dll || url,research.sunbelt-software.com/threatdisplay.aspx?name=E2Give&threatid=4728
        2001416 || BLEEDING-EDGE Malware E2give Related Reporting Install || url,research.sunbelt-software.com/threatdisplay.aspx?name=E2Give&threatid=4728
        2001417 || BLEEDING-EDGE Malware E2give Related Receiving Config || url,research.sunbelt-software.com/threatdisplay.aspx?name=E2Give&threatid=4728
        2001418 || BLEEDING-EDGE Malware E2give Related Downloading Code || url,research.sunbelt-software.com/threatdisplay.aspx?name=E2Give&threatid=4728
        2001423 || BLEEDING-EDGE Malware E2give Related Reporting || url,research.sunbelt-software.com/threatdisplay.aspx?name=E2Give&threatid=4728
        2003504 || BLEEDING-EDGE Malware E2give Spyware Reporting (check url) || url,research.sunbelt-software.com/threatdisplay.aspx?name=E2Give&threatid=4728
        2003505 || BLEEDING-EDGE MALWARE Toplist.cz Related Spyware User-Agent (BWL Toplist)
        2003506 || BLEEDING-EDGE MALWARE Alawar Toolbar Spyware User-Agent (Alawar Toolbar) || url,www.bleepingcomputer.com/uninstall/68/Alawar-Toolbar.html
        2003507 || BLEEDING-EDGE CURRENT EVENTS SpaceTalk-QT-js || url,didierstevens.wordpress.com/2007/03/12/p0wned-by-a-qt-movie/
        2404006 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 7)  || url,www.shadowserver.org
        2405006 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE || url,www.shadowserver.org

     -> Added to bleeding.rules (1):
        #by Russ McRee of Expedia

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-drop-BLOCK.rules (1):
        #  VERSION 124

     -> Removed from bleeding-drop.rules (1):
        #  VERSION 124

     -> Removed from bleeding-sid-msg.map (5):
        2001415 || BLEEDING-EDGE Malware E2give Related Downloading IeBHOs.dll
        2001416 || BLEEDING-EDGE Malware E2give Related Reporting Install
        2001417 || BLEEDING-EDGE Malware E2give Related Receiving Config
        2001418 || BLEEDING-EDGE Malware E2give Related Downloading Code
        2001423 || BLEEDING-EDGE Malware E2give Related Reporting





More information about the Snort-sigs mailing list