[Snort-sigs] Bleeding Edge Threats Daily Signature Changes

bleeding at ...3254... bleeding at ...3254...
Thu Nov 1 16:00:13 EDT 2007


[***] Results from Oinkmaster started Thu Nov  1 20:00:13 2007 [***]

[+++]          Added rules:          [+++]

 2007649 - BLEEDING-EDGE MALWARE Spylog.ru Related Spyware Checkin (bleeding-malware.rules)
 2007650 - BLEEDING-EDGE CURRENT_EVENTS Mac Trojan HTTP Checkin (accept-language violation) (bleeding.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-malware.rules (2):
        #from sandnet data
        #by matt jonkman

     -> Added to bleeding-sid-msg.map (30):
        2007649 || BLEEDING-EDGE MALWARE Spylog.ru Related Spyware Checkin
        2007650 || BLEEDING-EDGE CURRENT_EVENTS Mac Trojan HTTP Checkin (accept-language violation)
        2500332 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (333) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500333 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (334) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500334 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (335) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500335 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (336) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500336 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (337) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500337 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (338) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500338 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (339) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500339 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (340) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500340 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (341) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500341 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (342) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500342 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (343) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500343 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (344) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500344 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (345) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500345 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (346) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510332 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (333) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510333 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (334) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510334 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (335) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510335 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (336) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510336 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (337) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510337 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (338) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510338 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (339) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510339 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (340) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510340 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (341) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510341 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (342) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510342 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (343) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510343 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (344) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510344 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (345) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510345 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (346) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts

     -> Added to bleeding.rules (3):
        #needs a better name
        #info from Bojan at ISC and Russell Fulton
        # sig by Russell and Matt Jonkman





More information about the Snort-sigs mailing list