[Snort-sigs] Bleeding Edge Threats Daily Signature Changes

bleeding at ...3254... bleeding at ...3254...
Tue Nov 13 15:00:11 EST 2007


[***] Results from Oinkmaster started Tue Nov 13 20:00:11 2007 [***]

[+++]          Added rules:          [+++]

 2007692 - BLEEDING-EDGE TROJAN Basine Trojan Checkin (bleeding-virus.rules)
 2007693 - BLEEDING-EDGE MALWARE Zredirector.com Related Spyware User Agent (BndDriveLoader) (bleeding-malware.rules)
 2007694 - BLEEDING-EDGE MALWARE Popads123.com Related Spyware User Agent (LmaokaazLdr) (bleeding-malware.rules)
 2007695 - BLEEDING-EDGE POLICY Windows 98 User-Agent Detected - Possible Malware or Non-Updated System (bleeding-policy.rules)
 2007696 - BLEEDING-EDGE MALWARE Softwarereferral.com Adware Checkin (bleeding-malware.rules)
 2406006 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains (3) (bleeding-rbn.rules)
 2406007 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains (4) (bleeding-rbn.rules)
 2407006 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains - BLOCKING (3) (bleeding-rbn-BLOCK.rules)
 2407007 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains - BLOCKING (4) (bleeding-rbn-BLOCK.rules)


[///]     Modified active rules:     [///]

 2007603 - BLEEDING-EDGE TROJAN Proxy.Win32.Wopla.ag Check-In (bleeding-virus.rules)
 2007604 - BLEEDING-EDGE TROJAN Proxy.Win32.Wopla.ag Server Reply (bleeding-virus.rules)
 2406003 - BLEEDING-EDGE RBN Known Russian Business Network Traffic - Known Trojan C&Cs (bleeding-rbn.rules)
 2406004 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains (1) (bleeding-rbn.rules)
 2406005 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains (2) (bleeding-rbn.rules)
 2407000 - BLEEDING-EDGE RBN Known Russian Business Network Traffic - Hosting Nets - BLOCKING (bleeding-rbn-BLOCK.rules)
 2407001 - BLEEDING-EDGE RBN Known Russian Business Network Traffic - Individual Hosts - BLOCKING (bleeding-rbn-BLOCK.rules)
 2407002 - BLEEDING-EDGE RBN Known Russian Business Network Traffic - Chinese Nets - BLOCKING (bleeding-rbn-BLOCK.rules)
 2407003 - BLEEDING-EDGE RBN Known Russian Business Network Traffic - Known Trojan C&Cs - BLOCKING (bleeding-rbn-BLOCK.rules)
 2407004 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains - BLOCKING (1) (bleeding-rbn-BLOCK.rules)
 2407005 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains - BLOCKING (2) (bleeding-rbn-BLOCK.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-malware.rules (1):
        #by matt Jonkman, from the sandnet

     -> Added to bleeding-policy.rules (4):
        #this sig is to catch HTTP User agents that specify Windows 98 as the platform
        # Mostly to catch spyware and auto-downloaders that still use these as fake User Agent strings
        # You may also use this to catch any local win98 machines if they're no longer supposed to be in production
        #  (which for goodness sake they shouldn't!! Haven't been patched for years!)

     -> Added to bleeding-rbn-BLOCK.rules (3):
        #Anserin/Torpig/Sinowal hosts
        #  VERSION 8
        #  Updated 2007-11-12 23:25:12

     -> Added to bleeding-rbn.rules (3):
        #Anserin/Torpig/Sinowal hosts
        #  VERSION 8
        #  Updated 2007-11-12 23:25:12

     -> Added to bleeding-sid-msg.map (164):
        2007692 || BLEEDING-EDGE TROJAN Basine Trojan Checkin
        2007693 || BLEEDING-EDGE MALWARE Zredirector.com Related Spyware User Agent (BndDriveLoader)
        2007694 || BLEEDING-EDGE MALWARE Popads123.com Related Spyware User Agent (LmaokaazLdr)
        2007695 || BLEEDING-EDGE POLICY Windows 98 User-Agent Detected - Possible Malware or Non-Updated System || url.doc.bleedingthreats.net/bin/view/Main/Windows98UA
        2007696 || BLEEDING-EDGE MALWARE Softwarereferral.com Adware Checkin
        2406003 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Known Trojan C&Cs || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2406004 || BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains (1) || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2406005 || BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains (2) || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2406006 || BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains (3) || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2406007 || BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains (4) || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407000 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Hosting Nets - BLOCKING || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407001 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Individual Hosts - BLOCKING || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407002 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Chinese Nets - BLOCKING || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407003 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Known Trojan C&Cs - BLOCKING || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407004 || BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains - BLOCKING (1) || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407005 || BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains - BLOCKING (2) || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407006 || BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains - BLOCKING (3) || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407007 || BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains - BLOCKING (4) || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2500096 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (97) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500097 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (98) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500098 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (99) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500099 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (100) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500100 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (101) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500101 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (102) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500102 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (103) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500103 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (104) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500104 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (105) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500105 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (106) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500106 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (107) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500107 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (108) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500108 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (109) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500109 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (110) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500110 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (111) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500111 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (112) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500112 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (113) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500113 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (114) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500114 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (115) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500115 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (116) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500116 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (117) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500117 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (118) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500118 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (119) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500119 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (120) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500120 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (121) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500121 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (122) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500122 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (123) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500123 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (124) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500124 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (125) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500125 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (126) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500126 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (127) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500127 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (128) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500128 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (129) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500129 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (130) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500130 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (131) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500131 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (132) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500132 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (133) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500133 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (134) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500134 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (135) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500135 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (136) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500136 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (137) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500137 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (138) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500138 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (139) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500139 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (140) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500140 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (141) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500141 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (142) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500142 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (143) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500143 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (144) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500144 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (145) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500145 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (146) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500146 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (147) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500147 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (148) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500148 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (149) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500149 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (150) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500150 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (151) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500151 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (152) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500152 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (153) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500153 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (154) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500154 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (155) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500155 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (156) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500156 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (157) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500157 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (158) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500158 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (159) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500159 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (160) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500160 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (161) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500161 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (162) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500162 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (163) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500163 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (164) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500164 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (165) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500165 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (166) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500166 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (167) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500167 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (168) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500168 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (169) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510096 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (97) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510097 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (98) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510098 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (99) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510099 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (100) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510100 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (101) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510101 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (102) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510102 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (103) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510103 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (104) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510104 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (105) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510105 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (106) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510106 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (107) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510107 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (108) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510108 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (109) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510109 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (110) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510110 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (111) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510111 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (112) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510112 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (113) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510113 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (114) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510114 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (115) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510115 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (116) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510116 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (117) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510117 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (118) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510118 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (119) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510119 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (120) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510120 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (121) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510121 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (122) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510122 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (123) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510123 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (124) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510124 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (125) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510125 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (126) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510126 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (127) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510127 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (128) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510128 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (129) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510129 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (130) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510130 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (131) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510131 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (132) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510132 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (133) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510133 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (134) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510134 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (135) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510135 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (136) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510136 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (137) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510137 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (138) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510138 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (139) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510139 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (140) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510140 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (141) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510141 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (142) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510142 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (143) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510143 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (144) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510144 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (145) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510145 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (146) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510146 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (147) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510147 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (148) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510148 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (149) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510149 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (150) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510150 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (151) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510151 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (152) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510152 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (153) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510153 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (154) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510154 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (155) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510155 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (156) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510156 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (157) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510157 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (158) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510158 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (159) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510159 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (160) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510160 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (161) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510161 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (162) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510162 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (163) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510163 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (164) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510164 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (165) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510165 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (166) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510166 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (167) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510167 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (168) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510168 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (169) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts

     -> Added to bleeding-virus.rules (1):
        #by matt Jonkman, from sandnet analysis

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-rbn-BLOCK.rules (2):
        #  VERSION 6
        #  Updated 2007-11-11 12:45:40

     -> Removed from bleeding-rbn.rules (2):
        #  VERSION 6
        #  Updated 2007-11-11 12:45:40

     -> Removed from bleeding-sid-msg.map (9):
        2406003 || BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains (1) || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2406004 || BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains (2) || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2406005 || BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains (3) || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407000 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Hosting Nets || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407001 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Individual Hosts || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407002 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Chinese Nets || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407003 || BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains - BLOCKING (1) || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407004 || BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains - BLOCKING (2) || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407005 || BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains - BLOCKING (3) || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork





More information about the Snort-sigs mailing list