[Snort-sigs] Bleeding Edge Threats Daily Signature Changes

bleeding at ...3254... bleeding at ...3254...
Wed Nov 14 15:00:18 EST 2007


[***] Results from Oinkmaster started Wed Nov 14 20:00:18 2007 [***]

[+++]          Added rules:          [+++]

 2007697 - BLEEDING-EDGE MALWARE Antivirgear.com Fake Anti-Spyware User Agent (AntiVirGear) (bleeding-malware.rules)
 2007698 - BLEEDING-EDGE TROJAN Vanquish Trojan HTTP Checkin (bleeding-virus.rules)
 2007699 - BLEEDING-EDGE TROJAN Banker.Delf User-Agent (WINDOWS_LOADS) (bleeding-virus.rules)
 2007700 - BLEEDING-EDGE TROJAN ExplorerHijack Trojan HTTP Checkin (bleeding-virus.rules)
 2007701 - BLEEDING-EDGE TROJAN Storm Worm Encrypted Variant 1 Traffic (1) (bleeding-virus.rules)
 2007702 - BLEEDING-EDGE TROJAN Storm Worm Encrypted Variant 1 Traffic (2) (bleeding-virus.rules)


[///]     Modified active rules:     [///]

 2007602 - BLEEDING-EDGE MALWARE Advertisementserver.com Spyware Checkin (bleeding-malware.rules)
 2007611 - BLEEDING-EDGE POLICY Possible Infection Report Mail - Indy Mail lib and No Message Body - Priority 1 (bleeding-policy.rules)
 2007612 - BLEEDING-EDGE POLICY Possible Infection Report Mail - Indy Mail lib and No Message Body - Priority 3 (bleeding-policy.rules)


[---]         Disabled rules:        [---]

 2006411 - BLEEDING-EDGE TROJAN Storm Worm HTTP Request (bleeding-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (126):
        2007697 || BLEEDING-EDGE MALWARE Antivirgear.com Fake Anti-Spyware User Agent (AntiVirGear)
        2007698 || BLEEDING-EDGE TROJAN Vanquish Trojan HTTP Checkin
        2007699 || BLEEDING-EDGE TROJAN Banker.Delf User-Agent (WINDOWS_LOADS)
        2007700 || BLEEDING-EDGE TROJAN ExplorerHijack Trojan HTTP Checkin
        2007701 || BLEEDING-EDGE TROJAN Storm Worm Encrypted Variant 1 Traffic (1)
        2007702 || BLEEDING-EDGE TROJAN Storm Worm Encrypted Variant 1 Traffic (2)
        2500169 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (170) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500170 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (171) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500171 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (172) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500172 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (173) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500173 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (174) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500174 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (175) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500175 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (176) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500176 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (177) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500177 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (178) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500178 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (179) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500179 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (180) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500180 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (181) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500181 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (182) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500182 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (183) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500183 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (184) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500184 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (185) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500185 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (186) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500186 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (187) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500187 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (188) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500188 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (189) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500189 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (190) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500190 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (191) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500191 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (192) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500192 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (193) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500193 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (194) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500194 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (195) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500195 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (196) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500196 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (197) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500197 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (198) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500198 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (199) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500199 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (200) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500200 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (201) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500201 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (202) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500202 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (203) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500203 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (204) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500204 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (205) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500205 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (206) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500206 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (207) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500207 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (208) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500208 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (209) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500209 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (210) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500210 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (211) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500211 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (212) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500212 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (213) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500213 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (214) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500214 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (215) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500215 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (216) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500216 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (217) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500217 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (218) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500218 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (219) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500219 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (220) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500220 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (221) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500221 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (222) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500222 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (223) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500223 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (224) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500224 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (225) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500225 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (226) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500226 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (227) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500227 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (228) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500228 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (229) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510169 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (170) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510170 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (171) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510171 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (172) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510172 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (173) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510173 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (174) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510174 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (175) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510175 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (176) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510176 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (177) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510177 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (178) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510178 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (179) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510179 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (180) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510180 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (181) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510181 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (182) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510182 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (183) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510183 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (184) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510184 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (185) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510185 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (186) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510186 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (187) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510187 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (188) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510188 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (189) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510189 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (190) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510190 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (191) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510191 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (192) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510192 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (193) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510193 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (194) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510194 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (195) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510195 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (196) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510196 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (197) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510197 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (198) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510198 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (199) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510199 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (200) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510200 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (201) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510201 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (202) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510202 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (203) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510203 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (204) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510204 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (205) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510205 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (206) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510206 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (207) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510207 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (208) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510208 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (209) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510209 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (210) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510210 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (211) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510211 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (212) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510212 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (213) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510213 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (214) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510214 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (215) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510215 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (216) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510216 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (217) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510217 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (218) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510218 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (219) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510219 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (220) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510220 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (221) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510221 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (222) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510222 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (223) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510223 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (224) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510224 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (225) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510225 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (226) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510226 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (227) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510227 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (228) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510228 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (229) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts

     -> Added to bleeding-virus.rules (6):
        #from sandnet, by Matt Jonkman
        #disabling, current variants don't seem to be using this scheme, high load rule
        #adding these for a specific storm variant that is encrypting traffic.
        # Temporary, there has so far been only one key used, no others have been detected here. This has remained for
        #  at last a month, so may stay a while. These sigs are for THIS VARIANT'S KEY ONLY
        #from sandnet analysis, by matt Jonkman





More information about the Snort-sigs mailing list