[Snort-sigs] Bleeding Edge Threats Weekly Signature Changes

bleeding at ...3254... bleeding at ...3254...
Fri Nov 30 17:00:12 EST 2007


[***] Results from Oinkmaster started Fri Nov 30 22:00:12 2007 [***]

[+++]          Added rules:          [+++]

 2007703 - BLEEDING-EDGE WEB-CLIENT Apple Quicktime RTSP Content-Type overflow attempt (bleeding-web.rules)


[///]     Modified active rules:     [///]

 2003173 - BLEEDING-EDGE EXPLOIT Possible UTF-8 encoded Shellcode Detected (bleeding-exploit.rules)
 2003174 - BLEEDING-EDGE EXPLOIT Possible UTF-16 encoded Shellcode Detected (bleeding-exploit.rules)


[---]         Disabled rules:        [---]

 2007665 - BLEEDING-EDGE TROJAN Win32.Agent.GRW Checkin via HTTP (bleeding-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (1):
        2007703 || BLEEDING-EDGE WEB-CLIENT Apple Quicktime RTSP Content-Type overflow attempt || url,www.milw0rm.com/exploits/4657 || url,www.kb.cert.org/vuls/id/659761

     -> Added to bleeding-virus.rules (1):
        # Duplicate of sid:2007644, without nocase qualifiers.

     -> Added to bleeding-web.rules (1):
        #Joint contribution from Andre Ludwig, Blake Hartstein, and Chris Byrd at riosec.com





More information about the Snort-sigs mailing list