[Snort-sigs] Bleeding Edge Threats Daily Signature Changes

bleeding at ...3254... bleeding at ...3254...
Mon Oct 8 20:00:15 EDT 2007


[***] Results from Oinkmaster started Tue Oct  9 00:00:14 2007 [***]

[+++]          Added rules:          [+++]

 2007627 - BLEEDING-EDGE POLICY Hyves Login Attempt (bleeding-policy.rules)
 2007628 - BLEEDING-EDGE POLICY Hyves Inbox Access (bleeding-policy.rules)
 2007629 - BLEEDING-EDGE POLICY Hyves Message Access (bleeding-policy.rules)
 2007630 - BLEEDING-EDGE POLICY Hyves Compose Message (bleeding-policy.rules)
 2007631 - BLEEDING-EDGE POLICY Hyves Message Submit (bleeding-policy.rules)


[///]     Modified active rules:     [///]

 2003649 - BLEEDING-EDGE TROJAN Hupinon User Agent Detected (SykO) (bleeding-virus.rules)
 2003932 - BLEEDING-EDGE TROJAN Hupinon User Agent Detected (IE_7.0) (bleeding-virus.rules)
 2007592 - BLEEDING-EDGE TROJAN Hupinon URL Infection Checkin Detected (bleeding-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-policy.rules (3):
        #Dutch myspace style social networking site. Not a security threat, just a generally not permissable thing for the workplace
        # by Cees Elzinga
        # Both hyves.nl and hyves.net are used, so check for "hyves."

     -> Added to bleeding-sid-msg.map (32):
        2003649 || BLEEDING-EDGE TROJAN Hupinon User Agent Detected (SykO)
        2003932 || BLEEDING-EDGE TROJAN Hupinon User Agent Detected (IE_7.0)
        2007592 || BLEEDING-EDGE TROJAN Hupinon URL Infection Checkin Detected
        2007627 || BLEEDING-EDGE POLICY Hyves Login Attempt
        2007628 || BLEEDING-EDGE POLICY Hyves Inbox Access
        2007629 || BLEEDING-EDGE POLICY Hyves Message Access
        2007630 || BLEEDING-EDGE POLICY Hyves Compose Message
        2007631 || BLEEDING-EDGE POLICY Hyves Message Submit
        2500602 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (603) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500603 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (604) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500604 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (605) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500605 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (606) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500606 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (607) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500607 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (608) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500608 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (609) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500609 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (610) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500610 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (611) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500611 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (612) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500612 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (613) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500613 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (614) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510602 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (603) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510603 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (604) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510604 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (605) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510605 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (606) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510606 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (607) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510607 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (608) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510608 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (609) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510609 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (610) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510610 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (611) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510611 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (612) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510612 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (613) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510613 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (614) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (3):
        2003649 || BLEEDING-EDGE TROJAN Hupingon User Agent Detected (SykO)
        2003932 || BLEEDING-EDGE TROJAN Hupingon User Agent Detected (IE_7.0)
        2007592 || BLEEDING-EDGE TROJAN Hupingon URL Infection Checkin Detected





More information about the Snort-sigs mailing list