[Snort-sigs] Bleeding Edge Threats Daily Signature Changes

bleeding at ...3254... bleeding at ...3254...
Sun Oct 28 16:00:12 EDT 2007


[***] Results from Oinkmaster started Sun Oct 28 20:00:12 2007 [***]

[---]         Disabled rules:        [---]

 2006436 - BLEEDING-EDGE CURRENT_EVENTS FireFox Remote Command EXE Mailto Link Detected (bleeding.rules)
 2006437 - BLEEDING-EDGE CURRENT_EVENTS FireFox Remote Command EXE News Link Detected (bleeding.rules)
 2006438 - BLEEDING-EDGE CURRENT_EVENTS FireFox Remote Command EXE Nntp Link Detected (bleeding.rules)
 2006439 - BLEEDING-EDGE CURRENT_EVENTS FireFox Remote Command EXE Snews Link Detected (bleeding.rules)
 2006440 - BLEEDING-EDGE CURRENT_EVENTS FireFox Remote Command EXE Telnet Link Detected (bleeding.rules)
 2007342 - BLEEDING-EDGE CURRENT_EVENTS Vulnerable MS FlashPix ActiveX Control in Use (bleeding.rules)


[---]         Removed rules:         [---]

 2003169 - BLEEDING-EDGE CURRENT EVENTS Microsoft XMLHTTPD CLSID in use - Possible Attack (bleeding.rules)
 2003588 - BLEEDING-EDGE CURRENT EVENTS Worm.Pyks HTTP C&C Traffic (User-Agent skw00001) (bleeding.rules)
 2003589 - BLEEDING-EDGE CURRENT EVENTS Worm.Pyks HTTP C&C Post Traffic (User-Agent h9tslbw0) (bleeding.rules)
 2006358 - BLEEDING-EDGE CURRENT_EVENTS Unknown Bot initial connection open (bleeding.rules)
 2006359 - BLEEDING-EDGE CURRENT_EVENTS Unknown Bot connection second step (bleeding.rules)
 2006360 - BLEEDING-EDGE CURRENT_EVENTS Unknown Bot C&C Channel -- Please report to bleeding at ...3254... (bleeding.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (190):
        2500077 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (78) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500078 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (79) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500079 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (80) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500080 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (81) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500081 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (82) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500082 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (83) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500083 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (84) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500084 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (85) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500085 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (86) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500086 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (87) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500087 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (88) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500088 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (89) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500089 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (90) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500090 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (91) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500091 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (92) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500092 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (93) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500093 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (94) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500094 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (95) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500095 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (96) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500096 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (97) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500097 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (98) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500098 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (99) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500099 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (100) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500100 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (101) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500101 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (102) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500102 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (103) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500103 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (104) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500104 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (105) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500105 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (106) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500106 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (107) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500107 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (108) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500108 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (109) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500109 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (110) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500110 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (111) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500111 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (112) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500112 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (113) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500113 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (114) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500114 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (115) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500115 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (116) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500116 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (117) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500117 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (118) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500118 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (119) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500119 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (120) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500120 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (121) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500121 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (122) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500122 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (123) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500123 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (124) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500124 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (125) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500125 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (126) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500126 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (127) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500127 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (128) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500128 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (129) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500129 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (130) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500130 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (131) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500131 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (132) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500132 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (133) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500133 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (134) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500134 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (135) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500135 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (136) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500136 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (137) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500137 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (138) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500138 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (139) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500139 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (140) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500140 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (141) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500141 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (142) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500142 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (143) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500143 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (144) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500144 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (145) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500145 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (146) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500146 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (147) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500147 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (148) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500148 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (149) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500149 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (150) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500150 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (151) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500151 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (152) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500152 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (153) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500153 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (154) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500154 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (155) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500155 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (156) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500156 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (157) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500157 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (158) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500158 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (159) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500159 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (160) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500160 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (161) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500161 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (162) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500162 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (163) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500163 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (164) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500164 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (165) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500165 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (166) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500166 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (167) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500167 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (168) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500168 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (169) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500169 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (170) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500170 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (171) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500171 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (172) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510077 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (78) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510078 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (79) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510079 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (80) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510080 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (81) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510081 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (82) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510082 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (83) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510083 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (84) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510084 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (85) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510085 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (86) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510086 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (87) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510087 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (88) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510088 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (89) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510089 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (90) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510090 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (91) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510091 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (92) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510092 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (93) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510093 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (94) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510094 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (95) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510095 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (96) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510096 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (97) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510097 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (98) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510098 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (99) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510099 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (100) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510100 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (101) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510101 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (102) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510102 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (103) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510103 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (104) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510104 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (105) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510105 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (106) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510106 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (107) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510107 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (108) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510108 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (109) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510109 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (110) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510110 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (111) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510111 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (112) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510112 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (113) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510113 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (114) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510114 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (115) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510115 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (116) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510116 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (117) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510117 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (118) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510118 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (119) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510119 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (120) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510120 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (121) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510121 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (122) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510122 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (123) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510123 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (124) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510124 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (125) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510125 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (126) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510126 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (127) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510127 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (128) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510128 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (129) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510129 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (130) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510130 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (131) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510131 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (132) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510132 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (133) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510133 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (134) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510134 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (135) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510135 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (136) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510136 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (137) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510137 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (138) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510138 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (139) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510139 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (140) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510140 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (141) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510141 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (142) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510142 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (143) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510143 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (144) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510144 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (145) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510145 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (146) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510146 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (147) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510147 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (148) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510148 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (149) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510149 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (150) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510150 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (151) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510151 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (152) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510152 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (153) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510153 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (154) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510154 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (155) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510155 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (156) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510156 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (157) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510157 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (158) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510158 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (159) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510159 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (160) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510160 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (161) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510161 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (162) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510162 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (163) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510163 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (164) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510164 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (165) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510165 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (166) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510166 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (167) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510167 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (168) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510168 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (169) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510169 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (170) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510170 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (171) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510171 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (172) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts

     -> Added to bleeding.rules (1):
        #threat passed, too high load to keep for long term. To be removed soon

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (6):
        2003169 || BLEEDING-EDGE CURRENT EVENTS Microsoft XMLHTTPD CLSID in use - Possible Attack || cve,2006-5745 || url,www.microsoft.com/technet/security/Bulletin/MS06-071.mspx || url,www.microsoft.com/technet/security/advisory/927892.mspx || url,www.frsirt.com/english/advisories/2006/4334
        2003588 || BLEEDING-EDGE CURRENT EVENTS Worm.Pyks HTTP C&C Traffic (User-Agent skw00001) || url,doc.bleedingthreats.net/2003588
        2003589 || BLEEDING-EDGE CURRENT EVENTS Worm.Pyks HTTP C&C Post Traffic (User-Agent h9tslbw0) || url,doc.bleedingthreats.net/2003589
        2006358 || BLEEDING-EDGE CURRENT_EVENTS Unknown Bot initial connection open
        2006359 || BLEEDING-EDGE CURRENT_EVENTS Unknown Bot connection second step
        2006360 || BLEEDING-EDGE CURRENT_EVENTS Unknown Bot C&C Channel -- Please report to bleeding at ...3254...

     -> Removed from bleeding.rules (9):
        #may not last long, so putting this in current events until more information and a better sig is available.
        #matt Jonkman
        #set for deletion
        #by matt jonkman
        # some new bot. uses some new C&C method, this should detect it. Haven't decrypted the comunication yet
        # AV does not have a name for it yet
        #by matt Jonkman, sample submitted anonymously
        # I'm putting these sigs in current events because the worm will likely morph quickly making them obsolete.
        # If it doesn't we'll move these into a permanent ruleset





More information about the Snort-sigs mailing list