[Snort-sigs] Bleeding Edge Threats Daily Signature Changes

bleeding at ...3254... bleeding at ...3254...
Mon Oct 29 16:00:12 EDT 2007


[***] Results from Oinkmaster started Mon Oct 29 20:00:12 2007 [***]

[+++]          Added rules:          [+++]

 2003588 - BLEEDING-EDGE CURRENT EVENTS Worm.Pyks HTTP C&C Traffic (User-Agent skw00001) (bleeding-virus.rules)
 2003589 - BLEEDING-EDGE CURRENT EVENTS Worm.Pyks HTTP C&C Post Traffic (User-Agent h9tslbw0) (bleeding-virus.rules)
 2007642 - BLEEDING-EDGE MALWARE Viruscheck.co.kr Related Fake Anti-Spyware Post (chkvs) (bleeding-malware.rules)
 2007643 - BLEEDING-EDGE MALWARE Viruscheck.co.kr Fake Antispyware User Agent (viruscheck ctrl...) (bleeding-malware.rules)
 2007644 - BLEEDING-EDGE TROJAN Win32.Agent.cah Checkin Request (bleeding-virus.rules)
 2007645 - BLEEDING-EDGE MALWARE Ufixer.com Fake Antispyware User Agent (Ultimate Fixer) (bleeding-malware.rules)
 2007646 - BLEEDING-EDGE TROJAN Farfli Useragent Detected (bleeding-virus.rules)
 2007647 - BLEEDING-EDGE MALWARE Casalemedia.com Related User Agent (0\:0\:...) (bleeding-malware.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-malware.rules (4):
        #more from the same folks
        #from the sandnet, by matt jonkman
        #from the spyware lp
        # by matt jonkman

     -> Added to bleeding-sid-msg.map (140):
        2003588 || BLEEDING-EDGE CURRENT EVENTS Worm.Pyks HTTP C&C Traffic (User-Agent skw00001) || url,doc.bleedingthreats.net/2003588
        2003589 || BLEEDING-EDGE CURRENT EVENTS Worm.Pyks HTTP C&C Post Traffic (User-Agent h9tslbw0) || url,doc.bleedingthreats.net/2003589
        2007642 || BLEEDING-EDGE MALWARE Viruscheck.co.kr Related Fake Anti-Spyware Post (chkvs)
        2007643 || BLEEDING-EDGE MALWARE Viruscheck.co.kr Fake Antispyware User Agent (viruscheck ctrl...)
        2007644 || BLEEDING-EDGE TROJAN Win32.Agent.cah Checkin Request
        2007645 || BLEEDING-EDGE MALWARE Ufixer.com Fake Antispyware User Agent (Ultimate Fixer)
        2007646 || BLEEDING-EDGE TROJAN Farfli Useragent Detected
        2007647 || BLEEDING-EDGE MALWARE Casalemedia.com Related User Agent (0\:0\:...)
        2500172 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (173) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500173 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (174) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500174 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (175) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500175 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (176) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500176 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (177) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500177 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (178) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500178 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (179) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500179 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (180) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500180 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (181) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500181 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (182) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500182 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (183) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500183 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (184) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500184 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (185) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500185 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (186) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500186 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (187) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500187 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (188) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500188 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (189) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500189 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (190) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500190 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (191) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500191 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (192) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500192 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (193) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500193 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (194) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500194 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (195) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500195 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (196) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500196 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (197) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500197 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (198) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500198 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (199) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500199 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (200) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500200 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (201) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500201 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (202) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500202 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (203) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500203 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (204) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500204 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (205) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500205 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (206) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500206 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (207) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500207 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (208) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500208 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (209) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500209 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (210) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500210 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (211) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500211 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (212) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500212 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (213) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500213 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (214) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500214 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (215) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500215 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (216) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500216 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (217) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500217 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (218) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500218 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (219) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500219 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (220) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500220 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (221) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500221 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (222) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500222 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (223) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500223 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (224) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500224 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (225) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500225 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (226) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500226 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (227) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500227 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (228) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500228 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (229) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500229 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (230) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500230 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (231) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500231 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (232) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500232 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (233) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500233 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (234) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500234 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (235) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500235 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (236) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500236 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (237) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500237 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (238) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510172 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (173) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510173 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (174) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510174 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (175) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510175 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (176) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510176 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (177) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510177 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (178) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510178 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (179) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510179 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (180) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510180 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (181) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510181 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (182) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510182 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (183) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510183 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (184) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510184 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (185) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510185 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (186) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510186 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (187) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510187 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (188) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510188 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (189) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510189 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (190) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510190 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (191) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510191 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (192) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510192 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (193) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510193 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (194) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510194 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (195) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510195 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (196) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510196 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (197) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510197 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (198) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510198 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (199) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510199 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (200) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510200 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (201) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510201 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (202) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510202 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (203) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510203 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (204) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510204 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (205) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510205 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (206) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510206 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (207) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510207 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (208) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510208 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (209) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510209 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (210) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510210 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (211) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510211 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (212) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510212 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (213) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510213 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (214) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510214 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (215) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510215 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (216) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510216 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (217) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510217 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (218) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510218 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (219) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510219 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (220) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510220 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (221) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510221 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (222) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510222 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (223) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510223 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (224) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510224 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (225) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510225 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (226) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510226 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (227) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510227 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (228) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510228 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (229) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510229 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (230) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510230 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (231) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510231 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (232) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510232 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (233) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510233 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (234) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510234 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (235) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510235 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (236) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510236 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (237) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510237 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (238) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts

     -> Added to bleeding-virus.rules (7):
        #from the sandnet
        #this sig is experimental. It appears to use a base64 encoded user-agent
        #  it's very long, no spaces or punctuation, which is what we can key on
        #  please report load or fp problems
        #by matt Jonkman, sample submitted anonymously
        # I'm putting these sigs in current events because the worm will likely morph quickly making them obsolete.
        # If it doesn't we'll move these into a permanent ruleset





More information about the Snort-sigs mailing list