[Snort-sigs] Bleeding Edge Threats Daily Signature Changes

bleeding at ...3254... bleeding at ...3254...
Tue Oct 30 16:00:12 EDT 2007


[***] Results from Oinkmaster started Tue Oct 30 20:00:12 2007 [***]

[+++]          Added rules:          [+++]

 2007648 - BLEEDING-EDGE MALWARE Suspicious Spyware User Agent (XXX) (bleeding-malware.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (71):
        2007648 || BLEEDING-EDGE MALWARE Suspicious Spyware User Agent (XXX)
        2406000 || BLEEDING-EDGE RBN Known Russian Business Network Host Traffic (1) || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2406001 || BLEEDING-EDGE RBN Known Russian Business Network Host Traffic (2) || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2406002 || BLEEDING-EDGE RBN Known Russian Business Network Host Traffic (3) || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2406003 || BLEEDING-EDGE RBN Known Russian Business Network Host Traffic (4) || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2406004 || BLEEDING-EDGE RBN Known Russian Business Network Host Traffic (5) || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2406005 || BLEEDING-EDGE RBN Known Russian Business Network Host Traffic (6) || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2406006 || BLEEDING-EDGE RBN Known Russian Business Network Host Traffic (7) || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2406007 || BLEEDING-EDGE RBN Known Russian Business Network Host Traffic (8) || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407000 || BLEEDING-EDGE RBN Known Russian Business Network Host Traffic - BLOCKING (1) || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407001 || BLEEDING-EDGE RBN Known Russian Business Network Host Traffic - BLOCKING (2) || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407002 || BLEEDING-EDGE RBN Known Russian Business Network Host Traffic - BLOCKING (3) || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407003 || BLEEDING-EDGE RBN Known Russian Business Network Host Traffic - BLOCKING (4) || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407004 || BLEEDING-EDGE RBN Known Russian Business Network Host Traffic - BLOCKING (5) || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407005 || BLEEDING-EDGE RBN Known Russian Business Network Host Traffic - BLOCKING (6) || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407006 || BLEEDING-EDGE RBN Known Russian Business Network Host Traffic - BLOCKING (7) || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407007 || BLEEDING-EDGE RBN Known Russian Business Network Host Traffic - BLOCKING (8) || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2500238 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (239) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500239 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (240) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500240 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (241) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500241 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (242) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500242 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (243) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500243 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (244) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500244 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (245) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500245 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (246) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500246 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (247) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500247 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (248) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500248 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (249) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500249 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (250) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500250 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (251) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500251 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (252) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500252 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (253) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500253 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (254) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500254 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (255) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500255 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (256) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500256 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (257) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500257 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (258) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500258 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (259) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500259 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (260) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500260 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (261) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500261 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (262) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500262 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (263) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500263 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (264) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500264 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (265) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510238 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (239) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510239 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (240) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510240 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (241) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510241 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (242) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510242 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (243) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510243 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (244) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510244 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (245) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510245 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (246) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510246 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (247) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510247 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (248) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510248 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (249) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510249 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (250) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510250 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (251) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510251 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (252) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510252 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (253) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510253 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (254) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510254 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (255) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510255 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (256) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510256 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (257) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510257 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (258) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510258 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (259) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510259 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (260) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510260 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (261) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510261 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (262) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510262 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (263) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510263 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (264) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510264 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (265) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts

[+] Added files (consider updating your snort.conf to include them if needed): [+]

    -> bleeding-rbn-BLOCK.rules
    -> bleeding-rbn.rules





More information about the Snort-sigs mailing list