[Snort-sigs] Emerging Threats Daily Signature Changes

emerging at ...3335... emerging at ...3335...
Fri Apr 4 17:00:11 EDT 2008


[***] Results from Oinkmaster started Fri Apr  4 17:00:11 2008 [***]

[+++]          Added rules:          [+++]

 2008098 - ET MALWARE Suspicious User-Agent (GOOGLE) (bleeding-malware.rules)
 2008099 - ET EXPLOIT ChilkatHttp ActiveX 2.3 Arbitrary Files Overwrite (bleeding-exploit.rules)
 2008100 - ET TROJAN PRG/wnspoem/Zeus InfoStealer Trojan Config Download (bleeding-virus.rules)


[///]     Modified active rules:     [///]

 2000026 - ET MALWARE Gator Agent Traffic (bleeding-malware.rules)
 2007607 - ET MALWARE Zango Spyware Post (bleeding-malware.rules)
 2008055 - ET TROJAN Win32.Inject.ajq Initial Checkin to CnC (bleeding-virus.rules)
 2008058 - ET TROJAN Win32.Inject.ajq Initial Checkin to CnC port 443 (bleeding-virus.rules)


[---]         Removed rules:         [---]

 2008095 - ET TROJAN LDPinch Checkin (9) (bleeding-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-exploit.rules (1):
        #by Chandan S at Stillsecure

     -> Added to bleeding-sid-msg.map (4):
        2007607 || ET MALWARE Zango Spyware Post || url,usa.kaspersky.com/about-us/news-press-releases.php?smnr_id=900000045
        2008098 || ET MALWARE Suspicious User-Agent (GOOGLE)
        2008099 || ET EXPLOIT ChilkatHttp ActiveX 2.3 Arbitrary Files Overwrite || url,www.milw0rm.com/exploits/5338 || bugtraq,28546
        2008100 || ET TROJAN PRG/wnspoem/Zeus InfoStealer Trojan Config Download

     -> Added to bleeding-sid-msg.map.txt (4):
        2007607 || ET MALWARE Zango Spyware Post || url,usa.kaspersky.com/about-us/news-press-releases.php?smnr_id=900000045
        2008098 || ET MALWARE Suspicious User-Agent (GOOGLE)
        2008099 || ET EXPLOIT ChilkatHttp ActiveX 2.3 Arbitrary Files Overwrite || url,www.milw0rm.com/exploits/5338 || bugtraq,28546
        2008100 || ET TROJAN PRG/wnspoem/Zeus InfoStealer Trojan Config Download

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (2):
        2007607 || ET MALWARE Zango Spyware version 10.0 Post || url,usa.kaspersky.com/about-us/news-press-releases.php?smnr_id=900000045
        2008095 || ET TROJAN LDPinch Checkin (9)

     -> Removed from bleeding-sid-msg.map.txt (2):
        2007607 || ET MALWARE Zango Spyware version 10.0 Post || url,usa.kaspersky.com/about-us/news-press-releases.php?smnr_id=900000045
        2008095 || ET TROJAN LDPinch Checkin (9)





More information about the Snort-sigs mailing list