[Snort-sigs] Emerging Threats Weekly Signature Changes

emerging at ...3335... emerging at ...3335...
Sat Apr 5 19:00:09 EDT 2008


[***] Results from Oinkmaster started Sat Apr  5 19:00:09 2008 [***]

[+++]          Added rules:          [+++]

 2008067 - ET MALWARE Kwsearchguide.com Related Spyware Checkin (bleeding-malware.rules)
 2008069 - ET MALWARE Kwsearchguide.com Related Spyware Keepalive (bleeding-malware.rules)
 2008070 - ET POLICY Windows 98 User-Agent Detected - Possible Malware or Non-Updated System (Win98) (bleeding-policy.rules)
 2008071 - ET TROJAN Delf Checkin via HTTP (6) (bleeding-virus.rules)
 2008072 - ET TROJAN LDPinch Checkin (5) (bleeding-virus.rules)
 2008073 - ET MALWARE Suspicious User-Agent (App4) (bleeding-malware.rules)
 2008074 - ET TROJAN Banload User-Agent Detected (WebUpdate) (bleeding-virus.rules)
 2008075 - ET TROJAN LDPinch Checkin (6) (bleeding-virus.rules)
 2008076 - ET TROJAN General Downloader URL Pattern (/loader/setup.php) (bleeding-virus.rules)
 2008077 - ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE Request (foolsday.exe) (bleeding.rules)
 2008078 - ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE Request (funny.exe) (bleeding.rules)
 2008079 - ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE Request (kickme.exe) (bleeding.rules)
 2008080 - ET CURRENT_EVENTS Real Player rmoc3260.dll ActiveX Remote Code Execution Exploit (bleeding.rules)
 2008081 - ET TROJAN Xorer.ez HTTP Checkin to CnC (bleeding-virus.rules)
 2008082 - ET TROJAN Vundo HTTP Post-Install Checkin (2) (bleeding-virus.rules)
 2008083 - ET TROJAN Suspicious User Agent (Zlob Related) (UA00000) (bleeding-virus.rules)
 2008084 - ET MALWARE Suspicious User-Agent (Mozilla-web) (bleeding-malware.rules)
 2008085 - ET MALWARE Alexa Search Toolbar User-Agent 2 (Alexa Toolbar) (bleeding-malware.rules)
 2008086 - ET TROJAN Daemonize.ft HTTP Checkin (bleeding-virus.rules)
 2008087 - ET TROJAN Downloader.VB.CEJ HTTP Checkin (bleeding-virus.rules)
 2008088 - ET TROJAN Lolabel Related User-Agent (ProxyDown) (bleeding-virus.rules)
 2008089 - ET TROJAN LDPinch Checkin (7) (bleeding-virus.rules)
 2008090 - ET TROJAN Delf Checkin via HTTP (7) (bleeding-virus.rules)
 2008091 - ET TROJAN LDPinch Checkin (8) (bleeding-virus.rules)
 2008092 - ET SCAN Internal to Internal UPnP Request tcp port 2555 (bleeding-scan.rules)
 2008093 - ET SCAN External to Internal UPnP Request tcp port 2555 (bleeding-scan.rules)
 2008094 - ET SCAN External to Internal UPnP Request udp port 1900 (bleeding-scan.rules)
 2008096 - ET MALWARE Suspicious User-Agent (INSTALLER) (bleeding-malware.rules)
 2008097 - ET MALWARE Suspicious User-Agent (IEMGR) (bleeding-malware.rules)
 2008098 - ET MALWARE Suspicious User-Agent (GOOGLE) (bleeding-malware.rules)
 2008099 - ET EXPLOIT ChilkatHttp ActiveX 2.3 Arbitrary Files Overwrite (bleeding-exploit.rules)
 2008100 - ET TROJAN PRG/wnspoem/Zeus InfoStealer Trojan Config Download (bleeding-virus.rules)
 2008101 - ET CURRENT_EVENTS Possible Storm Worm EXE Request (withlove.exe) (bleeding.rules)
 2008102 - ET CURRENT_EVENTS Possible Storm Worm EXE Request (love.exe) (bleeding.rules)


[///]     Modified active rules:     [///]

 2000026 - ET MALWARE Gator Agent Traffic (bleeding-malware.rules)
 2000600 - ET MALWARE MyWebSearch Toolbar Receiving Configuration (bleeding-malware.rules)
 2001662 - ET MALWARE MyWebSearch Toolbar Traffic (Agent) (bleeding-malware.rules)
 2001663 - ET MALWARE MyWebSearch Toolbar Traffic (host) (bleeding-malware.rules)
 2002818 - ET MALWARE MyWebSearch Toolbar Traffic (general download) (bleeding-malware.rules)
 2002819 - ET MALWARE MyWebSearch Toolbar Traffic (bin download) (bleeding-malware.rules)
 2002836 - ET MALWARE MyWebSearch Toolbar Traffic (bar config download) (bleeding-malware.rules)
 2003222 - ET MALWARE MyWebSearch Toolbar Receiving Config 2 (bleeding-malware.rules)
 2003617 - ET MALWARE MyWebSearch Toolbar Posting Activity Report (bleeding-malware.rules)
 2003621 - ET MALWARE MyWay Spyware Posting Activity Report - Dell Related (bleeding-malware.rules)
 2007595 - ET TROJAN Downloader.Dluca HTTP Checkin (bleeding-virus.rules)
 2007607 - ET MALWARE Zango Spyware Post (bleeding-malware.rules)
 2007854 - ET MALWARE Suspicious User Agent - Possible Spyware Related (Mozilla) (bleeding-malware.rules)
 2008055 - ET TROJAN Win32.Inject.ajq Initial Checkin to CnC (bleeding-virus.rules)
 2008058 - ET TROJAN Win32.Inject.ajq Initial Checkin to CnC port 443 (bleeding-virus.rules)
 2400000 - ET DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400001 - ET DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400002 - ET DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400003 - ET DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400004 - ET DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2401000 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401001 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401002 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401003 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401004 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2402000 - ET DROP Dshield Block Listed Source (bleeding-dshield.rules)
 2403000 - ET DROP Dshield Block Listed Source - BLOCKING (bleeding-dshield-BLOCK.rules)
 2404000 - ET DROP Known Bot C&C Server Traffic (group 1)  (bleeding-botcc.rules)
 2404001 - ET DROP Known Bot C&C Server Traffic (group 2)  (bleeding-botcc.rules)
 2404002 - ET DROP Known Bot C&C Server Traffic (group 3)  (bleeding-botcc.rules)
 2404003 - ET DROP Known Bot C&C Server Traffic (group 4)  (bleeding-botcc.rules)
 2404004 - ET DROP Known Bot C&C Server Traffic (group 5)  (bleeding-botcc.rules)
 2404005 - ET DROP Known Bot C&C Server Traffic (group 6)  (bleeding-botcc.rules)
 2404006 - ET DROP Known Bot C&C Server Traffic (group 7)  (bleeding-botcc.rules)
 2404007 - ET DROP Known Bot C&C Server Traffic (group 8)  (bleeding-botcc.rules)
 2404008 - ET DROP Known Bot C&C Server Traffic (group 9)  (bleeding-botcc.rules)
 2404009 - ET DROP Known Bot C&C Server Traffic (group 10)  (bleeding-botcc.rules)
 2404010 - ET DROP Known Bot C&C Server Traffic (group 11)  (bleeding-botcc.rules)
 2404011 - ET DROP Known Bot C&C Server Traffic (group 12)  (bleeding-botcc.rules)
 2404012 - ET DROP Known Bot C&C Server Traffic (group 13)  (bleeding-botcc.rules)
 2404013 - ET DROP Known Bot C&C Server Traffic (group 14)  (bleeding-botcc.rules)
 2404014 - ET DROP Known Bot C&C Server Traffic (group 15)  (bleeding-botcc.rules)
 2404015 - ET DROP Known Bot C&C Server Traffic (group 16)  (bleeding-botcc.rules)
 2404016 - ET DROP Known Bot C&C Server Traffic (group 17)  (bleeding-botcc.rules)
 2404017 - ET DROP Known Bot C&C Server Traffic (group 18)  (bleeding-botcc.rules)
 2404018 - ET DROP Known Bot C&C Server Traffic (group 19)  (bleeding-botcc.rules)
 2404019 - ET DROP Known Bot C&C Server Traffic (group 20)  (bleeding-botcc.rules)
 2404020 - ET DROP Known Bot C&C Server Traffic (group 21)  (bleeding-botcc.rules)
 2405000 - ET DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405001 - ET DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405002 - ET DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405003 - ET DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405004 - ET DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405005 - ET DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405006 - ET DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405007 - ET DROP Known Bot C&C Traffic (group 8) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405008 - ET DROP Known Bot C&C Traffic (group 9) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405009 - ET DROP Known Bot C&C Traffic (group 10) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405010 - ET DROP Known Bot C&C Traffic (group 11) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405011 - ET DROP Known Bot C&C Traffic (group 12) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405012 - ET DROP Known Bot C&C Traffic (group 13) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405013 - ET DROP Known Bot C&C Traffic (group 14) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405014 - ET DROP Known Bot C&C Traffic (group 15) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405015 - ET DROP Known Bot C&C Traffic (group 16) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405016 - ET DROP Known Bot C&C Traffic (group 17) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405017 - ET DROP Known Bot C&C Traffic (group 18) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405018 - ET DROP Known Bot C&C Traffic (group 19) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405019 - ET DROP Known Bot C&C Traffic (group 20) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405020 - ET DROP Known Bot C&C Traffic (group 21) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)


[---]         Disabled rules:        [---]

 2008064 - ET POLICY Nginx Server with no version string - Often Hostile Traffic (bleeding-policy.rules)


[---]         Removed rules:         [---]

 2006424 - ET MALWARE Karine.co.kr Related Spyware User Agent (WebUpdate) (bleeding-malware.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-drop-BLOCK.rules (2):
        #  VERSION 1108
        #  Generated 2008-04-04 01:03:02 EDT

     -> Added to bleeding-drop.rules (2):
        #  VERSION 1108
        #  Generated 2008-04-04 01:03:02 EDT

     -> Added to bleeding-exploit.rules (1):
        #by Chandan S at Stillsecure

     -> Added to bleeding-malware.rules (1):
        #re 3770f50ed1ead924f42f787b462cdb2b, no name yet

     -> Added to bleeding-scan.rules (4):
        #by matt jonkman
        #intended to catch internal hosts doing upnp requests that maybe shouldn't be
        #and external hosts making internal requests.
        #have seen some malware samples looking for upnp hosts

     -> Added to bleeding-sid-msg.map (45):
        2000600 || ET MALWARE MyWebSearch Toolbar Receiving Configuration
        2001662 || ET MALWARE MyWebSearch Toolbar Traffic (Agent)
        2001663 || ET MALWARE MyWebSearch Toolbar Traffic (host)
        2002818 || ET MALWARE MyWebSearch Toolbar Traffic (general download)
        2002819 || ET MALWARE MyWebSearch Toolbar Traffic (bin download)
        2002836 || ET MALWARE MyWebSearch Toolbar Traffic (bar config download)
        2003222 || ET MALWARE MyWebSearch Toolbar Receiving Config 2
        2003617 || ET MALWARE MyWebSearch Toolbar Posting Activity Report
        2003621 || ET MALWARE MyWay Spyware Posting Activity Report - Dell Related
        2007607 || ET MALWARE Zango Spyware Post || url,usa.kaspersky.com/about-us/news-press-releases.php?smnr_id=900000045
        2007854 || ET MALWARE Suspicious User Agent - Possible Spyware Related (Mozilla)
        2008067 || ET MALWARE Kwsearchguide.com Related Spyware Checkin
        2008069 || ET MALWARE Kwsearchguide.com Related Spyware Keepalive
        2008070 || ET POLICY Windows 98 User-Agent Detected - Possible Malware or Non-Updated System (Win98) || url,doc.emergingthreats.net/bin/view/Main/Windows98UA
        2008071 || ET TROJAN Delf Checkin via HTTP (6)
        2008072 || ET TROJAN LDPinch Checkin (5)
        2008073 || ET MALWARE Suspicious User-Agent (App4)
        2008074 || ET TROJAN Banload User-Agent Detected (WebUpdate)
        2008075 || ET TROJAN LDPinch Checkin (6)
        2008076 || ET TROJAN General Downloader URL Pattern (/loader/setup.php)
        2008077 || ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE Request (foolsday.exe)
        2008078 || ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE Request (funny.exe)
        2008079 || ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE Request (kickme.exe)
        2008080 || ET CURRENT_EVENTS Real Player rmoc3260.dll ActiveX Remote Code Execution Exploit || url,www.milw0rm.com/exploits/5332 || cve,CVE-2008-1309 || bugtraq,28157
        2008081 || ET TROJAN Xorer.ez HTTP Checkin to CnC
        2008082 || ET TROJAN Vundo HTTP Post-Install Checkin (2)
        2008083 || ET TROJAN Suspicious User Agent (Zlob Related) (UA00000)
        2008084 || ET MALWARE Suspicious User-Agent (Mozilla-web)
        2008085 || ET MALWARE Alexa Search Toolbar User-Agent 2 (Alexa Toolbar)
        2008086 || ET TROJAN Daemonize.ft HTTP Checkin
        2008087 || ET TROJAN Downloader.VB.CEJ HTTP Checkin
        2008088 || ET TROJAN Lolabel Related User-Agent (ProxyDown)
        2008089 || ET TROJAN LDPinch Checkin (7)
        2008090 || ET TROJAN Delf Checkin via HTTP (7)
        2008091 || ET TROJAN LDPinch Checkin (8)
        2008092 || ET SCAN Internal to Internal UPnP Request tcp port 2555 || url,www.upnp-hacks.org/upnp.html
        2008093 || ET SCAN External to Internal UPnP Request tcp port 2555 || url,www.upnp-hacks.org/upnp.html
        2008094 || ET SCAN External to Internal UPnP Request udp port 1900 || url,www.upnp-hacks.org/upnp.html
        2008096 || ET MALWARE Suspicious User-Agent (INSTALLER)
        2008097 || ET MALWARE Suspicious User-Agent (IEMGR)
        2008098 || ET MALWARE Suspicious User-Agent (GOOGLE)
        2008099 || ET EXPLOIT ChilkatHttp ActiveX 2.3 Arbitrary Files Overwrite || url,www.milw0rm.com/exploits/5338 || bugtraq,28546
        2008100 || ET TROJAN PRG/wnspoem/Zeus InfoStealer Trojan Config Download
        2008101 || ET CURRENT_EVENTS Possible Storm Worm EXE Request (withlove.exe)
        2008102 || ET CURRENT_EVENTS Possible Storm Worm EXE Request (love.exe)

     -> Added to bleeding-sid-msg.map.txt (45):
        2000600 || ET MALWARE MyWebSearch Toolbar Receiving Configuration
        2001662 || ET MALWARE MyWebSearch Toolbar Traffic (Agent)
        2001663 || ET MALWARE MyWebSearch Toolbar Traffic (host)
        2002818 || ET MALWARE MyWebSearch Toolbar Traffic (general download)
        2002819 || ET MALWARE MyWebSearch Toolbar Traffic (bin download)
        2002836 || ET MALWARE MyWebSearch Toolbar Traffic (bar config download)
        2003222 || ET MALWARE MyWebSearch Toolbar Receiving Config 2
        2003617 || ET MALWARE MyWebSearch Toolbar Posting Activity Report
        2003621 || ET MALWARE MyWay Spyware Posting Activity Report - Dell Related
        2007607 || ET MALWARE Zango Spyware Post || url,usa.kaspersky.com/about-us/news-press-releases.php?smnr_id=900000045
        2007854 || ET MALWARE Suspicious User Agent - Possible Spyware Related (Mozilla)
        2008067 || ET MALWARE Kwsearchguide.com Related Spyware Checkin
        2008069 || ET MALWARE Kwsearchguide.com Related Spyware Keepalive
        2008070 || ET POLICY Windows 98 User-Agent Detected - Possible Malware or Non-Updated System (Win98) || url,doc.emergingthreats.net/bin/view/Main/Windows98UA
        2008071 || ET TROJAN Delf Checkin via HTTP (6)
        2008072 || ET TROJAN LDPinch Checkin (5)
        2008073 || ET MALWARE Suspicious User-Agent (App4)
        2008074 || ET TROJAN Banload User-Agent Detected (WebUpdate)
        2008075 || ET TROJAN LDPinch Checkin (6)
        2008076 || ET TROJAN General Downloader URL Pattern (/loader/setup.php)
        2008077 || ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE Request (foolsday.exe)
        2008078 || ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE Request (funny.exe)
        2008079 || ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE Request (kickme.exe)
        2008080 || ET CURRENT_EVENTS Real Player rmoc3260.dll ActiveX Remote Code Execution Exploit || url,www.milw0rm.com/exploits/5332 || cve,CVE-2008-1309 || bugtraq,28157
        2008081 || ET TROJAN Xorer.ez HTTP Checkin to CnC
        2008082 || ET TROJAN Vundo HTTP Post-Install Checkin (2)
        2008083 || ET TROJAN Suspicious User Agent (Zlob Related) (UA00000)
        2008084 || ET MALWARE Suspicious User-Agent (Mozilla-web)
        2008085 || ET MALWARE Alexa Search Toolbar User-Agent 2 (Alexa Toolbar)
        2008086 || ET TROJAN Daemonize.ft HTTP Checkin
        2008087 || ET TROJAN Downloader.VB.CEJ HTTP Checkin
        2008088 || ET TROJAN Lolabel Related User-Agent (ProxyDown)
        2008089 || ET TROJAN LDPinch Checkin (7)
        2008090 || ET TROJAN Delf Checkin via HTTP (7)
        2008091 || ET TROJAN LDPinch Checkin (8)
        2008092 || ET SCAN Internal to Internal UPnP Request tcp port 2555 || url,www.upnp-hacks.org/upnp.html
        2008093 || ET SCAN External to Internal UPnP Request tcp port 2555 || url,www.upnp-hacks.org/upnp.html
        2008094 || ET SCAN External to Internal UPnP Request udp port 1900 || url,www.upnp-hacks.org/upnp.html
        2008096 || ET MALWARE Suspicious User-Agent (INSTALLER)
        2008097 || ET MALWARE Suspicious User-Agent (IEMGR)
        2008098 || ET MALWARE Suspicious User-Agent (GOOGLE)
        2008099 || ET EXPLOIT ChilkatHttp ActiveX 2.3 Arbitrary Files Overwrite || url,www.milw0rm.com/exploits/5338 || bugtraq,28546
        2008100 || ET TROJAN PRG/wnspoem/Zeus InfoStealer Trojan Config Download
        2008101 || ET CURRENT_EVENTS Possible Storm Worm EXE Request (withlove.exe)
        2008102 || ET CURRENT_EVENTS Possible Storm Worm EXE Request (love.exe)

     -> Added to bleeding-virus.rules (1):
        #by steven adair from shadowserevr

     -> Added to bleeding.rules (4):
        #by akash mahajan.
        #temporary, not a perfect sig, will false
        #by matt jonkman
        #temporary for the current storm wave

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-drop-BLOCK.rules (2):
        #  VERSION 1101
        #  Generated 2008-03-28 01:03:01 EDT

     -> Removed from bleeding-drop.rules (2):
        #  VERSION 1101
        #  Generated 2008-03-28 01:03:01 EDT

     -> Removed from bleeding-malware.rules (1):
        #Disabling, may be too generic for most places

     -> Removed from bleeding-sid-msg.map (12):
        2000600 || ET MALWARE Malware MyWebSearch Toolbar Receiving Configuration
        2001662 || ET MALWARE Malware MyWebSearch Toolbar Traffic (Agent)
        2001663 || ET MALWARE Malware MyWebSearch Toolbar Traffic (host)
        2002818 || ET MALWARE Malware MyWebSearch Toolbar Traffic (general download)
        2002819 || ET MALWARE Malware MyWebSearch Toolbar Traffic (bin download)
        2002836 || ET MALWARE Malware MyWebSearch Toolbar Traffic (bar config download)
        2003222 || ET MALWARE Malware MyWebSearch Toolbar Receiving Config 2
        2003617 || ET MALWARE Malware MyWebSearch Toolbar Posting Activity Report
        2003621 || ET MALWARE Malware MyWay Spyware Posting Activity Report - Dell Related
        2006424 || ET MALWARE Karine.co.kr Related Spyware User Agent (WebUpdate)
        2007607 || ET MALWARE Zango Spyware version 10.0 Post || url,usa.kaspersky.com/about-us/news-press-releases.php?smnr_id=900000045
        2007854 || ET MALWARE Suspicious User Agent - Possible Playmp3z or other Spyware Related (Mozilla)

     -> Removed from bleeding-sid-msg.map.txt (12):
        2000600 || ET MALWARE Malware MyWebSearch Toolbar Receiving Configuration
        2001662 || ET MALWARE Malware MyWebSearch Toolbar Traffic (Agent)
        2001663 || ET MALWARE Malware MyWebSearch Toolbar Traffic (host)
        2002818 || ET MALWARE Malware MyWebSearch Toolbar Traffic (general download)
        2002819 || ET MALWARE Malware MyWebSearch Toolbar Traffic (bin download)
        2002836 || ET MALWARE Malware MyWebSearch Toolbar Traffic (bar config download)
        2003222 || ET MALWARE Malware MyWebSearch Toolbar Receiving Config 2
        2003617 || ET MALWARE Malware MyWebSearch Toolbar Posting Activity Report
        2003621 || ET MALWARE Malware MyWay Spyware Posting Activity Report - Dell Related
        2006424 || ET MALWARE Karine.co.kr Related Spyware User Agent (WebUpdate)
        2007607 || ET MALWARE Zango Spyware version 10.0 Post || url,usa.kaspersky.com/about-us/news-press-releases.php?smnr_id=900000045
        2007854 || ET MALWARE Suspicious User Agent - Possible Playmp3z or other Spyware Related (Mozilla)





More information about the Snort-sigs mailing list