[Snort-sigs] Emerging Threats Daily Signature Changes

emerging at ...3335... emerging at ...3335...
Mon Apr 7 17:00:09 EDT 2008


[***] Results from Oinkmaster started Mon Apr  7 17:00:09 2008 [***]

[///]     Modified active rules:     [///]

 2001016 - ET MALWARE SideStep Bar Install (bleeding-malware.rules)
 2001017 - ET MALWARE SideStep Bar Reporting Data (bleeding-malware.rules)
 2002821 - ET MALWARE SideStep Bar Reporting Data (sbstart) (bleeding-malware.rules)
 2008100 - ET TROJAN PRG/wnspoem/Zeus InfoStealer Trojan Config Download (bleeding-virus.rules)


[---]  Disabled and modified rules:  [---]

 2008074 - ET TROJAN Banload User-Agent Detected (WebUpdate) (bleeding-virus.rules)


[---]         Removed rules:         [---]

 2001018 - ET MALWARE SideStep Bar Activity (bleeding-malware.rules)
 2001019 - ET MALWARE SideStep Bar Autoupdate (bleeding-malware.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (2):
        2404021 || ET DROP Known Bot C&C Server Traffic (group 22)  || url,www.shadowserver.org
        2405021 || ET DROP Known Bot C&C Traffic (group 22) - BLOCKING SOURCE || url,www.shadowserver.org

     -> Added to bleeding-sid-msg.map.txt (2):
        2404021 || ET DROP Known Bot C&C Server Traffic (group 22)  || url,www.shadowserver.org
        2405021 || ET DROP Known Bot C&C Traffic (group 22) - BLOCKING SOURCE || url,www.shadowserver.org

     -> Added to bleeding-virus.rules (1):
        #Disabling, hits on a few legit apps

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (10):
        2001018 || ET MALWARE SideStep Bar Activity || url,www.spyany.com/program/article_spw_rm_SideStep.html || url,www.sidestep.com
        2001019 || ET MALWARE SideStep Bar Autoupdate || url,www.spyany.com/program/article_spw_rm_SideStep.html || url,www.sidestep.com
        2400001 || ET DROP Spamhaus DROP Listed Traffic Inbound || url,www.spamhaus.org/drop/drop.lasso
        2400002 || ET DROP Spamhaus DROP Listed Traffic Inbound || url,www.spamhaus.org/drop/drop.lasso
        2400003 || ET DROP Spamhaus DROP Listed Traffic Inbound || url,www.spamhaus.org/drop/drop.lasso
        2400004 || ET DROP Spamhaus DROP Listed Traffic Inbound || url,www.spamhaus.org/drop/drop.lasso
        2401001 || ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE || url,www.spamhaus.org/drop/drop.lasso
        2401002 || ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE || url,www.spamhaus.org/drop/drop.lasso
        2401003 || ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE || url,www.spamhaus.org/drop/drop.lasso
        2401004 || ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE || url,www.spamhaus.org/drop/drop.lasso

     -> Removed from bleeding-sid-msg.map.txt (10):
        2001018 || ET MALWARE SideStep Bar Activity || url,www.spyany.com/program/article_spw_rm_SideStep.html || url,www.sidestep.com
        2001019 || ET MALWARE SideStep Bar Autoupdate || url,www.spyany.com/program/article_spw_rm_SideStep.html || url,www.sidestep.com
        2400001 || ET DROP Spamhaus DROP Listed Traffic Inbound || url,www.spamhaus.org/drop/drop.lasso
        2400002 || ET DROP Spamhaus DROP Listed Traffic Inbound || url,www.spamhaus.org/drop/drop.lasso
        2400003 || ET DROP Spamhaus DROP Listed Traffic Inbound || url,www.spamhaus.org/drop/drop.lasso
        2400004 || ET DROP Spamhaus DROP Listed Traffic Inbound || url,www.spamhaus.org/drop/drop.lasso
        2401001 || ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE || url,www.spamhaus.org/drop/drop.lasso
        2401002 || ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE || url,www.spamhaus.org/drop/drop.lasso
        2401003 || ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE || url,www.spamhaus.org/drop/drop.lasso
        2401004 || ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE || url,www.spamhaus.org/drop/drop.lasso





More information about the Snort-sigs mailing list