[Snort-sigs] Emerging Threats Weekly Signature Changes

emerging at ...3335... emerging at ...3335...
Sat Apr 26 19:00:08 EDT 2008


[***] Results from Oinkmaster started Sat Apr 26 19:00:07 2008 [***]

[+++]          Added rules:          [+++]

 2008149 - ET MALWARE 360safe.com related Fake Security Product Update (KillerSet) (bleeding-malware.rules)
 2008150 - ET MALWARE Avsystemcare.com Fake AV User Agent (LocusSoftware, NetInstaller) (bleeding-malware.rules)
 2008151 - ET MALWARE Speed-runner.com Fake Speed Test User-Agent (SRRecover) (bleeding-malware.rules)
 2008152 - ET TROJAN Pakes/Cutwall/Kobcka Checkin URL (bleeding-virus.rules)
 2008153 - ET TROJAN Citi-bank.ru Related Trojan Checkin (bleeding-virus.rules)
 2008155 - ET TROJAN Trats.a Post-Infection Checkin (bleeding-virus.rules)
 2008156 - ET TROJAN Hupigon User Agent Detected (VIP2007) (bleeding-virus.rules)
 2008157 - ET MALWARE Sudelinker.com-Upspider.com Spyware Checkin (bleeding-malware.rules)
 2008158 - ET MALWARE Sudelinker.com-Upspider.com Spyware Count (bleeding-malware.rules)
 2404016 - ET DROP Known Bot C&C Server Traffic (group 17)  (bleeding-botcc.rules)
 2404017 - ET DROP Known Bot C&C Server Traffic (group 18)  (bleeding-botcc.rules)
 2404018 - ET DROP Known Bot C&C Server Traffic (group 19)  (bleeding-botcc.rules)
 2404019 - ET DROP Known Bot C&C Server Traffic (group 20)  (bleeding-botcc.rules)
 2405016 - ET DROP Known Bot C&C Traffic (group 17) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405017 - ET DROP Known Bot C&C Traffic (group 18) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405018 - ET DROP Known Bot C&C Traffic (group 19) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405019 - ET DROP Known Bot C&C Traffic (group 20) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)


[///]     Modified active rules:     [///]

 2001871 - ET MALWARE Target Saver Spyware User Agent (bleeding-malware.rules)
 2008036 - ET MALWARE 360safe.com related Fake Security Product Update (bleeding-malware.rules)
 2008083 - ET TROJAN Suspicious User Agent (Zlob Related) (UA00000) (bleeding-virus.rules)
 2402000 - ET DROP Dshield Block Listed Source (bleeding-dshield.rules)
 2403000 - ET DROP Dshield Block Listed Source - BLOCKING (bleeding-dshield-BLOCK.rules)
 2404000 - ET DROP Known Bot C&C Server Traffic (group 1)  (bleeding-botcc.rules)
 2404001 - ET DROP Known Bot C&C Server Traffic (group 2)  (bleeding-botcc.rules)
 2404002 - ET DROP Known Bot C&C Server Traffic (group 3)  (bleeding-botcc.rules)
 2404003 - ET DROP Known Bot C&C Server Traffic (group 4)  (bleeding-botcc.rules)
 2404004 - ET DROP Known Bot C&C Server Traffic (group 5)  (bleeding-botcc.rules)
 2404005 - ET DROP Known Bot C&C Server Traffic (group 6)  (bleeding-botcc.rules)
 2404006 - ET DROP Known Bot C&C Server Traffic (group 7)  (bleeding-botcc.rules)
 2404007 - ET DROP Known Bot C&C Server Traffic (group 8)  (bleeding-botcc.rules)
 2404008 - ET DROP Known Bot C&C Server Traffic (group 9)  (bleeding-botcc.rules)
 2404009 - ET DROP Known Bot C&C Server Traffic (group 10)  (bleeding-botcc.rules)
 2404010 - ET DROP Known Bot C&C Server Traffic (group 11)  (bleeding-botcc.rules)
 2404011 - ET DROP Known Bot C&C Server Traffic (group 12)  (bleeding-botcc.rules)
 2404012 - ET DROP Known Bot C&C Server Traffic (group 13)  (bleeding-botcc.rules)
 2404013 - ET DROP Known Bot C&C Server Traffic (group 14)  (bleeding-botcc.rules)
 2404014 - ET DROP Known Bot C&C Server Traffic (group 15)  (bleeding-botcc.rules)
 2404015 - ET DROP Known Bot C&C Server Traffic (group 16)  (bleeding-botcc.rules)
 2405000 - ET DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405001 - ET DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405002 - ET DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405003 - ET DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405004 - ET DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405005 - ET DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405006 - ET DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405007 - ET DROP Known Bot C&C Traffic (group 8) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405008 - ET DROP Known Bot C&C Traffic (group 9) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405009 - ET DROP Known Bot C&C Traffic (group 10) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405010 - ET DROP Known Bot C&C Traffic (group 11) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405011 - ET DROP Known Bot C&C Traffic (group 12) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405012 - ET DROP Known Bot C&C Traffic (group 13) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405013 - ET DROP Known Bot C&C Traffic (group 14) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405014 - ET DROP Known Bot C&C Traffic (group 15) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405015 - ET DROP Known Bot C&C Traffic (group 16) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (17):
        2008149 || ET MALWARE 360safe.com related Fake Security Product Update (KillerSet)
        2008150 || ET MALWARE Avsystemcare.com Fake AV User Agent (LocusSoftware, NetInstaller)
        2008151 || ET MALWARE Speed-runner.com Fake Speed Test User-Agent (SRRecover)
        2008152 || ET TROJAN Pakes/Cutwall/Kobcka Checkin URL
        2008153 || ET TROJAN Citi-bank.ru Related Trojan Checkin
        2008155 || ET TROJAN Trats.a Post-Infection Checkin
        2008156 || ET TROJAN Hupigon User Agent Detected (VIP2007)
        2008157 || ET MALWARE Sudelinker.com-Upspider.com Spyware Checkin
        2008158 || ET MALWARE Sudelinker.com-Upspider.com Spyware Count
        2404016 || ET DROP Known Bot C&C Server Traffic (group 17)  || url,www.shadowserver.org
        2404017 || ET DROP Known Bot C&C Server Traffic (group 18)  || url,www.shadowserver.org
        2404018 || ET DROP Known Bot C&C Server Traffic (group 19)  || url,www.shadowserver.org
        2404019 || ET DROP Known Bot C&C Server Traffic (group 20)  || url,www.shadowserver.org
        2405016 || ET DROP Known Bot C&C Traffic (group 17) - BLOCKING SOURCE || url,www.shadowserver.org
        2405017 || ET DROP Known Bot C&C Traffic (group 18) - BLOCKING SOURCE || url,www.shadowserver.org
        2405018 || ET DROP Known Bot C&C Traffic (group 19) - BLOCKING SOURCE || url,www.shadowserver.org
        2405019 || ET DROP Known Bot C&C Traffic (group 20) - BLOCKING SOURCE || url,www.shadowserver.org

     -> Added to bleeding-sid-msg.map.txt (17):
        2008149 || ET MALWARE 360safe.com related Fake Security Product Update (KillerSet)
        2008150 || ET MALWARE Avsystemcare.com Fake AV User Agent (LocusSoftware, NetInstaller)
        2008151 || ET MALWARE Speed-runner.com Fake Speed Test User-Agent (SRRecover)
        2008152 || ET TROJAN Pakes/Cutwall/Kobcka Checkin URL
        2008153 || ET TROJAN Citi-bank.ru Related Trojan Checkin
        2008155 || ET TROJAN Trats.a Post-Infection Checkin
        2008156 || ET TROJAN Hupigon User Agent Detected (VIP2007)
        2008157 || ET MALWARE Sudelinker.com-Upspider.com Spyware Checkin
        2008158 || ET MALWARE Sudelinker.com-Upspider.com Spyware Count
        2404016 || ET DROP Known Bot C&C Server Traffic (group 17)  || url,www.shadowserver.org
        2404017 || ET DROP Known Bot C&C Server Traffic (group 18)  || url,www.shadowserver.org
        2404018 || ET DROP Known Bot C&C Server Traffic (group 19)  || url,www.shadowserver.org
        2404019 || ET DROP Known Bot C&C Server Traffic (group 20)  || url,www.shadowserver.org
        2405016 || ET DROP Known Bot C&C Traffic (group 17) - BLOCKING SOURCE || url,www.shadowserver.org
        2405017 || ET DROP Known Bot C&C Traffic (group 18) - BLOCKING SOURCE || url,www.shadowserver.org
        2405018 || ET DROP Known Bot C&C Traffic (group 19) - BLOCKING SOURCE || url,www.shadowserver.org
        2405019 || ET DROP Known Bot C&C Traffic (group 20) - BLOCKING SOURCE || url,www.shadowserver.org

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-attack_response.rules (1):
        # $Id: bleeding-attack_response.rules $

     -> Removed from bleeding-dos.rules (1):
        # $Id: bleeding-dos.rules $

     -> Removed from bleeding-exploit.rules (1):
        # $Id: bleeding-exploit.rules $

     -> Removed from bleeding-game.rules (1):
        # $Id: bleeding-game.rules $

     -> Removed from bleeding-inappropriate.rules (1):
        # $Id: bleeding-inappropriate.rules $

     -> Removed from bleeding-malware.rules (1):
        # $Id: bleeding-malware.rules $

     -> Removed from bleeding-p2p.rules (1):
        # $Id: bleeding-p2p.rules $

     -> Removed from bleeding-policy.rules (1):
        # $Id: bleeding-policy.rules $

     -> Removed from bleeding-scan.rules (1):
        # $Id: bleeding-scan.rules $

     -> Removed from bleeding-virus.rules (1):
        # $Id: bleeding-virus.rules $

     -> Removed from bleeding-voip.rules (1):
        # $Id: bleeding-voip.rules $

     -> Removed from bleeding-web.rules (1):
        # $Id: bleeding-web.rules $

     -> Removed from bleeding-web_sql_injection.rules (1):
        # $Id: bleeding-web_sql_injection.rules $

     -> Removed from bleeding.rules (1):
        # $Id: bleeding.rules $





More information about the Snort-sigs mailing list