[Snort-sigs] Emerging Threats Daily Signature Changes

emerging at ...3335... emerging at ...3335...
Mon Feb 11 17:00:09 EST 2008


[***] Results from Oinkmaster started Mon Feb 11 17:00:09 2008 [***]

[+++]          Added rules:          [+++]

 2007833 - ET TROJAN Eldorado.BHO User-Agent Detected (MSIE 5.5) (bleeding-virus.rules)
 2007834 - ET TROJAN Renos/ssd.com HTTP Checkin (bleeding-virus.rules)
 2007835 - ET CURRENT EVENTS Likely Storm Binary Requested (valentine.exe) (bleeding.rules)
 2007836 - ET TROJAN Downloader General Bot Checking In - Possible Win32.Small.htz related (bleeding-virus.rules)
 2007837 - ET TROJAN Suspicious User-Agent - Possible Trojan Downloader (WinInet) (bleeding-virus.rules)
 2007838 - ET TROJAN Delf HTTP Checkin (1) (bleeding-virus.rules)


[///]     Modified active rules:     [///]

 2007758 - ET TROJAN Eldorado.BHO User-Agent Detected (netcfg) (bleeding-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (7):
        2007758 || ET TROJAN Eldorado.BHO User-Agent Detected (netcfg)
        2007833 || ET TROJAN Eldorado.BHO User-Agent Detected (MSIE 5.5)
        2007834 || ET TROJAN Renos/ssd.com HTTP Checkin
        2007835 || ET CURRENT EVENTS Likely Storm Binary Requested (valentine.exe)
        2007836 || ET TROJAN Downloader General Bot Checking In - Possible Win32.Small.htz related
        2007837 || ET TROJAN Suspicious User-Agent - Possible Trojan Downloader (WinInet)
        2007838 || ET TROJAN Delf HTTP Checkin (1)

     -> Added to bleeding-sid-msg.map.txt (7):
        2007758 || ET TROJAN Eldorado.BHO User-Agent Detected (netcfg)
        2007833 || ET TROJAN Eldorado.BHO User-Agent Detected (MSIE 5.5)
        2007834 || ET TROJAN Renos/ssd.com HTTP Checkin
        2007835 || ET CURRENT EVENTS Likely Storm Binary Requested (valentine.exe)
        2007836 || ET TROJAN Downloader General Bot Checking In - Possible Win32.Small.htz related
        2007837 || ET TROJAN Suspicious User-Agent - Possible Trojan Downloader (WinInet)
        2007838 || ET TROJAN Delf HTTP Checkin (1)

     -> Added to bleeding-virus.rules (3):
        #yet another c&c method, by matt jonkman
        #matt jonkman, sample marked Trojan-Downloader.Win32.Small.htz by fsecure
        #Matt Jonkman, Kaspersky  Trojan-Proxy.Win32.Agent.ty

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (3):
        2007758 || ET TROJAN Eldorado.BHO User-Agent Detected
        2404017 || ET DROP Known Bot C&C Server Traffic (group 18)  || url,www.shadowserver.org
        2405017 || ET DROP Known Bot C&C Traffic (group 18) - BLOCKING SOURCE || url,www.shadowserver.org

     -> Removed from bleeding-sid-msg.map.txt (3):
        2007758 || ET TROJAN Eldorado.BHO User-Agent Detected
        2404017 || ET DROP Known Bot C&C Server Traffic (group 18)  || url,www.shadowserver.org
        2405017 || ET DROP Known Bot C&C Traffic (group 18) - BLOCKING SOURCE || url,www.shadowserver.org





More information about the Snort-sigs mailing list