[Snort-sigs] Emerging Threats Daily Signature Changes

emerging at ...3335... emerging at ...3335...
Tue Feb 12 17:00:08 EST 2008


[***] Results from Oinkmaster started Tue Feb 12 17:00:08 2008 [***]

[+++]          Added rules:          [+++]

 2007839 - ET MALWARE Drpcclean.com Related Spyware User Agent (DrPCClean Transmit) (bleeding-malware.rules)
 2007840 - ET TROJAN Suspicious User-Agent - Possible Trojan Downloader (Shell) (bleeding-virus.rules)
 2007841 - ET TROJAN W32.Downloader Tibs.ek Reporting to C&C (bleeding-virus.rules)
 2007842 - ET MALWARE Softspydelete.com Fake Anti-Spyware Checkin (bleeding-malware.rules)


[///]     Modified active rules:     [///]

 2003238 - ET TROJAN W32.Downloader Tibs.jy Reporting to C&C (bleeding-virus.rules)
 2003239 - ET TROJAN W32.Downloader Tibs.jy Reporting to C&C (2) (bleeding-virus.rules)


[---]         Removed rules:         [---]

 2007830 - ET MALWARE Maxthom/Myie2.com Related Spyware User Agent (MyIE2) (bleeding-malware.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-malware.rules (2):
        #another fake antispyware package, by matt jonkman
        #drpcclean.com by matt jonkman

     -> Added to bleeding-sid-msg.map (6):
        2003238 || ET TROJAN W32.Downloader Tibs.jy Reporting to C&C
        2003239 || ET TROJAN W32.Downloader Tibs.jy Reporting to C&C (2)
        2007839 || ET MALWARE Drpcclean.com Related Spyware User Agent (DrPCClean Transmit)
        2007840 || ET TROJAN Suspicious User-Agent - Possible Trojan Downloader (Shell)
        2007841 || ET TROJAN W32.Downloader Tibs.ek Reporting to C&C
        2007842 || ET MALWARE Softspydelete.com Fake Anti-Spyware Checkin

     -> Added to bleeding-sid-msg.map.txt (6):
        2003238 || ET TROJAN W32.Downloader Tibs.jy Reporting to C&C
        2003239 || ET TROJAN W32.Downloader Tibs.jy Reporting to C&C (2)
        2007839 || ET MALWARE Drpcclean.com Related Spyware User Agent (DrPCClean Transmit)
        2007840 || ET TROJAN Suspicious User-Agent - Possible Trojan Downloader (Shell)
        2007841 || ET TROJAN W32.Downloader Tibs.ek Reporting to C&C
        2007842 || ET MALWARE Softspydelete.com Fake Anti-Spyware Checkin

     -> Added to bleeding-virus.rules (1):
        #Matt Jonkman, Kaspersky  Trojan-Proxy.Win32.Agent.blm

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-malware.rules (1):
        #maxthon related, by matt jonkman

     -> Removed from bleeding-sid-msg.map (3):
        2003238 || ET TROJAN W32.Downloader-388 (Trojan-Downloader.Win32.Tibs.jy) Reporting to C&C
        2003239 || ET TROJAN W32.Downloader-388 (Trojan-Downloader.Win32.Tibs.jy) Reporting to C&C (2)
        2007830 || ET MALWARE Maxthom/Myie2.com Related Spyware User Agent (MyIE2)

     -> Removed from bleeding-sid-msg.map.txt (3):
        2003238 || ET TROJAN W32.Downloader-388 (Trojan-Downloader.Win32.Tibs.jy) Reporting to C&C
        2003239 || ET TROJAN W32.Downloader-388 (Trojan-Downloader.Win32.Tibs.jy) Reporting to C&C (2)
        2007830 || ET MALWARE Maxthom/Myie2.com Related Spyware User Agent (MyIE2)

     -> Removed from bleeding-virus.rules (1):
        #first found by ClamAV





More information about the Snort-sigs mailing list