[Snort-sigs] Emerging Threats Daily Signature Changes

emerging at ...3335... emerging at ...3335...
Wed Feb 13 17:00:09 EST 2008


[***] Results from Oinkmaster started Wed Feb 13 17:00:09 2008 [***]

[+++]          Added rules:          [+++]

 2007844 - ET TROJAN Downloader Agent.isd Checkin (bleeding-virus.rules)
 2007845 - ET MALWARE Errclean.com Related Spyware User Agent (Locus NetInstaller) (bleeding-malware.rules)
 2007846 - ET MALWARE Berlinads3.com Related Spyware User Agent (StixAero Engine v1.5) (bleeding-malware.rules)
 2007847 - ET EXPLOIT Sony ImageStation (SonyISUpload.cab 1.0.0.38) ActiveX Buffer Overflow Exploit (bleeding-exploit.rules)
 2007848 - ET CURRENT_EVENTS Microsoft DirectSpeechSynthesis Module (XVoice.dll 4.0.4.3303) remote BoF exploit (bleeding.rules)


[///]     Modified active rules:     [///]

 2007815 - ET CURRENT_EVENTS Aurigma Image Uploader ImageUploader4.ocx ActiveX Control Buffer Overflow Attempt (bleeding.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-exploit.rules (1):
        #by Akash Mahajan of Stillsecure

     -> Added to bleeding-malware.rules (2):
        #errclean.com related, by matt jonkman
        #berlinads3.com related

     -> Added to bleeding-sid-msg.map (6):
        2007815 || ET CURRENT_EVENTS Aurigma Image Uploader ImageUploader4.ocx ActiveX Control Buffer Overflow Attempt || url,isc.sans.org/diary.html?storyid=3929 || bugtraq,27539
        2007844 || ET TROJAN Downloader Agent.isd Checkin
        2007845 || ET MALWARE Errclean.com Related Spyware User Agent (Locus NetInstaller)
        2007846 || ET MALWARE Berlinads3.com Related Spyware User Agent (StixAero Engine v1.5)
        2007847 || ET EXPLOIT Sony ImageStation (SonyISUpload.cab 1.0.0.38) ActiveX Buffer Overflow Exploit || url,www.milw0rm.com/exploits/5100 || url,www.milw0rm.com/exploits/5086
        2007848 || ET CURRENT_EVENTS Microsoft DirectSpeechSynthesis Module (XVoice.dll 4.0.4.3303) remote BoF exploit || bugtraq,24426 || url,www.milw0rm.com/exploits/5087

     -> Added to bleeding-sid-msg.map.txt (6):
        2007815 || ET CURRENT_EVENTS Aurigma Image Uploader ImageUploader4.ocx ActiveX Control Buffer Overflow Attempt || url,isc.sans.org/diary.html?storyid=3929 || bugtraq,27539
        2007844 || ET TROJAN Downloader Agent.isd Checkin
        2007845 || ET MALWARE Errclean.com Related Spyware User Agent (Locus NetInstaller)
        2007846 || ET MALWARE Berlinads3.com Related Spyware User Agent (StixAero Engine v1.5)
        2007847 || ET EXPLOIT Sony ImageStation (SonyISUpload.cab 1.0.0.38) ActiveX Buffer Overflow Exploit || url,www.milw0rm.com/exploits/5100 || url,www.milw0rm.com/exploits/5086
        2007848 || ET CURRENT_EVENTS Microsoft DirectSpeechSynthesis Module (XVoice.dll 4.0.4.3303) remote BoF exploit || bugtraq,24426 || url,www.milw0rm.com/exploits/5087

     -> Added to bleeding-virus.rules (1):
        #matt jonkman, downloader Agent.isd

     -> Added to bleeding.rules (2):
        #by Akash Mahajan of Stillsecure
        #by Akash Mahajan of Stillsecure

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (3):
        2007815 || ET CURRENT_EVENTS Vulnerable Aurigma ImageUploader4 ActiveX CLSID in Use || url,isc.sans.org/diary.html?storyid=3929
        2402000 || ET DROP Dshield Block Listed Source || url,feeds.dshield.org/block.txt
        2403000 || ET DROP Dshield Block Listed Source - BLOCKING || url,feeds.dshield.org/block.txt

     -> Removed from bleeding-sid-msg.map.txt (3):
        2007815 || ET CURRENT_EVENTS Vulnerable Aurigma ImageUploader4 ActiveX CLSID in Use || url,isc.sans.org/diary.html?storyid=3929
        2402000 || ET DROP Dshield Block Listed Source || url,feeds.dshield.org/block.txt
        2403000 || ET DROP Dshield Block Listed Source - BLOCKING || url,feeds.dshield.org/block.txt





More information about the Snort-sigs mailing list