[Snort-sigs] Emerging Threats Daily Signature Changes

emerging at ...3335... emerging at ...3335...
Fri Feb 15 17:00:09 EST 2008


[***] Results from Oinkmaster started Fri Feb 15 17:00:08 2008 [***]

[+++]          Added rules:          [+++]

 2007850 - ET EXPLOIT Move Networks Media Player QMPUpgrade.dll ActiveX Control Buffer Overflow Vulnerability (bleeding-exploit.rules)
 2007851 - ET EXPLOIT Citrix Presentation Server Client WFICA.OCX ActiveX Component Heap Buffer Overflow Exploit (bleeding-exploit.rules)
 2007852 - ET EXPLOIT Gateway Weblaunch2.ocx ActiveX Control Insecure Method Exploit (bleeding-exploit.rules)
 2007853 - ET EXPLOIT ImageShack Toolbar ImageShackToolbar.dll ActiveX Control Insecure Method Vulnerability (bleeding-exploit.rules)


[///]     Modified active rules:     [///]

 2007724 - ET TROJAN Prg Trojan HTTP POST version 2 (bleeding-virus.rules)
 2007816 - ET CURRENT_EVENTS Vulnerable Aurigma ImageUploader5 ActiveX CLSID in Use (bleeding.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (10):
        2007724 || ET TROJAN Prg Trojan HTTP POST version 2 || url,ip.securescience.net/advisories/pubMalwareCaseStudy.pdf
        2007816 || ET CURRENT_EVENTS Vulnerable Aurigma ImageUploader5 ActiveX CLSID in Use || url,isc.sans.org/diary.html?storyid=3929 || url,www.milw0rm.com/exploits/5049
        2007850 || ET EXPLOIT Move Networks Media Player QMPUpgrade.dll ActiveX Control Buffer Overflow Vulnerability || url,www.milw0rm.com/exploits/4979 || bugtraq,27438
        2007851 || ET EXPLOIT Citrix Presentation Server Client WFICA.OCX ActiveX Component Heap Buffer Overflow Exploit || cve,CVE-2006-6334 || bugtraq,21458 || url,www.milw0rm.com/exploits/5106
        2007852 || ET EXPLOIT Gateway Weblaunch2.ocx ActiveX Control Insecure Method Exploit || bugtraq,27193 || url,www.milw0rm.com/exploits/4982
        2007853 || ET EXPLOIT ImageShack Toolbar ImageShackToolbar.dll ActiveX Control Insecure Method Vulnerability || bugtraq,27439 || url,www.milw0rm.com/exploits/4981
        2402000 || ET DROP Dshield Block Listed Source || url,feeds.dshield.org/block.txt
        2403000 || ET DROP Dshield Block Listed Source - BLOCKING || url,feeds.dshield.org/block.txt
        2404017 || ET DROP Known Bot C&C Server Traffic (group 18)  || url,www.shadowserver.org
        2405017 || ET DROP Known Bot C&C Traffic (group 18) - BLOCKING SOURCE || url,www.shadowserver.org

     -> Added to bleeding-sid-msg.map.txt (10):
        2007724 || ET TROJAN Prg Trojan HTTP POST version 2 || url,ip.securescience.net/advisories/pubMalwareCaseStudy.pdf
        2007816 || ET CURRENT_EVENTS Vulnerable Aurigma ImageUploader5 ActiveX CLSID in Use || url,isc.sans.org/diary.html?storyid=3929 || url,www.milw0rm.com/exploits/5049
        2007850 || ET EXPLOIT Move Networks Media Player QMPUpgrade.dll ActiveX Control Buffer Overflow Vulnerability || url,www.milw0rm.com/exploits/4979 || bugtraq,27438
        2007851 || ET EXPLOIT Citrix Presentation Server Client WFICA.OCX ActiveX Component Heap Buffer Overflow Exploit || cve,CVE-2006-6334 || bugtraq,21458 || url,www.milw0rm.com/exploits/5106
        2007852 || ET EXPLOIT Gateway Weblaunch2.ocx ActiveX Control Insecure Method Exploit || bugtraq,27193 || url,www.milw0rm.com/exploits/4982
        2007853 || ET EXPLOIT ImageShack Toolbar ImageShackToolbar.dll ActiveX Control Insecure Method Vulnerability || bugtraq,27439 || url,www.milw0rm.com/exploits/4981
        2402000 || ET DROP Dshield Block Listed Source || url,feeds.dshield.org/block.txt
        2403000 || ET DROP Dshield Block Listed Source - BLOCKING || url,feeds.dshield.org/block.txt
        2404017 || ET DROP Known Bot C&C Server Traffic (group 18)  || url,www.shadowserver.org
        2405017 || ET DROP Known Bot C&C Traffic (group 18) - BLOCKING SOURCE || url,www.shadowserver.org

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (2):
        2007724 || ET TROJAN Prg Trojan HTTP POST version 2 || url, ip.securescience.net/advisories/pubMalwareCaseStudy.pdf
        2007816 || ET CURRENT_EVENTS Vulnerable Aurigma ImageUploader5 ActiveX CLSID in Use || url,isc.sans.org/diary.html?storyid=3929

     -> Removed from bleeding-sid-msg.map.txt (2):
        2007724 || ET TROJAN Prg Trojan HTTP POST version 2 || url, ip.securescience.net/advisories/pubMalwareCaseStudy.pdf
        2007816 || ET CURRENT_EVENTS Vulnerable Aurigma ImageUploader5 ActiveX CLSID in Use || url,isc.sans.org/diary.html?storyid=3929





More information about the Snort-sigs mailing list