[Snort-sigs] Emerging Threats Daily Signature Changes

emerging at ...3335... emerging at ...3335...
Wed Feb 20 17:00:09 EST 2008


[***] Results from Oinkmaster started Wed Feb 20 17:00:09 2008 [***]

[+++]          Added rules:          [+++]

 2007856 - ET MALWARE System-defender.com Fake AV Install Checkin (bleeding-malware.rules)
 2007858 - ET TROJAN Delf Keylog FTP Upload (bleeding-virus.rules)
 2007859 - ET MALWARE Suspicious User Agent - Possible Trojan Downloader (microsoft) (bleeding-malware.rules)
 2007860 - ET MALWARE Suspicious User Agent - Possible Trojan Downloader (Internet Explorer 6.0) (bleeding-malware.rules)
 2007861 - ET MALWARE Softcashier.com Spyware Install Checkin (bleeding-malware.rules)
 2007862 - ET TROJAN LDPinch Checkin (3) (bleeding-virus.rules)
 2007863 - ET TROJAN Banload HTTP Checkin (bleeding-virus.rules)
 2007864 - ET TROJAN Banload HTTP Checkin Detected (bleeding-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-attack_response.rules (1):
        # $Id: bleeding-attack_response.rules $

     -> Added to bleeding-dos.rules (1):
        # $Id: bleeding-dos.rules $

     -> Added to bleeding-exploit.rules (1):
        # $Id: bleeding-exploit.rules $

     -> Added to bleeding-game.rules (1):
        # $Id: bleeding-game.rules $

     -> Added to bleeding-inappropriate.rules (1):
        # $Id: bleeding-inappropriate.rules $

     -> Added to bleeding-malware.rules (2):
        # $Id: bleeding-malware.rules $
        #fake av, sig by matt jonkman

     -> Added to bleeding-p2p.rules (1):
        # $Id: bleeding-p2p.rules $

     -> Added to bleeding-policy.rules (1):
        # $Id: bleeding-policy.rules $

     -> Added to bleeding-scan.rules (1):
        # $Id: bleeding-scan.rules $

     -> Added to bleeding-sid-msg.map (8):
        2007856 || ET MALWARE System-defender.com Fake AV Install Checkin || url,www.system-defender.com
        2007858 || ET TROJAN Delf Keylog FTP Upload
        2007859 || ET MALWARE Suspicious User Agent - Possible Trojan Downloader (microsoft)
        2007860 || ET MALWARE Suspicious User Agent - Possible Trojan Downloader (Internet Explorer 6.0)
        2007861 || ET MALWARE Softcashier.com Spyware Install Checkin
        2007862 || ET TROJAN LDPinch Checkin (3)
        2007863 || ET TROJAN Banload HTTP Checkin
        2007864 || ET TROJAN Banload HTTP Checkin Detected

     -> Added to bleeding-sid-msg.map.txt (8):
        2007856 || ET MALWARE System-defender.com Fake AV Install Checkin || url,www.system-defender.com
        2007858 || ET TROJAN Delf Keylog FTP Upload
        2007859 || ET MALWARE Suspicious User Agent - Possible Trojan Downloader (microsoft)
        2007860 || ET MALWARE Suspicious User Agent - Possible Trojan Downloader (Internet Explorer 6.0)
        2007861 || ET MALWARE Softcashier.com Spyware Install Checkin
        2007862 || ET TROJAN LDPinch Checkin (3)
        2007863 || ET TROJAN Banload HTTP Checkin
        2007864 || ET TROJAN Banload HTTP Checkin Detected

     -> Added to bleeding-virus.rules (2):
        # $Id: bleeding-virus.rules $
        #delf keylog upload, kinda flimsy but works

     -> Added to bleeding-voip.rules (1):
        # $Id: bleeding-voip.rules $

     -> Added to bleeding-web.rules (1):
        # $Id: bleeding-web.rules $

     -> Added to bleeding-web_sql_injection.rules (1):
        # $Id: bleeding-web_sql_injection.rules $

     -> Added to bleeding.rules (1):
        # $Id: bleeding.rules $





More information about the Snort-sigs mailing list