[Snort-sigs] [Emerging-Sigs] Emerging Threats Weekly Signature Changes

Matt Jonkman jonkman at ...829...
Mon Feb 25 09:51:28 EST 2008


You are correct Jackie, fixing now...

Thanks for the note!

Matt

Jackie Lai wrote:
>>  207873 - ET WEB WinIPDS Directory Traversal Vulnerabilities POST
>> (bleeding-web.rules)
> 
> The SID seems to be a typo error? I think it should be 2007873.
> 
> ========================
> Jackie Lai, CISSP
> mailto: gclai [at] draytek [dot] com
> ========================
> ----- Original Message ----- ???: <emerging at ...3335...>
> ???: <snort-sigs at lists.sourceforge.net>;
> <emerging-sigs at ...3335...>
> ????: 2008?2?24? ?? 08:00
> ??: [Emerging-Sigs] Emerging Threats Weekly Signature Changes
> 
> 
>>
>> [***] Results from Oinkmaster started Sat Feb 23 19:00:09 2008 [***]
>>
>> [+++]          Added rules:          [+++]
>>
>>  207873 - ET WEB WinIPDS Directory Traversal Vulnerabilities POST
>> (bleeding-web.rules)
>> 2007855 - ET MALWARE OneStepSearch Host Activity (bleeding-malware.rules)
>> 2007856 - ET MALWARE System-defender.com Fake AV Install Checkin
>> (bleeding-malware.rules)
>> 2007858 - ET TROJAN Delf Keylog FTP Upload (bleeding-virus.rules)
>> 2007859 - ET MALWARE Suspicious User Agent - Possible Trojan
>> Downloader (microsoft) (bleeding-malware.rules)
>> 2007860 - ET MALWARE Suspicious User Agent - Possible Trojan
>> Downloader (Internet Explorer 6.0) (bleeding-malware.rules)
>> 2007861 - ET MALWARE Softcashier.com Spyware Install Checkin
>> (bleeding-malware.rules)
>> 2007862 - ET TROJAN LDPinch Checkin (3) (bleeding-virus.rules)
>> 2007863 - ET TROJAN Banload HTTP Checkin (bleeding-virus.rules)
>> 2007864 - ET TROJAN Banload HTTP Checkin Detected (bleeding-virus.rules)
>> 2007865 - ET MALWARE Winreanimator.com Fake AV Install Attempt
>> (bleeding-malware.rules)
>> 2007866 - ET TROJAN Gadu-Gadu.pl Related Trojan Reporting via HTTP
>> (bleeding-virus.rules)
>> 2007867 - ET TROJAN Delf HTTP Post Checkin (1) (bleeding-virus.rules)
>> 2007868 - ET MALWARE Suspicious User Agent - Possible Trojan
>> Downloader (Firefox) (bleeding-malware.rules)
>> 2007869 - ET MALWARE Vombanetwork Spyware User Agent
>> (VombaProductsInstaller) (bleeding-malware.rules)
>> 2007870 - ET MALWARE Vombanetworks.com Spyware Installer Checkin
>> (bleeding-malware.rules)
>> 2007871 - ET WEB Philips VOIP841 Web Server Directory Traversal
>> (bleeding-web.rules)
>> 2007872 - ET WEB WinIPDS Directory Traversal Vulnerabilities GET
>> (bleeding-web.rules)
>> 2007874 - ET EXPLOIT Now SMS/MMS Gateway HTTP BOF Vulnerability
>> (bleeding-exploit.rules)
>> 2007875 - ET EXPLOIT Now SMS/MMS Gateway SMPP BOF Vulnerability
>> (bleeding-exploit.rules)
>> 2007876 - ET EXPLOIT ExtremeZ-IP File and Print Server Multiple
>> Vulnerabilities - udp (bleeding-exploit.rules)
>> 2007877 - ET EXPLOIT ExtremeZ-IP File and Print Server Multiple
>> Vulnerabilities - tcp (bleeding-exploit.rules)
>> 2007878 - ET WEB Apple QuickTime <= 7.4.1 QTPlugin.ocx Multiple Remote
>> Stack Overflow (bleeding-web.rules)
>> 2007879 - ET EXPLOIT Cyan Soft Products Format String Vulnerability
>> (bleeding-exploit.rules)
>>
>>
>> [///]     Modified active rules:     [///]
>>
>> 2002157 - ET POLICY Skype User-Agent detected (bleeding-policy.rules)
>> 2003070 - ET WORM Korgo.U Reporting (bleeding-virus.rules)
>> 2003330 - ET POLICY Possible Spambot -- Host DNS MX Query High Count
>> (bleeding-policy.rules)
>> 2400000 - ET DROP Spamhaus DROP Listed Traffic Inbound
>> (bleeding-drop.rules)
>> 2400001 - ET DROP Spamhaus DROP Listed Traffic Inbound
>> (bleeding-drop.rules)
>> 2400002 - ET DROP Spamhaus DROP Listed Traffic Inbound
>> (bleeding-drop.rules)
>> 2400003 - ET DROP Spamhaus DROP Listed Traffic Inbound
>> (bleeding-drop.rules)
>> 2400004 - ET DROP Spamhaus DROP Listed Traffic Inbound
>> (bleeding-drop.rules)
>> 2401000 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING
>> SOURCE (bleeding-drop-BLOCK.rules)
>> 2401001 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING
>> SOURCE (bleeding-drop-BLOCK.rules)
>> 2401002 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING
>> SOURCE (bleeding-drop-BLOCK.rules)
>> 2401003 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING
>> SOURCE (bleeding-drop-BLOCK.rules)
>> 2401004 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING
>> SOURCE (bleeding-drop-BLOCK.rules)
>> 2402000 - ET DROP Dshield Block Listed Source (bleeding-dshield.rules)
>> 2403000 - ET DROP Dshield Block Listed Source - BLOCKING
>> (bleeding-dshield-BLOCK.rules)
>> 2404000 - ET DROP Known Bot C&C Server Traffic (group 1)
>> (bleeding-botcc.rules)
>> 2404001 - ET DROP Known Bot C&C Server Traffic (group 2)
>> (bleeding-botcc.rules)
>> 2404002 - ET DROP Known Bot C&C Server Traffic (group 3)
>> (bleeding-botcc.rules)
>> 2404003 - ET DROP Known Bot C&C Server Traffic (group 4)
>> (bleeding-botcc.rules)
>> 2404004 - ET DROP Known Bot C&C Server Traffic (group 5)
>> (bleeding-botcc.rules)
>> 2404005 - ET DROP Known Bot C&C Server Traffic (group 6)
>> (bleeding-botcc.rules)
>> 2404006 - ET DROP Known Bot C&C Server Traffic (group 7)
>> (bleeding-botcc.rules)
>> 2404007 - ET DROP Known Bot C&C Server Traffic (group 8)
>> (bleeding-botcc.rules)
>> 2404008 - ET DROP Known Bot C&C Server Traffic (group 9)
>> (bleeding-botcc.rules)
>> 2404009 - ET DROP Known Bot C&C Server Traffic (group 10)
>> (bleeding-botcc.rules)
>> 2404010 - ET DROP Known Bot C&C Server Traffic (group 11)
>> (bleeding-botcc.rules)
>> 2404011 - ET DROP Known Bot C&C Server Traffic (group 12)
>> (bleeding-botcc.rules)
>> 2404012 - ET DROP Known Bot C&C Server Traffic (group 13)
>> (bleeding-botcc.rules)
>> 2404013 - ET DROP Known Bot C&C Server Traffic (group 14)
>> (bleeding-botcc.rules)
>> 2404014 - ET DROP Known Bot C&C Server Traffic (group 15)
>> (bleeding-botcc.rules)
>> 2404015 - ET DROP Known Bot C&C Server Traffic (group 16)
>> (bleeding-botcc.rules)
>> 2404016 - ET DROP Known Bot C&C Server Traffic (group 17)
>> (bleeding-botcc.rules)
>> 2404017 - ET DROP Known Bot C&C Server Traffic (group 18)
>> (bleeding-botcc.rules)
>> 2405000 - ET DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE
>> (bleeding-botcc-BLOCK.rules)
>> 2405001 - ET DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE
>> (bleeding-botcc-BLOCK.rules)
>> 2405002 - ET DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE
>> (bleeding-botcc-BLOCK.rules)
>> 2405003 - ET DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE
>> (bleeding-botcc-BLOCK.rules)
>> 2405004 - ET DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE
>> (bleeding-botcc-BLOCK.rules)
>> 2405005 - ET DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE
>> (bleeding-botcc-BLOCK.rules)
>> 2405006 - ET DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE
>> (bleeding-botcc-BLOCK.rules)
>> 2405007 - ET DROP Known Bot C&C Traffic (group 8) - BLOCKING SOURCE
>> (bleeding-botcc-BLOCK.rules)
>> 2405008 - ET DROP Known Bot C&C Traffic (group 9) - BLOCKING SOURCE
>> (bleeding-botcc-BLOCK.rules)
>> 2405009 - ET DROP Known Bot C&C Traffic (group 10) - BLOCKING SOURCE
>> (bleeding-botcc-BLOCK.rules)
>> 2405010 - ET DROP Known Bot C&C Traffic (group 11) - BLOCKING SOURCE
>> (bleeding-botcc-BLOCK.rules)
>> 2405011 - ET DROP Known Bot C&C Traffic (group 12) - BLOCKING SOURCE
>> (bleeding-botcc-BLOCK.rules)
>> 2405012 - ET DROP Known Bot C&C Traffic (group 13) - BLOCKING SOURCE
>> (bleeding-botcc-BLOCK.rules)
>> 2405013 - ET DROP Known Bot C&C Traffic (group 14) - BLOCKING SOURCE
>> (bleeding-botcc-BLOCK.rules)
>> 2405014 - ET DROP Known Bot C&C Traffic (group 15) - BLOCKING SOURCE
>> (bleeding-botcc-BLOCK.rules)
>> 2405015 - ET DROP Known Bot C&C Traffic (group 16) - BLOCKING SOURCE
>> (bleeding-botcc-BLOCK.rules)
>> 2405016 - ET DROP Known Bot C&C Traffic (group 17) - BLOCKING SOURCE
>> (bleeding-botcc-BLOCK.rules)
>> 2405017 - ET DROP Known Bot C&C Traffic (group 18) - BLOCKING SOURCE
>> (bleeding-botcc-BLOCK.rules)
>> 2406005 - ET RBN Known Russian Business Network Monitored Domains (1)
>> (bleeding-rbn.rules)
>> 2406006 - ET RBN Known Russian Business Network Monitored Domains (2)
>> (bleeding-rbn.rules)
>> 2406007 - ET RBN Known Russian Business Network Monitored Domains (3)
>> (bleeding-rbn.rules)
>> 2406008 - ET RBN Known Russian Business Network Monitored Domains (4)
>> (bleeding-rbn.rules)
>> 2406009 - ET RBN Known Russian Business Network Monitored Domains (5)
>> (bleeding-rbn.rules)
>> 2406010 - ET RBN Known Russian Business Network Monitored Domains (6)
>> (bleeding-rbn.rules)
>> 2406011 - ET RBN Known Russian Business Network Monitored Domains (7)
>> (bleeding-rbn.rules)
>> 2406012 - ET RBN Known Russian Business Network Monitored Domains (8)
>> (bleeding-rbn.rules)
>> 2406013 - ET RBN Known Russian Business Network Monitored Domains (9)
>> (bleeding-rbn.rules)
>> 2406014 - ET RBN Known Russian Business Network Monitored Domains (10)
>> (bleeding-rbn.rules)
>> 2406015 - ET RBN Known Russian Business Network Monitored Domains (11)
>> (bleeding-rbn.rules)
>> 2406016 - ET RBN Known Russian Business Network Monitored Domains (12)
>> (bleeding-rbn.rules)
>> 2406017 - ET RBN Known Russian Business Network Monitored Domains (13)
>> (bleeding-rbn.rules)
>> 2406018 - ET RBN Known Russian Business Network Monitored Domains (14)
>> (bleeding-rbn.rules)
>> 2406019 - ET RBN Known Russian Business Network Monitored Domains (15)
>> (bleeding-rbn.rules)
>> 2406020 - ET RBN Known Russian Business Network Monitored Domains (16)
>> (bleeding-rbn.rules)
>> 2406021 - ET RBN Known Russian Business Network Monitored Domains (17)
>> (bleeding-rbn.rules)
>> 2406022 - ET RBN Known Russian Business Network Monitored Domains (18)
>> (bleeding-rbn.rules)
>> 2406023 - ET RBN Known Russian Business Network Monitored Domains (19)
>> (bleeding-rbn.rules)
>> 2406024 - ET RBN Known Russian Business Network Monitored Domains (20)
>> (bleeding-rbn.rules)
>> 2406025 - ET RBN Known Russian Business Network Monitored Domains (21)
>> (bleeding-rbn.rules)
>> 2406026 - ET RBN Known Russian Business Network Monitored Domains (22)
>> (bleeding-rbn.rules)
>> 2406027 - ET RBN Known Russian Business Network Monitored Domains (23)
>> (bleeding-rbn.rules)
>> 2406028 - ET RBN Known Russian Business Network Monitored Domains (24)
>> (bleeding-rbn.rules)
>> 2406029 - ET RBN Known Russian Business Network Monitored Domains (25)
>> (bleeding-rbn.rules)
>> 2406030 - ET RBN Known Russian Business Network Monitored Domains (26)
>> (bleeding-rbn.rules)
>> 2406031 - ET RBN Known Russian Business Network Monitored Domains (27)
>> (bleeding-rbn.rules)
>> 2406032 - ET RBN Known Russian Business Network Monitored Domains (28)
>> (bleeding-rbn.rules)
>> 2406033 - ET RBN Known Russian Business Network Monitored Domains (29)
>> (bleeding-rbn.rules)
>> 2406034 - ET RBN Known Russian Business Network Monitored Domains (30)
>> (bleeding-rbn.rules)
>> 2407005 - ET RBN Known Russian Business Network Monitored Domains -
>> BLOCKING (1) (bleeding-rbn-BLOCK.rules)
>> 2407006 - ET RBN Known Russian Business Network Monitored Domains -
>> BLOCKING (2) (bleeding-rbn-BLOCK.rules)
>> 2407007 - ET RBN Known Russian Business Network Monitored Domains -
>> BLOCKING (3) (bleeding-rbn-BLOCK.rules)
>> 2407008 - ET RBN Known Russian Business Network Monitored Domains -
>> BLOCKING (4) (bleeding-rbn-BLOCK.rules)
>> 2407009 - ET RBN Known Russian Business Network Monitored Domains -
>> BLOCKING (5) (bleeding-rbn-BLOCK.rules)
>> 2407010 - ET RBN Known Russian Business Network Monitored Domains -
>> BLOCKING (6) (bleeding-rbn-BLOCK.rules)
>> 2407011 - ET RBN Known Russian Business Network Monitored Domains -
>> BLOCKING (7) (bleeding-rbn-BLOCK.rules)
>> 2407012 - ET RBN Known Russian Business Network Monitored Domains -
>> BLOCKING (8) (bleeding-rbn-BLOCK.rules)
>> 2407013 - ET RBN Known Russian Business Network Monitored Domains -
>> BLOCKING (9) (bleeding-rbn-BLOCK.rules)
>> 2407014 - ET RBN Known Russian Business Network Monitored Domains -
>> BLOCKING (10) (bleeding-rbn-BLOCK.rules)
>> 2407015 - ET RBN Known Russian Business Network Monitored Domains -
>> BLOCKING (11) (bleeding-rbn-BLOCK.rules)
>> 2407016 - ET RBN Known Russian Business Network Monitored Domains -
>> BLOCKING (12) (bleeding-rbn-BLOCK.rules)
>> 2407017 - ET RBN Known Russian Business Network Monitored Domains -
>> BLOCKING (13) (bleeding-rbn-BLOCK.rules)
>> 2407018 - ET RBN Known Russian Business Network Monitored Domains -
>> BLOCKING (14) (bleeding-rbn-BLOCK.rules)
>> 2407019 - ET RBN Known Russian Business Network Monitored Domains -
>> BLOCKING (15) (bleeding-rbn-BLOCK.rules)
>> 2407020 - ET RBN Known Russian Business Network Monitored Domains -
>> BLOCKING (16) (bleeding-rbn-BLOCK.rules)
>> 2407021 - ET RBN Known Russian Business Network Monitored Domains -
>> BLOCKING (17) (bleeding-rbn-BLOCK.rules)
>> 2407022 - ET RBN Known Russian Business Network Monitored Domains -
>> BLOCKING (18) (bleeding-rbn-BLOCK.rules)
>> 2407023 - ET RBN Known Russian Business Network Monitored Domains -
>> BLOCKING (19) (bleeding-rbn-BLOCK.rules)
>> 2407024 - ET RBN Known Russian Business Network Monitored Domains -
>> BLOCKING (20) (bleeding-rbn-BLOCK.rules)
>> 2407025 - ET RBN Known Russian Business Network Monitored Domains -
>> BLOCKING (21) (bleeding-rbn-BLOCK.rules)
>> 2407026 - ET RBN Known Russian Business Network Monitored Domains -
>> BLOCKING (22) (bleeding-rbn-BLOCK.rules)
>> 2407027 - ET RBN Known Russian Business Network Monitored Domains -
>> BLOCKING (23) (bleeding-rbn-BLOCK.rules)
>> 2407028 - ET RBN Known Russian Business Network Monitored Domains -
>> BLOCKING (24) (bleeding-rbn-BLOCK.rules)
>> 2407029 - ET RBN Known Russian Business Network Monitored Domains -
>> BLOCKING (25) (bleeding-rbn-BLOCK.rules)
>> 2407030 - ET RBN Known Russian Business Network Monitored Domains -
>> BLOCKING (26) (bleeding-rbn-BLOCK.rules)
>> 2407031 - ET RBN Known Russian Business Network Monitored Domains -
>> BLOCKING (27) (bleeding-rbn-BLOCK.rules)
>> 2407032 - ET RBN Known Russian Business Network Monitored Domains -
>> BLOCKING (28) (bleeding-rbn-BLOCK.rules)
>> 2407033 - ET RBN Known Russian Business Network Monitored Domains -
>> BLOCKING (29) (bleeding-rbn-BLOCK.rules)
>> 2407034 - ET RBN Known Russian Business Network Monitored Domains -
>> BLOCKING (30) (bleeding-rbn-BLOCK.rules)
>>
>>
>> [+++]      Added non-rule lines:     [+++]
>>
>>     -> Added to bleeding-drop-BLOCK.rules (2):
>>        #  VERSION 1066
>>        #  Generated 2008-02-22 01:03:00 EDT
>>
>>     -> Added to bleeding-drop.rules (2):
>>        #  VERSION 1066
>>        #  Generated 2008-02-22 01:03:00 EDT
>>
>>     -> Added to bleeding-exploit.rules (3):
>>        #by Akash Mahajan
>>        #by Akash Mahajan
>>        #by Akash Mahajan
>>
>>     -> Added to bleeding-malware.rules (2):
>>        #by Will Metcalf
>>        #fake av, sig by matt jonkman
>>
>>     -> Added to bleeding-rbn-BLOCK.rules (2):
>>        #  VERSION 36
>>        #  Updated 2008-02-21 10:21:51
>>
>>     -> Added to bleeding-rbn.rules (2):
>>        #  VERSION 36
>>        #  Updated 2008-02-21 10:21:51
>>
>>     -> Added to bleeding-sid-msg.map (24):
>>        207873 || ET WEB WinIPDS Directory Traversal Vulnerabilities
>> POST || bugtraq,27757 || url,aluigi.altervista.org/adv/winipds-adv.txt
>>        2007855 || ET MALWARE OneStepSearch Host Activity
>>        2007856 || ET MALWARE System-defender.com Fake AV Install
>> Checkin || url,www.system-defender.com
>>        2007858 || ET TROJAN Delf Keylog FTP Upload
>>        2007859 || ET MALWARE Suspicious User Agent - Possible Trojan
>> Downloader (microsoft)
>>        2007860 || ET MALWARE Suspicious User Agent - Possible Trojan
>> Downloader (Internet Explorer 6.0)
>>        2007861 || ET MALWARE Softcashier.com Spyware Install Checkin
>>        2007862 || ET TROJAN LDPinch Checkin (3)
>>        2007863 || ET TROJAN Banload HTTP Checkin
>>        2007864 || ET TROJAN Banload HTTP Checkin Detected
>>        2007865 || ET MALWARE Winreanimator.com Fake AV Install Attempt
>> || url,www.winreanimator.com
>>        2007866 || ET TROJAN Gadu-Gadu.pl Related Trojan Reporting via
>> HTTP
>>        2007867 || ET TROJAN Delf HTTP Post Checkin (1)
>>        2007868 || ET MALWARE Suspicious User Agent - Possible Trojan
>> Downloader (Firefox)
>>        2007869 || ET MALWARE Vombanetwork Spyware User Agent
>> (VombaProductsInstaller)
>>        2007870 || ET MALWARE Vombanetworks.com Spyware Installer Checkin
>>        2007871 || ET WEB Philips VOIP841 Web Server Directory
>> Traversal || bugtraq,27790 || url,www.milw0rm.com/exploits/5113
>>        2007872 || ET WEB WinIPDS Directory Traversal Vulnerabilities
>> GET || bugtraq,27757 || url,aluigi.altervista.org/adv/winipds-adv.txt
>>        2007874 || ET EXPLOIT Now SMS/MMS Gateway HTTP BOF
>> Vulnerability || url,aluigi.altervista.org/adv/nowsmsz-adv.txt ||
>> bugtraq,27896
>>        2007875 || ET EXPLOIT Now SMS/MMS Gateway SMPP BOF
>> Vulnerability || url,aluigi.altervista.org/adv/nowsmsz-adv.txt ||
>> bugtraq,27896
>>        2007876 || ET EXPLOIT ExtremeZ-IP File and Print Server
>> Multiple Vulnerabilities - udp || cve,CVE-2008-0767 ||
>> url,aluigi.altervista.org/adv/ezipirla-adv.txt || bugtraq,27718
>>        2007877 || ET EXPLOIT ExtremeZ-IP File and Print Server
>> Multiple Vulnerabilities - tcp || cve,CVE-2008-0759 ||
>> url,aluigi.altervista.org/adv/ezipirla-adv.txt || bugtraq,27718
>>        2007878 || ET WEB Apple QuickTime <= 7.4.1 QTPlugin.ocx
>> Multiple Remote Stack Overflow || url,www.milw0rm.com/exploits/5110 ||
>> cve,CVE-2008-0778 || bugtraq,27769
>>        2007879 || ET EXPLOIT Cyan Soft Products Format String
>> Vulnerability || url,aluigi.altervista.org/adv/cyanuro-adv.txt ||
>> bugtraq,27728 || cve,CVE-2008-0755
>>
>>     -> Added to bleeding-sid-msg.map.txt (24):
>>        207873 || ET WEB WinIPDS Directory Traversal Vulnerabilities
>> POST || bugtraq,27757 || url,aluigi.altervista.org/adv/winipds-adv.txt
>>        2007855 || ET MALWARE OneStepSearch Host Activity
>>        2007856 || ET MALWARE System-defender.com Fake AV Install
>> Checkin || url,www.system-defender.com
>>        2007858 || ET TROJAN Delf Keylog FTP Upload
>>        2007859 || ET MALWARE Suspicious User Agent - Possible Trojan
>> Downloader (microsoft)
>>        2007860 || ET MALWARE Suspicious User Agent - Possible Trojan
>> Downloader (Internet Explorer 6.0)
>>        2007861 || ET MALWARE Softcashier.com Spyware Install Checkin
>>        2007862 || ET TROJAN LDPinch Checkin (3)
>>        2007863 || ET TROJAN Banload HTTP Checkin
>>        2007864 || ET TROJAN Banload HTTP Checkin Detected
>>        2007865 || ET MALWARE Winreanimator.com Fake AV Install Attempt
>> || url,www.winreanimator.com
>>        2007866 || ET TROJAN Gadu-Gadu.pl Related Trojan Reporting via
>> HTTP
>>        2007867 || ET TROJAN Delf HTTP Post Checkin (1)
>>        2007868 || ET MALWARE Suspicious User Agent - Possible Trojan
>> Downloader (Firefox)
>>        2007869 || ET MALWARE Vombanetwork Spyware User Agent
>> (VombaProductsInstaller)
>>        2007870 || ET MALWARE Vombanetworks.com Spyware Installer Checkin
>>        2007871 || ET WEB Philips VOIP841 Web Server Directory
>> Traversal || bugtraq,27790 || url,www.milw0rm.com/exploits/5113
>>        2007872 || ET WEB WinIPDS Directory Traversal Vulnerabilities
>> GET || bugtraq,27757 || url,aluigi.altervista.org/adv/winipds-adv.txt
>>        2007874 || ET EXPLOIT Now SMS/MMS Gateway HTTP BOF
>> Vulnerability || url,aluigi.altervista.org/adv/nowsmsz-adv.txt ||
>> bugtraq,27896
>>        2007875 || ET EXPLOIT Now SMS/MMS Gateway SMPP BOF
>> Vulnerability || url,aluigi.altervista.org/adv/nowsmsz-adv.txt ||
>> bugtraq,27896
>>        2007876 || ET EXPLOIT ExtremeZ-IP File and Print Server
>> Multiple Vulnerabilities - udp || cve,CVE-2008-0767 ||
>> url,aluigi.altervista.org/adv/ezipirla-adv.txt || bugtraq,27718
>>        2007877 || ET EXPLOIT ExtremeZ-IP File and Print Server
>> Multiple Vulnerabilities - tcp || cve,CVE-2008-0759 ||
>> url,aluigi.altervista.org/adv/ezipirla-adv.txt || bugtraq,27718
>>        2007878 || ET WEB Apple QuickTime <= 7.4.1 QTPlugin.ocx
>> Multiple Remote Stack Overflow || url,www.milw0rm.com/exploits/5110 ||
>> cve,CVE-2008-0778 || bugtraq,27769
>>        2007879 || ET EXPLOIT Cyan Soft Products Format String
>> Vulnerability || url,aluigi.altervista.org/adv/cyanuro-adv.txt ||
>> bugtraq,27728 || cve,CVE-2008-0755
>>
>>     -> Added to bleeding-virus.rules (2):
>>        #delf keylog upload, kinda flimsy but works
>>        #spyware/trojan/backdoors all reported here. sig by matt jonkman
>>
>>     -> Added to bleeding-web.rules (3):
>>        #by Akash Mahajan
>>        #by Akash Mahajan
>>        #by Akash Mahajan
>>
>> [---]     Removed non-rule lines:    [---]
>>
>>     -> Removed from bleeding-drop-BLOCK.rules (2):
>>        #  VERSION 1060
>>        #  Generated 2008-02-16 01:03:00 EDT
>>
>>     -> Removed from bleeding-drop.rules (2):
>>        #  VERSION 1060
>>        #  Generated 2008-02-16 01:03:00 EDT
>>
>>     -> Removed from bleeding-rbn-BLOCK.rules (2):
>>        #  VERSION 35
>>        #  Updated 2008-02-08 16:03:09
>>
>>     -> Removed from bleeding-rbn.rules (2):
>>        #  VERSION 35
>>        #  Updated 2008-02-08 16:03:09
>>
>> _______________________________________________
>> Emerging-sigs mailing list
>> Emerging-sigs at ...3335...
>> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>>
>> -- 
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>>
>>
>> -- 
>> No virus found in this incoming message.
>> Checked by AVG Free Edition.
>> Version: 7.5.516 / Virus Database: 269.20.9/1293 - Release Date:
>> 2008/2/22 ¤W¤È 09:21
>>
>>
> 
> 

-- 
--------------------------------------------
Matthew Jonkman
Emerging Threats
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
--------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc






More information about the Snort-sigs mailing list