[Snort-sigs] Emerging Threats Daily Signature Changes

emerging at ...3335... emerging at ...3335...
Mon Feb 25 17:00:09 EST 2008


[***] Results from Oinkmaster started Mon Feb 25 17:00:09 2008 [***]

[+++]          Added rules:          [+++]

 2007873 - ET WEB WinIPDS Directory Traversal Vulnerabilities POST (bleeding-web.rules)


[///]     Modified active rules:     [///]

 2003392 - ET TROJAN Warezov/Stration Communicating with Controller (bleeding-virus.rules)
 2003436 - ET TROJAN Warezov/Stration Communicating with Controller 2 (bleeding-virus.rules)


[---]         Disabled rules:        [---]

 2007634 - ET TROJAN Storm Worm Encrypted Traffic Outbound - Likely Search by md5 (bleeding-virus.rules)
 2007635 - ET TROJAN Storm Worm Encrypted Traffic Inbound - Likely Connect Ack (bleeding-virus.rules)
 2007637 - ET TROJAN Storm Worm Encrypted Traffic Outbound - Likely Connect Ack (bleeding-virus.rules)


[---]         Removed rules:         [---]

  207873 - ET WEB WinIPDS Directory Traversal Vulnerabilities POST (bleeding-web.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (1):
        2007873 || ET WEB WinIPDS Directory Traversal Vulnerabilities POST || bugtraq,27757 || url,aluigi.altervista.org/adv/winipds-adv.txt

     -> Added to bleeding-sid-msg.map.txt (1):
        2007873 || ET WEB WinIPDS Directory Traversal Vulnerabilities POST || bugtraq,27757 || url,aluigi.altervista.org/adv/winipds-adv.txt

     -> Added to bleeding-virus.rules (1):
        #disabling by default. 2007701 and 2007702 are more reliable. These tend to hit on skype and game traffic

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (1):
        207873 || ET WEB WinIPDS Directory Traversal Vulnerabilities POST || bugtraq,27757 || url,aluigi.altervista.org/adv/winipds-adv.txt

     -> Removed from bleeding-sid-msg.map.txt (1):
        207873 || ET WEB WinIPDS Directory Traversal Vulnerabilities POST || bugtraq,27757 || url,aluigi.altervista.org/adv/winipds-adv.txt





More information about the Snort-sigs mailing list