[Snort-sigs] Emerging Threats Daily Signature Changes

emerging at ...3335... emerging at ...3335...
Thu Jan 10 17:00:06 EST 2008


[***] Results from Oinkmaster started Thu Jan 10 17:00:06 2008 [***]

[+++]          Added rules:          [+++]

 2007650 - BLEEDING-EDGE TROJAN Mac Trojan HTTP Checkin (accept-language violation) (bleeding-virus.rules)
 2007746 - BLEEDING-EDGE POLICY Gold VIP Club Casino Client in Use (bleeding-policy.rules)
 2007747 - BLEEDING-EDGE TROJAN MBR Trojan (Sinowal/Mebroot/) Phoning Home (bleeding-virus.rules)
 2007748 - BLEEDING-EDGE TROJAN NPRC Malicious POST Request Possible DOJ or DOT Malware (bleeding-virus.rules)


[///]     Modified active rules:     [///]

 2004115 - BLEEDING-EDGE CURRENT EVENTS MS IIS Auth Bypass Attempt (bleeding.rules)
 2007673 - BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DNS Activity TCP (1) (bleeding.rules)
 2007674 - BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DNS Activity TCP (2) (bleeding.rules)
 2007675 - BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DNS Activity TCP (3) (bleeding.rules)
 2007676 - BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DNS Activity TCP (4) (bleeding.rules)
 2007677 - BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DNS Activity TCP (5) (bleeding.rules)
 2007678 - BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DNS Activity UDP (1) (bleeding.rules)
 2007679 - BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DNS Activity UDP (2) (bleeding.rules)
 2007680 - BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DNS Activity UDP (3) (bleeding.rules)
 2007681 - BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DNS Activity UDP (4) (bleeding.rules)
 2007682 - BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DNS Activity UDP (5) (bleeding.rules)
 2007683 - BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 HTTP Activity 1 (bleeding.rules)
 2007684 - BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 HTTP Activity 2 (bleeding.rules)
 2007685 - BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 HTTP Activity 3 (bleeding.rules)
 2007686 - BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DDoS HTTP Activity OUTBOUND (bleeding.rules)
 2007687 - BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DDoS HTTP Activity INBOUND (bleeding.rules)
 2007729 - BLEEDING-EDGE CURRENT EVENTS Likely Zlob Binary Requested (VideoAccessCodecInstall.exe) (bleeding.rules)
 2007730 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (codecultra1123.exe) (bleeding.rules)
 2007731 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (codecultra1123.dmg) (bleeding.rules)
 2007732 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (codecnice1126.exe) (bleeding.rules)
 2007733 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (codecnice1126.dmg) (bleeding.rules)
 2007734 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (Install_video_3913230.exe) (bleeding.rules)
 2007735 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (virusranger.exe) (bleeding.rules)
 2007736 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (vrsvc.exe) (bleeding.rules)
 2007737 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (stripshow.exe) (bleeding.rules)
 2007738 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (happy2008.exe) (bleeding.rules)
 2007739 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (fck2008.exe) (bleeding.rules)
 2007740 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (happy_2008.exe) (bleeding.rules)
 2007741 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (sony.exe) (bleeding.rules)
 2406005 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains (1) (bleeding-rbn.rules)
 2406006 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains (2) (bleeding-rbn.rules)
 2406007 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains (3) (bleeding-rbn.rules)
 2406008 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains (4) (bleeding-rbn.rules)
 2407005 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains - BLOCKING (1) (bleeding-rbn-BLOCK.rules)
 2407006 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains - BLOCKING (2) (bleeding-rbn-BLOCK.rules)
 2407007 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains - BLOCKING (3) (bleeding-rbn-BLOCK.rules)
 2407008 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains - BLOCKING (4) (bleeding-rbn-BLOCK.rules)


[///]    Modified inactive rules:    [///]

 2006436 - BLEEDING-EDGE CURRENT EVENTS FireFox Remote Command EXE Mailto Link Detected (bleeding.rules)
 2006437 - BLEEDING-EDGE CURRENT EVENTS FireFox Remote Command EXE News Link Detected (bleeding.rules)
 2006438 - BLEEDING-EDGE CURRENT EVENTS FireFox Remote Command EXE Nntp Link Detected (bleeding.rules)
 2006439 - BLEEDING-EDGE CURRENT EVENTS FireFox Remote Command EXE Snews Link Detected (bleeding.rules)
 2006440 - BLEEDING-EDGE CURRENT EVENTS FireFox Remote Command EXE Telnet Link Detected (bleeding.rules)
 2007342 - BLEEDING-EDGE CURRENT EVENTS Vulnerable MS FlashPix ActiveX Control in Use (bleeding.rules)


[---]         Removed rules:         [---]

 2007650 - BLEEDING-EDGE CURRENT_EVENTS Mac Trojan HTTP Checkin (accept-language violation) (bleeding.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-policy.rules (2):
        #by Matt Jonkman, sandnetted binary
        #  App on port 2000 for this casino stuff. Not malicious, but likely not allowed in most environments

     -> Added to bleeding-rbn-BLOCK.rules (2):
        #  VERSION 25
        #  Updated 2008-01-09 17:42:11

     -> Added to bleeding-rbn.rules (2):
        #  VERSION 25
        #  Updated 2008-01-09 17:42:11

     -> Added to bleeding-sid-msg.map (165):
        2004115 || BLEEDING-EDGE CURRENT EVENTS MS IIS Auth Bypass Attempt || url,support.microsoft.com/kb/328832
        2006436 || BLEEDING-EDGE CURRENT EVENTS FireFox Remote Command EXE Mailto Link Detected || url,xs-sniper.com/blog/remote-command-exec-firefox-2005/
        2006437 || BLEEDING-EDGE CURRENT EVENTS FireFox Remote Command EXE News Link Detected || url,xs-sniper.com/blog/remote-command-exec-firefox-2005/
        2006438 || BLEEDING-EDGE CURRENT EVENTS FireFox Remote Command EXE Nntp Link Detected || url,xs-sniper.com/blog/remote-command-exec-firefox-2005/
        2006439 || BLEEDING-EDGE CURRENT EVENTS FireFox Remote Command EXE Snews Link Detected || url,xs-sniper.com/blog/remote-command-exec-firefox-2005/
        2006440 || BLEEDING-EDGE CURRENT EVENTS FireFox Remote Command EXE Telnet Link Detected || url,xs-sniper.com/blog/remote-command-exec-firefox-2005/
        2007342 || BLEEDING-EDGE CURRENT EVENTS Vulnerable MS FlashPix ActiveX Control in Use || url,secunia.com/advisories/26426/
        2007650 || BLEEDING-EDGE TROJAN Mac Trojan HTTP Checkin (accept-language violation)
        2007673 || BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DNS Activity TCP (1) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007674 || BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DNS Activity TCP (2) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007675 || BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DNS Activity TCP (3) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007676 || BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DNS Activity TCP (4) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007677 || BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DNS Activity TCP (5) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007678 || BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DNS Activity UDP (1) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007679 || BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DNS Activity UDP (2) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007680 || BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DNS Activity UDP (3) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007681 || BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DNS Activity UDP (4) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007682 || BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DNS Activity UDP (5) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007683 || BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 HTTP Activity 1 || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007684 || BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 HTTP Activity 2 || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007685 || BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 HTTP Activity 3 || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007686 || BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DDoS HTTP Activity OUTBOUND || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007687 || BLEEDING-EDGE CURRENT EVENTS E-Jihad 3.0 DDoS HTTP Activity INBOUND || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007729 || BLEEDING-EDGE CURRENT EVENTS Likely Zlob Binary Requested (VideoAccessCodecInstall.exe)
        2007730 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (codecultra1123.exe)
        2007731 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (codecultra1123.dmg)
        2007732 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (codecnice1126.exe)
        2007733 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (codecnice1126.dmg)
        2007734 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (Install_video_3913230.exe)
        2007735 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (virusranger.exe)
        2007736 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (vrsvc.exe)
        2007737 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (stripshow.exe)
        2007738 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (happy2008.exe)
        2007739 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (fck2008.exe)
        2007740 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (happy_2008.exe)
        2007741 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (sony.exe)
        2007746 || BLEEDING-EDGE POLICY Gold VIP Club Casino Client in Use
        2007747 || BLEEDING-EDGE TROJAN MBR Trojan (Sinowal/Mebroot/) Phoning Home
        2007748 || BLEEDING-EDGE TROJAN NPRC Malicious POST Request Possible DOJ or DOT Malware || url,www.websense.com/securitylabs/alerts/alert.php?AlertID=835
        2500001 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (2) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500002 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (3) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500003 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (4) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500004 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (5) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500005 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (6) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500006 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (7) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500007 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (8) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500008 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (9) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500009 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (10) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500010 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (11) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500011 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (12) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500012 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (13) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500013 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (14) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500014 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (15) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500015 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (16) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500016 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (17) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500017 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (18) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500018 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (19) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500019 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (20) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500020 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (21) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500021 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (22) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500022 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (23) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500023 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (24) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500024 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (25) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500025 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (26) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500026 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (27) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500027 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (28) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500028 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (29) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500029 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (30) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500030 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (31) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500031 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (32) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500032 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (33) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500033 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (34) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500034 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (35) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500035 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (36) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500036 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (37) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500037 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (38) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500038 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (39) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500039 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (40) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500040 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (41) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500041 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (42) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500042 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (43) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500043 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (44) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500044 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (45) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500045 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (46) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500046 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (47) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500047 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (48) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500048 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (49) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500049 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (50) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500050 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (51) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500051 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (52) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500052 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (53) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500053 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (54) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500054 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (55) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500055 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (56) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500056 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (57) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500057 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (58) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500058 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (59) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500059 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (60) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500060 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (61) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500061 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (62) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500062 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (63) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500063 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic (64) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510001 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (2) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510002 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (3) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510003 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (4) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510004 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (5) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510005 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (6) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510006 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (7) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510007 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (8) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510008 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (9) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510009 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (10) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510010 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (11) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510011 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (12) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510012 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (13) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510013 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (14) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510014 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (15) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510015 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (16) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510016 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (17) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510017 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (18) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510018 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (19) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510019 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (20) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510020 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (21) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510021 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (22) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510022 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (23) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510023 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (24) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510024 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (25) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510025 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (26) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510026 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (27) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510027 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (28) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510028 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (29) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510029 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (30) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510030 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (31) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510031 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (32) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510032 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (33) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510033 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (34) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510034 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (35) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510035 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (36) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510036 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (37) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510037 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (38) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510038 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (39) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510039 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (40) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510040 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (41) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510041 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (42) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510042 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (43) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510043 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (44) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510044 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (45) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510045 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (46) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510046 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (47) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510047 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (48) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510048 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (49) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510049 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (50) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510050 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (51) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510051 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (52) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510052 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (53) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510053 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (54) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510054 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (55) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510055 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (56) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510056 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (57) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510057 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (58) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510058 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (59) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510059 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (60) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510060 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (61) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510061 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (62) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510062 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (63) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510063 || BLEEDING-EDGE COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (64) || url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts

     -> Added to bleeding-virus.rules (4):
        #by Matt Jonkman, MBR Virus related
        #info from Bojan at ISC and Russell Fulton
        # sig by Russell and Matt Jonkman
        #from Matt Richard with Verisign Security Services / iDefense

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-rbn-BLOCK.rules (2):
        #  VERSION 24
        #  Updated 2008-01-08 12:32:31

     -> Removed from bleeding-rbn.rules (2):
        #  VERSION 24
        #  Updated 2008-01-08 12:32:31

     -> Removed from bleeding-sid-msg.map (36):
        2004115 || BLEEDING-EDGE CURRENT_EVENTS MS IIS Auth Bypass Attempt || url,support.microsoft.com/kb/328832
        2006436 || BLEEDING-EDGE CURRENT_EVENTS FireFox Remote Command EXE Mailto Link Detected || url,xs-sniper.com/blog/remote-command-exec-firefox-2005/
        2006437 || BLEEDING-EDGE CURRENT_EVENTS FireFox Remote Command EXE News Link Detected || url,xs-sniper.com/blog/remote-command-exec-firefox-2005/
        2006438 || BLEEDING-EDGE CURRENT_EVENTS FireFox Remote Command EXE Nntp Link Detected || url,xs-sniper.com/blog/remote-command-exec-firefox-2005/
        2006439 || BLEEDING-EDGE CURRENT_EVENTS FireFox Remote Command EXE Snews Link Detected || url,xs-sniper.com/blog/remote-command-exec-firefox-2005/
        2006440 || BLEEDING-EDGE CURRENT_EVENTS FireFox Remote Command EXE Telnet Link Detected || url,xs-sniper.com/blog/remote-command-exec-firefox-2005/
        2007342 || BLEEDING-EDGE CURRENT_EVENTS Vulnerable MS FlashPix ActiveX Control in Use || url,secunia.com/advisories/26426/
        2007650 || BLEEDING-EDGE CURRENT_EVENTS Mac Trojan HTTP Checkin (accept-language violation)
        2007673 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity TCP (1) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007674 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity TCP (2) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007675 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity TCP (3) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007676 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity TCP (4) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007677 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity TCP (5) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007678 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity UDP (1) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007679 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity UDP (2) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007680 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity UDP (3) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007681 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity UDP (4) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007682 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DNS Activity UDP (5) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007683 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 HTTP Activity 1 || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007684 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 HTTP Activity 2 || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007685 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 HTTP Activity 3 || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007686 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DDoS HTTP Activity OUTBOUND || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007687 || BLEEDING-EDGE CURRENT_EVENTS E-Jihad 3.0 DDoS HTTP Activity INBOUND || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
        2007729 || BLEEDING-EDGE CURRENT_EVENTS Likely Zlob Binary Requested (VideoAccessCodecInstall.exe)
        2007730 || BLEEDING-EDGE CURRENT_EVENTS Likely Storm Binary Requested (codecultra1123.exe)
        2007731 || BLEEDING-EDGE CURRENT_EVENTS Likely Storm Binary Requested (codecultra1123.dmg)
        2007732 || BLEEDING-EDGE CURRENT_EVENTS Likely Storm Binary Requested (codecnice1126.exe)
        2007733 || BLEEDING-EDGE CURRENT_EVENTS Likely Storm Binary Requested (codecnice1126.dmg)
        2007734 || BLEEDING-EDGE CURRENT_EVENTS Likely Storm Binary Requested (Install_video_3913230.exe)
        2007735 || BLEEDING-EDGE CURRENT_EVENTS Likely Storm Binary Requested (virusranger.exe)
        2007736 || BLEEDING-EDGE CURRENT_EVENTS Likely Storm Binary Requested (vrsvc.exe)
        2007737 || BLEEDING-EDGE CURRENT_EVENTS Likely Storm Binary Requested (stripshow.exe)
        2007738 || BLEEDING-EDGE CURRENT_EVENTS Likely Storm Binary Requested (happy2008.exe)
        2007739 || BLEEDING-EDGE CURRENT_EVENTS Likely Storm Binary Requested (fck2008.exe)
        2007740 || BLEEDING-EDGE CURRENT_EVENTS Likely Storm Binary Requested (happy_2008.exe)
        2007741 || BLEEDING-EDGE CURRENT_EVENTS Likely Storm Binary Requested (sony.exe)

     -> Removed from bleeding.rules (3):
        #needs a better name
        #info from Bojan at ISC and Russell Fulton
        # sig by Russell and Matt Jonkman





More information about the Snort-sigs mailing list