[Snort-sigs] Emerging Threats Daily Signature Changes

emerging at ...3335... emerging at ...3335...
Mon Jan 14 17:00:07 EST 2008


[***] Results from Oinkmaster started Mon Jan 14 17:00:07 2008 [***]

[+++]          Added rules:          [+++]

 2007758 - BLEEDING-EDGE TROJAN Eldorado.BHO User-Agent Detected (bleeding-virus.rules)
 2007759 - BLEEDING-EDGE MALWARE Alfaantivirus.com Fake Anti-Virus User Agent (IM Download) (bleeding-malware.rules)


[///]     Modified active rules:     [///]

 2003224 - BLEEDING-EDGE MALWARE Megaupload Spyware User Agent (bleeding-malware.rules)
 2007697 - BLEEDING-EDGE MALWARE Antivirgear.com Fake Anti-Spyware User Agent (AntiVirGear) (bleeding-malware.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-malware.rules (1):
        #by matt jonkman, from sandnet analysis re 200c2baf2b23e8db5f7145941548c69d

     -> Added to bleeding-sid-msg.map (38):
        2007758 || BLEEDING-EDGE TROJAN Eldorado.BHO User-Agent Detected
        2007759 || BLEEDING-EDGE MALWARE Alfaantivirus.com Fake Anti-Virus User Agent (IM Download)
        2400003 || BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound || url,www.spamhaus.org/drop/drop.lasso
        2400004 || BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound || url,www.spamhaus.org/drop/drop.lasso
        2401003 || BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE || url,www.spamhaus.org/drop/drop.lasso
        2401004 || BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE || url,www.spamhaus.org/drop/drop.lasso
        2404001 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 2)  || url,www.shadowserver.org
        2404002 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 3)  || url,www.shadowserver.org
        2404003 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 4)  || url,www.shadowserver.org
        2404004 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 5)  || url,www.shadowserver.org
        2404005 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 6)  || url,www.shadowserver.org
        2404006 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 7)  || url,www.shadowserver.org
        2404007 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 8)  || url,www.shadowserver.org
        2404008 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 9)  || url,www.shadowserver.org
        2404009 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 10)  || url,www.shadowserver.org
        2404010 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 11)  || url,www.shadowserver.org
        2404011 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 12)  || url,www.shadowserver.org
        2404012 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 13)  || url,www.shadowserver.org
        2404013 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 14)  || url,www.shadowserver.org
        2404014 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 15)  || url,www.shadowserver.org
        2404015 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 16)  || url,www.shadowserver.org
        2404016 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 17)  || url,www.shadowserver.org
        2405001 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE || url,www.shadowserver.org
        2405002 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE || url,www.shadowserver.org
        2405003 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE || url,www.shadowserver.org
        2405004 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE || url,www.shadowserver.org
        2405005 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE || url,www.shadowserver.org
        2405006 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE || url,www.shadowserver.org
        2405007 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 8) - BLOCKING SOURCE || url,www.shadowserver.org
        2405008 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 9) - BLOCKING SOURCE || url,www.shadowserver.org
        2405009 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 10) - BLOCKING SOURCE || url,www.shadowserver.org
        2405010 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 11) - BLOCKING SOURCE || url,www.shadowserver.org
        2405011 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 12) - BLOCKING SOURCE || url,www.shadowserver.org
        2405012 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 13) - BLOCKING SOURCE || url,www.shadowserver.org
        2405013 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 14) - BLOCKING SOURCE || url,www.shadowserver.org
        2405014 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 15) - BLOCKING SOURCE || url,www.shadowserver.org
        2405015 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 16) - BLOCKING SOURCE || url,www.shadowserver.org
        2405016 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 17) - BLOCKING SOURCE || url,www.shadowserver.org

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (2):
        2402000 || BLEEDING-EDGE DROP Dshield Block Listed Source || url,feeds.dshield.org/block.txt
        2403000 || BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING || url,feeds.dshield.org/block.txt





More information about the Snort-sigs mailing list