[Snort-sigs] Emerging Threats Daily Signature Changes

emerging at ...3335... emerging at ...3335...
Tue Jan 15 17:00:07 EST 2008


[***] Results from Oinkmaster started Tue Jan 15 17:00:07 2008 [***]

[+++]          Added rules:          [+++]

 2007760 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (withlove.exe) (bleeding.rules)
 2007761 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (with_love.exe) (bleeding.rules)


[---]         Removed rules:         [---]

 2007729 - BLEEDING-EDGE CURRENT EVENTS Likely Zlob Binary Requested (VideoAccessCodecInstall.exe) (bleeding.rules)
 2007730 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (codecultra1123.exe) (bleeding.rules)
 2007731 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (codecultra1123.dmg) (bleeding.rules)
 2007732 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (codecnice1126.exe) (bleeding.rules)
 2007733 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (codecnice1126.dmg) (bleeding.rules)
 2007734 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (Install_video_3913230.exe) (bleeding.rules)
 2007735 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (virusranger.exe) (bleeding.rules)
 2007736 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (vrsvc.exe) (bleeding.rules)
 2007737 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (stripshow.exe) (bleeding.rules)
 2007738 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (happy2008.exe) (bleeding.rules)
 2007739 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (fck2008.exe) (bleeding.rules)
 2007740 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (happy_2008.exe) (bleeding.rules)
 2007741 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (sony.exe) (bleeding.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (4):
        2007760 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (withlove.exe) || url,asert.arbornetworks.com/2008/01/storm-loves-you-new-campaign-valentines-day-theme/
        2007761 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (with_love.exe) || url,asert.arbornetworks.com/2008/01/storm-loves-you-new-campaign-valentines-day-theme/
        2402000 || BLEEDING-EDGE DROP Dshield Block Listed Source || url,feeds.dshield.org/block.txt
        2403000 || BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING || url,feeds.dshield.org/block.txt

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (13):
        2007729 || BLEEDING-EDGE CURRENT EVENTS Likely Zlob Binary Requested (VideoAccessCodecInstall.exe)
        2007730 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (codecultra1123.exe)
        2007731 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (codecultra1123.dmg)
        2007732 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (codecnice1126.exe)
        2007733 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (codecnice1126.dmg)
        2007734 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (Install_video_3913230.exe)
        2007735 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (virusranger.exe)
        2007736 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (vrsvc.exe)
        2007737 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (stripshow.exe)
        2007738 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (happy2008.exe)
        2007739 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (fck2008.exe)
        2007740 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (happy_2008.exe)
        2007741 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (sony.exe)

     -> Removed from bleeding.rules (2):
        # these may only be good for a few days, but considering the volume of infections and the high-profile
        #  plaves at blogspot, it's worth pushing these sigs out for a few days





More information about the Snort-sigs mailing list