[Snort-sigs] Emerging Threats Weekly Signature Changes

emerging at ...3335... emerging at ...3335...
Sat Jan 19 19:00:07 EST 2008


[***] Results from Oinkmaster started Sat Jan 19 19:00:07 2008 [***]

[+++]          Added rules:          [+++]

 2007758 - BLEEDING-EDGE TROJAN Eldorado.BHO User-Agent Detected (bleeding-virus.rules)
 2007759 - BLEEDING-EDGE MALWARE Alfaantivirus.com Fake Anti-Virus User Agent (IM Download) (bleeding-malware.rules)
 2007760 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (withlove.exe) (bleeding.rules)
 2007761 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (with_love.exe) (bleeding.rules)
 2007762 - BLEEDING-EDGE POLICY Majestic-12 Spider Bot User-Agent Inbound (MJ12bot) (bleeding-policy.rules)
 2007763 - BLEEDING-EDGE POLICY CBS Streaming Video (bleeding-policy.rules)
 2007764 - BLEEDING-EDGE POLICY NBC Streaming Video (bleeding-policy.rules)
 2007765 - BLEEDING-EDGE POLICY Logmein.com Host List Download (bleeding-policy.rules)
 2007766 - BLEEDING-EDGE POLICY Logmein.com Update Activity (bleeding-policy.rules)
 2007767 - BLEEDING-EDGE TROJAN Pakes User-Agent Detected (bleeding-virus.rules)


[///]     Modified active rules:     [///]

 2003224 - BLEEDING-EDGE MALWARE Megaupload Spyware User Agent (bleeding-malware.rules)
 2007697 - BLEEDING-EDGE MALWARE Antivirgear.com Fake Anti-Spyware User Agent (AntiVirGear) (bleeding-malware.rules)
 2007744 - BLEEDING-EDGE MALWARE Guard-Center.com Fake AntiVirus Post-Install Checkin (bleeding-malware.rules)
 2400000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2401000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source (bleeding-dshield.rules)
 2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING (bleeding-dshield-BLOCK.rules)
 2404000 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 1)  (bleeding-botcc.rules)
 2404001 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 2)  (bleeding-botcc.rules)
 2404002 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 3)  (bleeding-botcc.rules)
 2404003 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 4)  (bleeding-botcc.rules)
 2404004 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 5)  (bleeding-botcc.rules)
 2404005 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 6)  (bleeding-botcc.rules)
 2404006 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 7)  (bleeding-botcc.rules)
 2404007 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 8)  (bleeding-botcc.rules)
 2404008 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 9)  (bleeding-botcc.rules)
 2404009 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 10)  (bleeding-botcc.rules)
 2404010 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 11)  (bleeding-botcc.rules)
 2404011 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 12)  (bleeding-botcc.rules)
 2404012 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 13)  (bleeding-botcc.rules)
 2404013 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 14)  (bleeding-botcc.rules)
 2404014 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 15)  (bleeding-botcc.rules)
 2404015 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 16)  (bleeding-botcc.rules)
 2404016 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 17)  (bleeding-botcc.rules)
 2405000 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405001 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405002 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405003 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405004 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405005 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405006 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405007 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 8) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405008 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 9) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405009 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 10) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405010 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 11) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405011 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 12) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405012 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 13) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405013 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 14) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405014 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 15) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405015 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 16) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405016 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 17) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2406000 - BLEEDING-EDGE RBN Known Russian Business Network Traffic - Hosting Nets (bleeding-rbn.rules)
 2406001 - BLEEDING-EDGE RBN Known Russian Business Network Traffic - Individual Hosts (bleeding-rbn.rules)
 2406002 - BLEEDING-EDGE RBN Known Russian Business Network Traffic - Chinese Nets (bleeding-rbn.rules)
 2406003 - BLEEDING-EDGE RBN Known Russian Business Network Traffic - Known Trojan C&Cs (bleeding-rbn.rules)
 2406004 - BLEEDING-EDGE RBN Known Russian Business Network Traffic - Central American Nets (bleeding-rbn.rules)
 2406005 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains (1) (bleeding-rbn.rules)
 2406006 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains (2) (bleeding-rbn.rules)
 2406007 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains (3) (bleeding-rbn.rules)
 2406008 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains (4) (bleeding-rbn.rules)
 2407000 - BLEEDING-EDGE RBN Known Russian Business Network Traffic - Hosting Nets - BLOCKING (bleeding-rbn-BLOCK.rules)
 2407001 - BLEEDING-EDGE RBN Known Russian Business Network Traffic - Individual Hosts - BLOCKING (bleeding-rbn-BLOCK.rules)
 2407002 - BLEEDING-EDGE RBN Known Russian Business Network Traffic - Chinese Nets - BLOCKING (bleeding-rbn-BLOCK.rules)
 2407003 - BLEEDING-EDGE RBN Known Russian Business Network Traffic - Known Trojan C&Cs - BLOCKING (bleeding-rbn-BLOCK.rules)
 2407004 - BLEEDING-EDGE RBN Known Russian Business Network Traffic - Central American Nets (bleeding-rbn-BLOCK.rules)
 2407005 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains - BLOCKING (1) (bleeding-rbn-BLOCK.rules)
 2407006 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains - BLOCKING (2) (bleeding-rbn-BLOCK.rules)
 2407007 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains - BLOCKING (3) (bleeding-rbn-BLOCK.rules)
 2407008 - BLEEDING-EDGE RBN Known Russian Business Network Monitored Domains - BLOCKING (4) (bleeding-rbn-BLOCK.rules)


[---]         Removed rules:         [---]

 2007730 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (codecultra1123.exe) (bleeding.rules)
 2007731 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (codecultra1123.dmg) (bleeding.rules)
 2007732 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (codecnice1126.exe) (bleeding.rules)
 2007733 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (codecnice1126.dmg) (bleeding.rules)
 2007734 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (Install_video_3913230.exe) (bleeding.rules)
 2007735 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (virusranger.exe) (bleeding.rules)
 2007736 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (vrsvc.exe) (bleeding.rules)
 2007737 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (stripshow.exe) (bleeding.rules)
 2007738 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (happy2008.exe) (bleeding.rules)
 2007739 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (fck2008.exe) (bleeding.rules)
 2007740 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (happy_2008.exe) (bleeding.rules)
 2007741 - BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (sony.exe) (bleeding.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-botcc-BLOCK.rules (4):
        # Emerging Threats Botnet Command and Control drop rules.
        # More information available at www.emergingthreats.net
        # Please submit any custom rules or ideas to emerging at ...3335... or the emerging-sigs mailing list
        #  Copyright (c) 2003-2008, Emerging Threats

     -> Added to bleeding-botcc.rules (4):
        # Emerging Threats Botnet Command and Control drop rules.
        # More information available at www.emergingthreats.net
        # Please submit any custom rules or ideas to emerging at ...3335... or the emerging-sigs mailing list
        #  Copyright (c) 2003-2008, Emerging Threats

     -> Added to bleeding-drop-BLOCK.rules (7):
        # $Id: bleeding-drop.rules $
        # Emerging Threats Spamhaus DROP List rules.
        # More information available at www.emergingthreats.net
        # Please submit any feedback or ideas to emerging at ...3335... or the emerging-sigs mailing list
        #  Copyright (c) 2003-2008, Emerging Threats
        #  VERSION 1032
        #  Generated 2008-01-19 01:03:03 EDT

     -> Added to bleeding-drop.rules (7):
        # $Id: bleeding-drop.rules $
        # Emerging Threats Spamhaus DROP List rules.
        # More information available at www.emergingthreats.net
        # Please submit any feedback or ideas to emerging at ...3335... or the emerging-sigs mailing list
        #  Copyright (c) 2003-2008, Emerging Threats
        #  VERSION 1032
        #  Generated 2008-01-19 01:03:03 EDT

     -> Added to bleeding-dshield-BLOCK.rules (6):
        # $Id: bleeding-dshield.rules $
        # Emerging Threats Dshield rules.
        # Rules to block Dshield identified Top Attackers (www.dshield.org)
        # More information available at www.emergingthreats.net
        # Please submit any feedback or ideas to emerging at ...3335... or the emerging-sigs mailing list
        #  Copyright (c) 2003-2008, Emerging Threats

     -> Added to bleeding-dshield.rules (6):
        # $Id: bleeding-dshield.rules $
        # Emerging Threats Dshield rules.
        # Rules to block Dshield identified Top Attackers (www.dshield.org)
        # More information available at www.emergingthreats.net
        # Please submit any feedback or ideas to emerging at ...3335... or the emerging-sigs mailing list
        #  Copyright (c) 2003-2008, Emerging Threats

     -> Added to bleeding-malware.rules (1):
        #by matt jonkman, from sandnet analysis re 200c2baf2b23e8db5f7145941548c69d

     -> Added to bleeding-policy.rules (2):
        #by William Metcalf
        #by cunningpike

     -> Added to bleeding-rbn-BLOCK.rules (7):
        # $Id: bleeding-rbn-BLOCK.rules $
        # Emerging Threats RBN rules.
        # More information available at doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
        # Please submit any feedback or ideas to emerging at ...3335... or the emerging-sigs mailing list
        #  Copyright (c) 2003-2008, Emerging Threats
        #  VERSION 26
        #  Updated 2008-01-16 09:06:08

     -> Added to bleeding-rbn.rules (7):
        # $Id: bleeding-rbn.rules $
        # Emerging Threats RBN rules.
        # More information available at doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
        # Please submit any feedback or ideas to emerging at ...3335... or the emerging-sigs mailing list
        #  Copyright (c) 2003-2008, Emerging Threats
        #  VERSION 26
        #  Updated 2008-01-16 09:06:08

     -> Added to bleeding-sid-msg.map (20):
        2007758 || BLEEDING-EDGE TROJAN Eldorado.BHO User-Agent Detected
        2007759 || BLEEDING-EDGE MALWARE Alfaantivirus.com Fake Anti-Virus User Agent (IM Download)
        2007760 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (withlove.exe) || url,asert.arbornetworks.com/2008/01/storm-loves-you-new-campaign-valentines-day-theme/
        2007761 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (with_love.exe) || url,asert.arbornetworks.com/2008/01/storm-loves-you-new-campaign-valentines-day-theme/
        2007762 || BLEEDING-EDGE POLICY Majestic-12 Spider Bot User-Agent Inbound (MJ12bot) || url,www.majestic12.co.uk/
        2007763 || BLEEDING-EDGE POLICY CBS Streaming Video
        2007764 || BLEEDING-EDGE POLICY NBC Streaming Video
        2007765 || BLEEDING-EDGE POLICY Logmein.com Host List Download
        2007766 || BLEEDING-EDGE POLICY Logmein.com Update Activity
        2007767 || BLEEDING-EDGE TROJAN Pakes User-Agent Detected
        2406000 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Hosting Nets || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
        2406001 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Individual Hosts || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
        2406002 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Chinese Nets || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
        2406003 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Known Trojan C&Cs || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
        2406004 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Central American Nets || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407000 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Hosting Nets - BLOCKING || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407001 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Individual Hosts - BLOCKING || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407002 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Chinese Nets - BLOCKING || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407003 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Known Trojan C&Cs - BLOCKING || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407004 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Central American Nets || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork

     -> Added to bleeding-virus.rules (1):
        #by Matt Jonkman, Pakes.bwp update check

     -> Added to bleeding.rules (1):
        #keeping this, still getting reports of hits

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-botcc-BLOCK.rules (4):
        # Bleeding Edge Threats Botnet Command and Control drop rules.
        # More information available at www.bleedingthreats.net
        # Please submit any custom rules or ideas to bleeding at ...3254... or the bleeding-sigs mailing list
        #  Copyright (c) 2003-2007, Bleeding Edge Threats

     -> Removed from bleeding-botcc.rules (4):
        # Bleeding Edge Threats Botnet Command and Control drop rules.
        # More information available at www.bleedingthreats.net
        # Please submit any custom rules or ideas to bleeding at ...3254... or the bleeding-sigs mailing list
        #  Copyright (c) 2003-2007, Bleeding Edge Threats

     -> Removed from bleeding-drop-BLOCK.rules (5):
        # More information available at www.bleedingthreats.net
        # Please submit any feedback or ideas to bleeding at ...3254... or the bleeding-sigs mailing list
        #  Copyright (c) 2003-2007, Bleeding Edge Threats
        #  VERSION 1024
        #  Generated 2008-01-11 01:03:03 EDT

     -> Removed from bleeding-drop.rules (5):
        # More information available at www.bleedingthreats.net
        # Please submit any feedback or ideas to bleeding at ...3254... or the bleeding-sigs mailing list
        #  Copyright (c) 2003-2007, Bleeding Edge Threats
        #  VERSION 1024
        #  Generated 2008-01-11 01:03:03 EDT

     -> Removed from bleeding-dshield-BLOCK.rules (4):
        # Rules to block Dshield identified Top Attackers (www.shield.org)
        # More information available at www.bleedingthreats.net
        # Please submit any feedback or ideas to bleeding at ...3254... or the bleeding-sigs mailing list
        #  Copyright (c) 2003-2007, Bleeding Edge Threats

     -> Removed from bleeding-dshield.rules (4):
        # Rules to block Dshield identified Top Attackers (www.shield.org)
        # More information available at www.bleedingthreats.net
        # Please submit any feedback or ideas to bleeding at ...3254... or the bleeding-sigs mailing list
        #  Copyright (c) 2003-2007, Bleeding Edge Threats

     -> Removed from bleeding-rbn-BLOCK.rules (5):
        # More information available at doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        # Please submit any feedback or ideas to bleeding at ...3254... or the bleeding-sigs mailing list
        #  Copyright (c) 2003-2007, Bleeding Edge Threats
        #  VERSION 25
        #  Updated 2008-01-09 17:42:11

     -> Removed from bleeding-rbn.rules (5):
        # More information available at doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        # Please submit any feedback or ideas to bleeding at ...3254... or the bleeding-sigs mailing list
        #  Copyright (c) 2003-2007, Bleeding Edge Threats
        #  VERSION 25
        #  Updated 2008-01-09 17:42:11

     -> Removed from bleeding-sid-msg.map (22):
        2007730 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (codecultra1123.exe)
        2007731 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (codecultra1123.dmg)
        2007732 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (codecnice1126.exe)
        2007733 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (codecnice1126.dmg)
        2007734 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (Install_video_3913230.exe)
        2007735 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (virusranger.exe)
        2007736 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (vrsvc.exe)
        2007737 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (stripshow.exe)
        2007738 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (happy2008.exe)
        2007739 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (fck2008.exe)
        2007740 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (happy_2008.exe)
        2007741 || BLEEDING-EDGE CURRENT EVENTS Likely Storm Binary Requested (sony.exe)
        2406000 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Hosting Nets || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2406001 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Individual Hosts || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2406002 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Chinese Nets || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2406003 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Known Trojan C&Cs || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2406004 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Central American Nets || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407000 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Hosting Nets - BLOCKING || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407001 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Individual Hosts - BLOCKING || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407002 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Chinese Nets - BLOCKING || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407003 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Known Trojan C&Cs - BLOCKING || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
        2407004 || BLEEDING-EDGE RBN Known Russian Business Network Traffic - Central American Nets || url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork

     -> Removed from bleeding.rules (2):
        # these may only be good for a few days, but considering the volume of infections and the high-profile
        #  plaves at blogspot, it's worth pushing these sigs out for a few days

[+] Added files (consider updating your snort.conf to include them if needed): [+]

    -> bleeding-sid-msg.map.txt





More information about the Snort-sigs mailing list