[Snort-sigs] Emerging Threats Daily Signature Changes

emerging at ...3335... emerging at ...3335...
Mon Jan 21 17:00:08 EST 2008


[***] Results from Oinkmaster started Mon Jan 21 17:00:08 2008 [***]

[+++]          Added rules:          [+++]

 2007770 - BLEEDING-EDGE TROJAN Tear Application User-Agent Detected (bleeding-virus.rules)
 2007771 - BLEEDING-EDGE TROJAN Pakes/Cutwall/Kobcka Update URL Detected (bleeding-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (4):
        2007770 || BLEEDING-EDGE TROJAN Tear Application User-Agent Detected
        2007771 || BLEEDING-EDGE TROJAN Pakes/Cutwall/Kobcka Update URL Detected
        2404017 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 18)  || url,www.shadowserver.org
        2405017 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 18) - BLOCKING SOURCE || url,www.shadowserver.org

     -> Added to bleeding-sid-msg.map.txt (4):
        2007770 || BLEEDING-EDGE TROJAN Tear Application User-Agent Detected
        2007771 || BLEEDING-EDGE TROJAN Pakes/Cutwall/Kobcka Update URL Detected
        2404017 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 18)  || url,www.shadowserver.org
        2405017 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 18) - BLOCKING SOURCE || url,www.shadowserver.org

     -> Added to bleeding-virus.rules (2):
        #Matt Jonkman, found in the sandnet
        #seeing this pattern from several named trojans, from the sandnet

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-attack_response.rules (1):
        # $Id: bleeding-attack_response.rules $

     -> Removed from bleeding-dos.rules (1):
        # $Id: bleeding-dos.rules $

     -> Removed from bleeding-exploit.rules (1):
        # $Id: bleeding-exploit.rules $

     -> Removed from bleeding-game.rules (1):
        # $Id: bleeding-game.rules $

     -> Removed from bleeding-inappropriate.rules (1):
        # $Id: bleeding-inappropriate.rules $

     -> Removed from bleeding-malware.rules (1):
        # $Id: bleeding-malware.rules $

     -> Removed from bleeding-p2p.rules (1):
        # $Id: bleeding-p2p.rules $

     -> Removed from bleeding-policy.rules (1):
        # $Id: bleeding-policy.rules $

     -> Removed from bleeding-scan.rules (1):
        # $Id: bleeding-scan.rules $

     -> Removed from bleeding-virus.rules (1):
        # $Id: bleeding-virus.rules $

     -> Removed from bleeding-voip.rules (1):
        # $Id: bleeding-voip.rules $

     -> Removed from bleeding-web.rules (1):
        # $Id: bleeding-web.rules $

     -> Removed from bleeding-web_sql_injection.rules (1):
        # $Id: bleeding-web_sql_injection.rules $

     -> Removed from bleeding.rules (1):
        # $Id: bleeding.rules $





More information about the Snort-sigs mailing list