[Snort-sigs] Emerging Threats Daily Signature Changes

emerging at ...3335... emerging at ...3335...
Thu Jan 24 17:00:08 EST 2008


[***] Results from Oinkmaster started Thu Jan 24 17:00:08 2008 [***]

[+++]          Added rules:          [+++]

 2007779 - ET TROJAN Kpang.com Related Trojan User-Agent (bleeding-virus.rules)


[///]     Modified active rules:     [///]

 2007778 - ET TROJAN User-agent DownloadNetFile Win32.small.hsh downloader (bleeding-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (1):
        2007779 || ET TROJAN Kpang.com Related Trojan User-Agent

     -> Added to bleeding-sid-msg.map.txt (1):
        2007779 || ET TROJAN Kpang.com Related Trojan User-Agent

     -> Added to bleeding-virus.rules (1):
        #trojan using this domain and UA

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (26):
        2404005 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 6)  || url,www.shadowserver.org
        2404006 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 7)  || url,www.shadowserver.org
        2404007 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 8)  || url,www.shadowserver.org
        2404008 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 9)  || url,www.shadowserver.org
        2404009 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 10)  || url,www.shadowserver.org
        2404010 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 11)  || url,www.shadowserver.org
        2404011 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 12)  || url,www.shadowserver.org
        2404012 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 13)  || url,www.shadowserver.org
        2404013 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 14)  || url,www.shadowserver.org
        2404014 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 15)  || url,www.shadowserver.org
        2404015 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 16)  || url,www.shadowserver.org
        2404016 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 17)  || url,www.shadowserver.org
        2404017 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 18)  || url,www.shadowserver.org
        2405005 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE || url,www.shadowserver.org
        2405006 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE || url,www.shadowserver.org
        2405007 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 8) - BLOCKING SOURCE || url,www.shadowserver.org
        2405008 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 9) - BLOCKING SOURCE || url,www.shadowserver.org
        2405009 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 10) - BLOCKING SOURCE || url,www.shadowserver.org
        2405010 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 11) - BLOCKING SOURCE || url,www.shadowserver.org
        2405011 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 12) - BLOCKING SOURCE || url,www.shadowserver.org
        2405012 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 13) - BLOCKING SOURCE || url,www.shadowserver.org
        2405013 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 14) - BLOCKING SOURCE || url,www.shadowserver.org
        2405014 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 15) - BLOCKING SOURCE || url,www.shadowserver.org
        2405015 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 16) - BLOCKING SOURCE || url,www.shadowserver.org
        2405016 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 17) - BLOCKING SOURCE || url,www.shadowserver.org
        2405017 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 18) - BLOCKING SOURCE || url,www.shadowserver.org

     -> Removed from bleeding-sid-msg.map.txt (26):
        2404005 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 6)  || url,www.shadowserver.org
        2404006 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 7)  || url,www.shadowserver.org
        2404007 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 8)  || url,www.shadowserver.org
        2404008 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 9)  || url,www.shadowserver.org
        2404009 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 10)  || url,www.shadowserver.org
        2404010 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 11)  || url,www.shadowserver.org
        2404011 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 12)  || url,www.shadowserver.org
        2404012 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 13)  || url,www.shadowserver.org
        2404013 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 14)  || url,www.shadowserver.org
        2404014 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 15)  || url,www.shadowserver.org
        2404015 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 16)  || url,www.shadowserver.org
        2404016 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 17)  || url,www.shadowserver.org
        2404017 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 18)  || url,www.shadowserver.org
        2405005 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE || url,www.shadowserver.org
        2405006 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE || url,www.shadowserver.org
        2405007 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 8) - BLOCKING SOURCE || url,www.shadowserver.org
        2405008 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 9) - BLOCKING SOURCE || url,www.shadowserver.org
        2405009 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 10) - BLOCKING SOURCE || url,www.shadowserver.org
        2405010 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 11) - BLOCKING SOURCE || url,www.shadowserver.org
        2405011 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 12) - BLOCKING SOURCE || url,www.shadowserver.org
        2405012 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 13) - BLOCKING SOURCE || url,www.shadowserver.org
        2405013 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 14) - BLOCKING SOURCE || url,www.shadowserver.org
        2405014 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 15) - BLOCKING SOURCE || url,www.shadowserver.org
        2405015 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 16) - BLOCKING SOURCE || url,www.shadowserver.org
        2405016 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 17) - BLOCKING SOURCE || url,www.shadowserver.org
        2405017 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 18) - BLOCKING SOURCE || url,www.shadowserver.org





More information about the Snort-sigs mailing list