[Snort-sigs] Emerging Threats Weekly Signature Changes

emerging at ...3335... emerging at ...3335...
Sat Jun 14 18:00:08 EDT 2008


[***] Results from Oinkmaster started Sat Jun 14 18:00:08 2008 [***]

[+++]          Added rules:          [+++]

  200829 - ET MALWARE AntiSpywareMaster.com Fake AV User-Agent (emerging-malware.rules)
 2008280 - ET TROJAN 3alupKo/Win32.Socks.n Related Checkin URL (emerging-virus.rules)
 2008282 - ET TROJAN Antispywaremaster.com Fake AV Checkin (emerging-virus.rules)


[///]     Modified active rules:     [///]

 2007712 - ET TROJAN Srizbi requesting template (emerging-virus.rules)
 2007802 - ET SCAN Grim's Ping ftp scanning tool (emerging-scan.rules)


[---]         Disabled rules:        [---]

 2008275 - ET TROJAN Hitpop Checkin (emerging-virus.rules)


[---]         Removed rules:         [---]

 2002007 - ET MALWARE Wildmedia Spyware User Agent Activity (emerging-malware.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to emerging-sid-msg.map (3):
        200829 || ET MALWARE AntiSpywareMaster.com Fake AV User-Agent
        2008280 || ET TROJAN 3alupKo/Win32.Socks.n Related Checkin URL
        2008282 || ET TROJAN Antispywaremaster.com Fake AV Checkin

     -> Added to emerging-sid-msg.map.txt (3):
        200829 || ET MALWARE AntiSpywareMaster.com Fake AV User-Agent
        2008280 || ET TROJAN 3alupKo/Win32.Socks.n Related Checkin URL
        2008282 || ET TROJAN Antispywaremaster.com Fake AV Checkin

     -> Added to emerging-virus.rules (2):
        #Disabled for now, getting many false positives
        #matt Jonkman, Win32.Socks.n

[---]     Removed non-rule lines:    [---]

     -> Removed from emerging-sid-msg.map (1):
        2002007 || ET MALWARE Wildmedia Spyware User Agent Activity

     -> Removed from emerging-sid-msg.map.txt (1):
        2002007 || ET MALWARE Wildmedia Spyware User Agent Activity





More information about the Snort-sigs mailing list