[Snort-sigs] Emerging Threats Daily Signature Changes

emerging at ...3335... emerging at ...3335...
Mon Mar 3 17:00:10 EST 2008


[***] Results from Oinkmaster started Mon Mar  3 17:00:10 2008 [***]

[+++]          Added rules:          [+++]

 2007902 - ET CURRENT EVENTS Likely Storm Binary Requested (ecard.exe) (bleeding.rules)
 2007903 - ET EXPLOIT 4XEM VatDecoder VatCtrl Class ActiveX Control Url Property Buffer Overflow Vulnerability (bleeding-exploit.rules)
 2007904 - ET EXPLOIT RTSP MPEG4 SP Control ActiveX Control Url Property Buffer Overflow Vulnerability (bleeding-exploit.rules)
 2007905 - ET EXPLOIT D-Link MPEG4 SHM (Audio) Control ActiveX Control Url Property Buffer Overflow Vulnerability (bleeding-exploit.rules)
 2007906 - ET GAME Ourgame GLWorld 2.x hgs_startNotify()/hgs_startGame() ActiveX BoF (bleeding-game.rules)
 2007907 - ET EXPLOIT Move Networks Quantum Streaming Player Control UploadLogs() BOF (bleeding-exploit.rules)


[///]     Modified active rules:     [///]

 2002157 - ET POLICY Skype User-Agent detected (bleeding-policy.rules)
 2002950 - ET POLICY TOR 1.0 Server Key Retrieval (bleeding-policy.rules)
 2007760 - ET CURRENT EVENTS Likely Storm Binary Requested (postcard.exe) (bleeding.rules)
 2007761 - ET CURRENT EVENTS Likely Storm Binary Requested (e-card.exe) (bleeding.rules)


[---]         Removed rules:         [---]

 2007835 - ET CURRENT EVENTS Likely Storm Binary Requested (valentine.exe) (bleeding.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-exploit.rules (2):
        #by Akash Mahajan at stillsecure
        #by Akash Mahajan at Stillsecure

     -> Added to bleeding-game.rules (1):
        #by Akash Mahajan at Stillsecure

     -> Added to bleeding-sid-msg.map (9):
        2002950 || ET POLICY TOR 1.0 Server Key Retrieval || url,tor.eff.org
        2007760 || ET CURRENT EVENTS Likely Storm Binary Requested (postcard.exe)
        2007761 || ET CURRENT EVENTS Likely Storm Binary Requested (e-card.exe)
        2007902 || ET CURRENT EVENTS Likely Storm Binary Requested (ecard.exe)
        2007903 || ET EXPLOIT 4XEM VatDecoder VatCtrl Class ActiveX Control Url Property Buffer Overflow Vulnerability || url,www.milw0rm.com/exploits/5193 || bugtraq,28010
        2007904 || ET EXPLOIT RTSP MPEG4 SP Control ActiveX Control Url Property Buffer Overflow Vulnerability || url,www.milw0rm.com/exploits/5193 || bugtraq,28010
        2007905 || ET EXPLOIT D-Link MPEG4 SHM (Audio) Control ActiveX Control Url Property Buffer Overflow Vulnerability || url,www.milw0rm.com/exploits/5193 || bugtraq,28010
        2007906 || ET GAME Ourgame GLWorld 2.x hgs_startNotify()/hgs_startGame() ActiveX BoF || url,www.symantec.com/enterprise/security_response/weblog/2008/02/zeroday_exploit_for_lianzong_g.html || cve,CVE-2008-0647 || bugtraq,27626 || url,www.milw0rm.com/exploits/5153
        2007907 || ET EXPLOIT Move Networks Quantum Streaming Player Control UploadLogs() BOF || url,www.milw0rm.com/exploits/5190

     -> Added to bleeding-sid-msg.map.txt (9):
        2002950 || ET POLICY TOR 1.0 Server Key Retrieval || url,tor.eff.org
        2007760 || ET CURRENT EVENTS Likely Storm Binary Requested (postcard.exe)
        2007761 || ET CURRENT EVENTS Likely Storm Binary Requested (e-card.exe)
        2007902 || ET CURRENT EVENTS Likely Storm Binary Requested (ecard.exe)
        2007903 || ET EXPLOIT 4XEM VatDecoder VatCtrl Class ActiveX Control Url Property Buffer Overflow Vulnerability || url,www.milw0rm.com/exploits/5193 || bugtraq,28010
        2007904 || ET EXPLOIT RTSP MPEG4 SP Control ActiveX Control Url Property Buffer Overflow Vulnerability || url,www.milw0rm.com/exploits/5193 || bugtraq,28010
        2007905 || ET EXPLOIT D-Link MPEG4 SHM (Audio) Control ActiveX Control Url Property Buffer Overflow Vulnerability || url,www.milw0rm.com/exploits/5193 || bugtraq,28010
        2007906 || ET GAME Ourgame GLWorld 2.x hgs_startNotify()/hgs_startGame() ActiveX BoF || url,www.symantec.com/enterprise/security_response/weblog/2008/02/zeroday_exploit_for_lianzong_g.html || cve,CVE-2008-0647 || bugtraq,27626 || url,www.milw0rm.com/exploits/5153
        2007907 || ET EXPLOIT Move Networks Quantum Streaming Player Control UploadLogs() BOF || url,www.milw0rm.com/exploits/5190

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (4):
        2002950 || ET POLICY TOR 1.0 Server Key Retrival || url,tor.eff.org
        2007760 || ET CURRENT EVENTS Likely Storm Binary Requested (withlove.exe) || url,asert.arbornetworks.com/2008/01/storm-loves-you-new-campaign-valentines-day-theme/
        2007761 || ET CURRENT EVENTS Likely Storm Binary Requested (with_love.exe) || url,asert.arbornetworks.com/2008/01/storm-loves-you-new-campaign-valentines-day-theme/
        2007835 || ET CURRENT EVENTS Likely Storm Binary Requested (valentine.exe)

     -> Removed from bleeding-sid-msg.map.txt (4):
        2002950 || ET POLICY TOR 1.0 Server Key Retrival || url,tor.eff.org
        2007760 || ET CURRENT EVENTS Likely Storm Binary Requested (withlove.exe) || url,asert.arbornetworks.com/2008/01/storm-loves-you-new-campaign-valentines-day-theme/
        2007761 || ET CURRENT EVENTS Likely Storm Binary Requested (with_love.exe) || url,asert.arbornetworks.com/2008/01/storm-loves-you-new-campaign-valentines-day-theme/
        2007835 || ET CURRENT EVENTS Likely Storm Binary Requested (valentine.exe)





More information about the Snort-sigs mailing list