[Snort-sigs] Emerging Threats Daily Signature Changes

emerging at ...3335... emerging at ...3335...
Wed Mar 5 17:00:08 EST 2008


[***] Results from Oinkmaster started Wed Mar  5 17:00:08 2008 [***]

[+++]          Added rules:          [+++]

 2007843 - ET TROJAN Bzub2 Related RPC/Http Checkin (bleeding-virus.rules)
 2007908 - ET MALWARE Searchspy.co.kr Spyware User Agent (HTTPGETDATA) (bleeding-malware.rules)
 2007909 - ET MALWARE Searchspy.co.kr Spyware User Agent (HTTPFILEDOWN) (bleeding-malware.rules)
 2007910 - ET MALWARE Searchspy.co.kr Spyware User Agent (HTTP_FILEDOWN) (bleeding-malware.rules)
 2007911 - ET TROJAN Delf Download via HTTP (bleeding-virus.rules)
 2007912 - ET TROJAN Suspicious User-Agent - Possible Trojan-Dropper.Win32.Agent.eut (Yhrbg) (bleeding-virus.rules)
 2007913 - ET TROJAN Dialer.MC(vf) HTTP Request - Checkin (bleeding-virus.rules)
 2007914 - ET WORM SDBot HTTP Checkin (bleeding-virus.rules)
 2007917 - ET TROJAN Dropper-497 (Yumato) Initial Checkin (bleeding-virus.rules)
 2007918 - ET TROJAN Dropper-497 (Yumato) System Stats Report (bleeding-virus.rules)
 2007919 - ET TROJAN Dropper-497 Yumato Reply from server (bleeding-virus.rules)
 2007920 - ET TROJAN Dropper-497 (Yumato) Status Reply from server (bleeding-virus.rules)


[///]     Modified active rules:     [///]

 2007695 - ET POLICY Windows 98 User-Agent Detected - Possible Malware or Non-Updated System (bleeding-policy.rules)
 2007701 - ET TROJAN Storm Worm Encrypted Variant 1 Traffic (1) (bleeding-virus.rules)
 2007702 - ET TROJAN Storm Worm Encrypted Variant 1 Traffic (2) (bleeding-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-malware.rules (1):
        #by victor julien

     -> Added to bleeding-sid-msg.map (12):
        2007843 || ET TROJAN Bzub2 Related RPC/Http Checkin
        2007908 || ET MALWARE Searchspy.co.kr Spyware User Agent (HTTPGETDATA)
        2007909 || ET MALWARE Searchspy.co.kr Spyware User Agent (HTTPFILEDOWN)
        2007910 || ET MALWARE Searchspy.co.kr Spyware User Agent (HTTP_FILEDOWN)
        2007911 || ET TROJAN Delf Download via HTTP
        2007912 || ET TROJAN Suspicious User-Agent - Possible Trojan-Dropper.Win32.Agent.eut (Yhrbg)
        2007913 || ET TROJAN Dialer.MC(vf) HTTP Request - Checkin
        2007914 || ET WORM SDBot HTTP Checkin
        2007917 || ET TROJAN Dropper-497 (Yumato) Initial Checkin || url,doc.emergingthreats.net/bin/view/Main/TrojanDropper497
        2007918 || ET TROJAN Dropper-497 (Yumato) System Stats Report || url,doc.emergingthreats.net/bin/view/Main/TrojanDropper497
        2007919 || ET TROJAN Dropper-497 Yumato Reply from server || url,doc.emergingthreats.net/bin/view/Main/TrojanDropper497
        2007920 || ET TROJAN Dropper-497 (Yumato) Status Reply from server || url,doc.emergingthreats.net/bin/view/Main/TrojanDropper497

     -> Added to bleeding-sid-msg.map.txt (12):
        2007843 || ET TROJAN Bzub2 Related RPC/Http Checkin
        2007908 || ET MALWARE Searchspy.co.kr Spyware User Agent (HTTPGETDATA)
        2007909 || ET MALWARE Searchspy.co.kr Spyware User Agent (HTTPFILEDOWN)
        2007910 || ET MALWARE Searchspy.co.kr Spyware User Agent (HTTP_FILEDOWN)
        2007911 || ET TROJAN Delf Download via HTTP
        2007912 || ET TROJAN Suspicious User-Agent - Possible Trojan-Dropper.Win32.Agent.eut (Yhrbg)
        2007913 || ET TROJAN Dialer.MC(vf) HTTP Request - Checkin
        2007914 || ET WORM SDBot HTTP Checkin
        2007917 || ET TROJAN Dropper-497 (Yumato) Initial Checkin || url,doc.emergingthreats.net/bin/view/Main/TrojanDropper497
        2007918 || ET TROJAN Dropper-497 (Yumato) System Stats Report || url,doc.emergingthreats.net/bin/view/Main/TrojanDropper497
        2007919 || ET TROJAN Dropper-497 Yumato Reply from server || url,doc.emergingthreats.net/bin/view/Main/TrojanDropper497
        2007920 || ET TROJAN Dropper-497 (Yumato) Status Reply from server || url,doc.emergingthreats.net/bin/view/Main/TrojanDropper497

     -> Added to bleeding-virus.rules (3):
        #by Victor Julien
        #matt jonkman, labeled logsnif, bzub2, dopip
        #discovered by victor julien, sigs by matt jonkman, interesting one. Uses an html-like tag language on 8181





More information about the Snort-sigs mailing list