[Snort-sigs] Emerging Threats Daily Signature Changes

emerging at ...3335... emerging at ...3335...
Thu Mar 6 17:00:08 EST 2008


[***] Results from Oinkmaster started Thu Mar  6 17:00:08 2008 [***]

[+++]          Added rules:          [+++]

 2007921 - ET MALWARE Suspicious User Agent (Explorer) (bleeding-malware.rules)
 2007922 - ET TROJAN Backdoor.Win32.VB.brg C&C Checkin (bleeding-virus.rules)
 2007923 - ET TROJAN Suspicious User-Agent - Possible Trojan Downloader (Digital) (bleeding-virus.rules)
 2007924 - ET TROJAN Suspicious User-Agent - Possible Trojan Downloader (downloaded) (bleeding-virus.rules)
 2007925 - ET TROJAN Suspicious User-Agent - Possible Trojan Downloader (wnames) (bleeding-virus.rules)
 2007926 - ET TROJAN Suspicious User-Agent - Possible Trojan Downloader (cv_v5.0.0) (bleeding-virus.rules)
 2007927 - ET MALWARE Donkeyhote.co.kr Spyware User Agent (UDonkey) (bleeding-malware.rules)
 2007928 - ET MALWARE Gcashback.co.kr Spyware User Agent (InvokeAd) (bleeding-malware.rules)
 2007929 - ET MALWARE Suspicious User Agent (User-Agent\: Mozilla/4.0 (compatible\; )) (bleeding-malware.rules)


[///]     Modified active rules:     [///]

 2006429 - ET MALWARE Karine.co.kr Related Spyware User Agent (chk Profile) (bleeding-malware.rules)
 2006430 - ET MALWARE Karine.co.kr Related Spyware User Agent (Access down) (bleeding-malware.rules)


[///]    Modified inactive rules:    [///]

 2006424 - ET MALWARE Karine.co.kr Related Spyware User Agent (WebUpdate) (bleeding-malware.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (9):
        2007921 || ET MALWARE Suspicious User Agent (Explorer)
        2007922 || ET TROJAN Backdoor.Win32.VB.brg C&C Checkin
        2007923 || ET TROJAN Suspicious User-Agent - Possible Trojan Downloader (Digital)
        2007924 || ET TROJAN Suspicious User-Agent - Possible Trojan Downloader (downloaded)
        2007925 || ET TROJAN Suspicious User-Agent - Possible Trojan Downloader (wnames)
        2007926 || ET TROJAN Suspicious User-Agent - Possible Trojan Downloader (cv_v5.0.0)
        2007927 || ET MALWARE Donkeyhote.co.kr Spyware User Agent (UDonkey)
        2007928 || ET MALWARE Gcashback.co.kr Spyware User Agent (InvokeAd)
        2007929 || ET MALWARE Suspicious User Agent (User-Agent\: Mozilla/4.0 (compatible\; ))

     -> Added to bleeding-sid-msg.map.txt (9):
        2007921 || ET MALWARE Suspicious User Agent (Explorer)
        2007922 || ET TROJAN Backdoor.Win32.VB.brg C&C Checkin
        2007923 || ET TROJAN Suspicious User-Agent - Possible Trojan Downloader (Digital)
        2007924 || ET TROJAN Suspicious User-Agent - Possible Trojan Downloader (downloaded)
        2007925 || ET TROJAN Suspicious User-Agent - Possible Trojan Downloader (wnames)
        2007926 || ET TROJAN Suspicious User-Agent - Possible Trojan Downloader (cv_v5.0.0)
        2007927 || ET MALWARE Donkeyhote.co.kr Spyware User Agent (UDonkey)
        2007928 || ET MALWARE Gcashback.co.kr Spyware User Agent (InvokeAd)
        2007929 || ET MALWARE Suspicious User Agent (User-Agent\: Mozilla/4.0 (compatible\; ))





More information about the Snort-sigs mailing list