[Snort-sigs] Emerging Threats Daily Signature Changes

emerging at ...3335... emerging at ...3335...
Sat Mar 15 17:00:08 EDT 2008


[***] Results from Oinkmaster started Sat Mar 15 17:00:08 2008 [***]

[+++]          Added rules:          [+++]

 2008000 - ET MALWARE Easydownloadsoft.com Fake Anti-Virus User Agent (IM Downloader) (bleeding-malware.rules)
 2008001 - ET CURRENT_EVENTS 2117966.net/iframe exploit (infection) (bleeding.rules)
 2008002 - ET CURRENT_EVENTS 2117966.net/iframe exploit (attempt) (bleeding.rules)


[///]     Modified active rules:     [///]

 2007862 - ET TROJAN LDPinch Checkin (3) (bleeding-virus.rules)
 2007983 - ET TROJAN LDPinch Checkin (4) (bleeding-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (3):
        2008000 || ET MALWARE Easydownloadsoft.com Fake Anti-Virus User Agent (IM Downloader)
        2008001 || ET CURRENT_EVENTS 2117966.net/iframe exploit (infection) || url,isc.sans.org/diary.html?storyid=4139
        2008002 || ET CURRENT_EVENTS 2117966.net/iframe exploit (attempt) || url,isc.sans.org/diary.html?storyid=4139

     -> Added to bleeding-sid-msg.map.txt (3):
        2008000 || ET MALWARE Easydownloadsoft.com Fake Anti-Virus User Agent (IM Downloader)
        2008001 || ET CURRENT_EVENTS 2117966.net/iframe exploit (infection) || url,isc.sans.org/diary.html?storyid=4139
        2008002 || ET CURRENT_EVENTS 2117966.net/iframe exploit (attempt) || url,isc.sans.org/diary.html?storyid=4139

     -> Added to bleeding.rules (5):
        # From SANS/Diary isc.sans.org/diary.html?storyid=4139
        # Inspect your web proxy logs for visitors to 2117966.net. This will
        # indicate who is potentially exposed. Check these systems to verify
        # that their patches are up-to-date. Systems that are successfully
        # compromised will begin sending traffic to 61.188.39.175





More information about the Snort-sigs mailing list