[Snort-sigs] Emerging Threats Daily Signature Changes

emerging at ...3335... emerging at ...3335...
Sun Mar 30 17:00:10 EDT 2008


[***] Results from Oinkmaster started Sun Mar 30 17:00:10 2008 [***]

[+++]          Added rules:          [+++]

 2008067 - ET MALWARE Kwsearchguide.com Related Spyware Checkin (bleeding-malware.rules)
 2008069 - ET MALWARE Kwsearchguide.com Related Spyware Keepalive (bleeding-malware.rules)
 2008070 - ET POLICY Windows 98 User-Agent Detected - Possible Malware or Non-Updated System (Win98) (bleeding-policy.rules)
 2008071 - ET TROJAN Delf Checkin via HTTP (6) (bleeding-virus.rules)
 2008072 - ET TROJAN LDPinch Checkin (5) (bleeding-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (5):
        2008067 || ET MALWARE Kwsearchguide.com Related Spyware Checkin
        2008069 || ET MALWARE Kwsearchguide.com Related Spyware Keepalive
        2008070 || ET POLICY Windows 98 User-Agent Detected - Possible Malware or Non-Updated System (Win98) || url,doc.emergingthreats.net/bin/view/Main/Windows98UA
        2008071 || ET TROJAN Delf Checkin via HTTP (6)
        2008072 || ET TROJAN LDPinch Checkin (5)

     -> Added to bleeding-sid-msg.map.txt (5):
        2008067 || ET MALWARE Kwsearchguide.com Related Spyware Checkin
        2008069 || ET MALWARE Kwsearchguide.com Related Spyware Keepalive
        2008070 || ET POLICY Windows 98 User-Agent Detected - Possible Malware or Non-Updated System (Win98) || url,doc.emergingthreats.net/bin/view/Main/Windows98UA
        2008071 || ET TROJAN Delf Checkin via HTTP (6)
        2008072 || ET TROJAN LDPinch Checkin (5)

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (2):
        2404020 || ET DROP Known Bot C&C Server Traffic (group 21)  || url,www.shadowserver.org
        2405020 || ET DROP Known Bot C&C Traffic (group 21) - BLOCKING SOURCE || url,www.shadowserver.org

     -> Removed from bleeding-sid-msg.map.txt (2):
        2404020 || ET DROP Known Bot C&C Server Traffic (group 21)  || url,www.shadowserver.org
        2405020 || ET DROP Known Bot C&C Traffic (group 21) - BLOCKING SOURCE || url,www.shadowserver.org





More information about the Snort-sigs mailing list