|
|
Bleeding Edge Threats Daily Signature Changes: msg#00127security.ids.snort.bleedingsnort
[***] Results from Oinkmaster started Thu Jan 18 20:00:06 2007 [***] [+++] Added rules: [+++] 2003928 - BLEEDING-EDGE MALWARE KMIP.net Spyware (bleeding-malware.rules) 2003929 - BLEEDING-EDGE TROJAN psyBNC IRC Server Connection (bleeding-virus.rules) [///] Modified active rules: [///] 2003102 - BLEEDING-EDGE EXPLOIT Microsoft Multimedia Controls - ActiveX controls spline function call CSLID (bleeding-exploit.rules) 2003292 - BLEEDING-EDGE WORM Allaple ICMP Sweep Ping Outbound (bleeding-virus.rules) 2003293 - BLEEDING-EDGE WORM Allaple ICMP Sweep Reply Inbound (bleeding-virus.rules) 2003294 - BLEEDING-EDGE WORM Allaple ICMP Sweep Ping Inbound (bleeding-virus.rules) 2003295 - BLEEDING-EDGE WORM Allaple ICMP Sweep Reply Outbound (bleeding-virus.rules) 2400000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules) 2400001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules) 2400002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules) 2400003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules) 2400004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules) 2401000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules) 2401001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules) 2401002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules) 2401003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules) 2401004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules) 2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source (bleeding-dshield.rules) 2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING (bleeding-dshield-BLOCK.rules) 2404000 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 1) (bleeding-botcc.rules) 2404001 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 2) (bleeding-botcc.rules) 2404002 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 3) (bleeding-botcc.rules) 2404003 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 4) (bleeding-botcc.rules) 2404004 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 5) (bleeding-botcc.rules) 2404005 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 6) (bleeding-botcc.rules) 2405000 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules) 2405001 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules) 2405002 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules) 2405003 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules) 2405004 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules) 2405005 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules) [+++] Added non-rule lines: [+++] -> Added to bleeding-drop-BLOCK.rules (1): # VERSION 59 -> Added to bleeding-drop.rules (1): # VERSION 59 -> Added to bleeding-malware.rules (1): #from spyware listeningpost data, by matt Jonkman -> Added to bleeding-sid-msg.map (3): 2003102 || BLEEDING-EDGE EXPLOIT Microsoft Multimedia Controls - ActiveX controls spline function call CSLID || cve,2006-4446 || url,www.osvdb.org/displayvuln.php?osvdb_id=28841 2003928 || BLEEDING-EDGE MALWARE KMIP.net Spyware || url,www.kmip.net 2003929 || BLEEDING-EDGE TROJAN psyBNC IRC Server Connection -> Added to bleeding-virus.rules (1): #Another start, psyBNC servers don't always use a join, info from Reg Quinton [---] Removed non-rule lines: [---] -> Removed from bleeding-drop-BLOCK.rules (1): # VERSION 57 -> Removed from bleeding-drop.rules (1): # VERSION 57 -> Removed from bleeding-sid-msg.map (1): 2003102 || BLEEDING-EDGE EXPLOIT Microsoft Multimedia Controls - ActiveX control's spline function call CSLID || cve,2006-4446 || url,www.osvdb.org/displayvuln.php?osvdb_id=28841 |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Re: Warning -- floods of Allaple worm alerts.... sid:200329(2-5): 00127, Andre' - SemperSecurus |
|---|---|
| Next by Date: | FTP Login sig: 00127, Matt Jonkman |
| Previous by Thread: | Bleeding Edge Threats Daily Signature Changesi: 00127, bleeding-WwB1pFISwSkm7effSn6vN9HuzzzSOjJt |
| Next by Thread: | Bleeding Edge Threats Daily Signature Changes: 00127, bleeding-WwB1pFISwSkm7effSn6vN9HuzzzSOjJt |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |