|
|
Bleeding Edge Threats Daily Signature Changes: msg#00132security.ids.snort.bleedingsnort
[***] Results from Oinkmaster started Fri Jan 19 20:00:06 2007 [***] [+++] Added rules: [+++] 2003930 - BLEEDING-EDGE POLICY FTP Login Attempt (non-anonymous) (bleeding-policy.rules) 2003931 - BLEEDING-EDGE MALWARE Effectivebrands.com Spyware Checkin (bleeding-malware.rules) 2003932 - BLEEDING-EDGE MALWARE Zango-Hotbar User Agent (sbu-hb-) (bleeding-malware.rules) 2003933 - BLEEDING-EDGE MALWARE 180solutions Spyware (tracked event 2 reporting) (bleeding-malware.rules) [///] Modified active rules: [///] 2003217 - BLEEDING-EDGE MALWARE 180solutions (Zango) Spyware Installer Config 2 (bleeding-malware.rules) 2400000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules) 2400001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules) 2400002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules) 2400003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules) 2400004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules) 2401000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules) 2401001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules) 2401002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules) 2401003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules) 2401004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules) 2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source (bleeding-dshield.rules) 2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING (bleeding-dshield-BLOCK.rules) 2404000 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 1) (bleeding-botcc.rules) 2404001 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 2) (bleeding-botcc.rules) 2404002 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 3) (bleeding-botcc.rules) 2404003 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 4) (bleeding-botcc.rules) 2404004 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 5) (bleeding-botcc.rules) 2404005 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 6) (bleeding-botcc.rules) 2405000 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules) 2405001 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules) 2405002 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules) 2405003 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules) 2405004 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules) 2405005 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules) [+++] Added non-rule lines: [+++] -> Added to bleeding-attack_response.rules (1): # $Id: bleeding-attack_response.rules $ -> Added to bleeding-dos.rules (1): # $Id: bleeding-dos.rules $ -> Added to bleeding-drop-BLOCK.rules (1): # VERSION 60 -> Added to bleeding-drop.rules (1): # VERSION 60 -> Added to bleeding-exploit.rules (1): # $Id: bleeding-exploit.rules $ -> Added to bleeding-game.rules (1): # $Id: bleeding-game.rules $ -> Added to bleeding-inappropriate.rules (1): # $Id: bleeding-inappropriate.rules $ -> Added to bleeding-malware.rules (4): # $Id: bleeding-malware.rules $ #more from the spywarelp #Matt jonkman #from spyware listening post data -> Added to bleeding-p2p.rules (1): # $Id: bleeding-p2p.rules $ -> Added to bleeding-policy.rules (4): # $Id: bleeding-policy.rules $ #by Steven Adair at securityzone.org #Rule to catch all FTP logins that do not start with "anonymous" or "ftp" # and do not contain "pass " (pass followed by a space). -steven@securityzone -> Added to bleeding-scan.rules (1): # $Id: bleeding-scan.rules $ -> Added to bleeding-sid-msg.map (4): 2003930 || BLEEDING-EDGE POLICY FTP Login Attempt (non-anonymous) 2003931 || BLEEDING-EDGE MALWARE Effectivebrands.com Spyware Checkin 2003932 || BLEEDING-EDGE MALWARE Zango-Hotbar User Agent (sbu-hb-) 2003933 || BLEEDING-EDGE MALWARE 180solutions Spyware (tracked event 2 reporting) || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html -> Added to bleeding-virus.rules (1): # $Id: bleeding-virus.rules $ -> Added to bleeding-web.rules (1): # $Id: bleeding-web.rules $ [---] Removed non-rule lines: [---] -> Removed from bleeding-drop-BLOCK.rules (1): # VERSION 59 -> Removed from bleeding-drop.rules (1): # VERSION 59 |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | RE: Question on snorting a pcap file: 00132, Matt Jonkman |
|---|---|
| Next by Date: | Bleeding Edge Threats Daily Signature Changes: 00132, bleeding-WwB1pFISwSkm7effSn6vN9HuzzzSOjJt |
| Previous by Thread: | Bleeding Edge Threats Daily Signature Changesi: 00132, bleeding-WwB1pFISwSkm7effSn6vN9HuzzzSOjJt |
| Next by Thread: | Bleeding Edge Threats Daily Signature Changes: 00132, bleeding-WwB1pFISwSkm7effSn6vN9HuzzzSOjJt |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |