|
Bleeding Edge Threats Daily Signature Changes: msg#00133security.ids.snort.bleedingsnort
[***] Results from Oinkmaster started Sat Jan 20 20:00:06 2007 [***] [+++] Added rules: [+++] 2003934 - BLEEDING-EDGE Malware Comet Systems Spyware Cursor DL (bleeding-malware.rules) [///] Modified active rules: [///] 2003217 - BLEEDING-EDGE MALWARE 180solutions (Zango) Spyware Installer Config 2 (bleeding-malware.rules) 2003243 - BLEEDING-EDGE MALWARE Suspicious User Agent (Download Agent) Possibly Related to TrinityAcquisitions.com (bleeding-malware.rules) 2400000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules) 2400001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules) 2400002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules) 2400003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules) 2400004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules) 2401000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules) 2401001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules) 2401002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules) 2401003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules) 2401004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules) 2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source (bleeding-dshield.rules) 2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING (bleeding-dshield-BLOCK.rules) 2404000 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 1) (bleeding-botcc.rules) 2404001 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 2) (bleeding-botcc.rules) 2404002 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 3) (bleeding-botcc.rules) 2404003 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 4) (bleeding-botcc.rules) 2404004 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 5) (bleeding-botcc.rules) 2404005 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 6) (bleeding-botcc.rules) 2405000 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules) 2405001 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules) 2405002 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules) 2405003 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules) 2405004 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules) 2405005 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules) [+++] Added non-rule lines: [+++] -> Added to bleeding-drop-BLOCK.rules (1): # VERSION 61 -> Added to bleeding-drop.rules (1): # VERSION 61 -> Added to bleeding-malware.rules (1): #from spywarelp data -> Added to bleeding-sid-msg.map (2): 2003243 || BLEEDING-EDGE MALWARE Suspicious User Agent (Download Agent) Possibly Related to TrinityAcquisitions.com 2003934 || BLEEDING-EDGE Malware Comet Systems Spyware Cursor DL [---] Removed non-rule lines: [---] -> Removed from bleeding-attack_response.rules (1): # $Id: bleeding-attack_response.rules $ -> Removed from bleeding-dos.rules (1): # $Id: bleeding-dos.rules $ -> Removed from bleeding-drop-BLOCK.rules (1): # VERSION 60 -> Removed from bleeding-drop.rules (1): # VERSION 60 -> Removed from bleeding-exploit.rules (1): # $Id: bleeding-exploit.rules $ -> Removed from bleeding-game.rules (1): # $Id: bleeding-game.rules $ -> Removed from bleeding-inappropriate.rules (1): # $Id: bleeding-inappropriate.rules $ -> Removed from bleeding-malware.rules (1): # $Id: bleeding-malware.rules $ -> Removed from bleeding-p2p.rules (1): # $Id: bleeding-p2p.rules $ -> Removed from bleeding-policy.rules (1): # $Id: bleeding-policy.rules $ -> Removed from bleeding-scan.rules (1): # $Id: bleeding-scan.rules $ -> Removed from bleeding-sid-msg.map (1): 2003243 || BLEEDING-EDGE MALWARE Suspicious User Agent (Download Agent) Possibly Related to TrinityAcquisitions.com || url,www.bleedingthreats.net/index.php/about-bleeding-edge-threats/all-projects/spyware-listening-post/download-agent-user-agent-research/ -> Removed from bleeding-virus.rules (1): # $Id: bleeding-virus.rules $ -> Removed from bleeding-web.rules (1): # $Id: bleeding-web.rules $ |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Bleeding Edge Threats Daily Signature Changes: 00133, bleeding-WwB1pFISwSkm7effSn6vN9HuzzzSOjJt |
|---|---|
| Next by Date: | Stormy P2P bot Sigs: 00133, Matt Jonkman |
| Previous by Thread: | Bleeding Edge Threats Daily Signature Changesi: 00133, bleeding-WwB1pFISwSkm7effSn6vN9HuzzzSOjJt |
| Next by Thread: | Bleeding Edge Threats Daily Signature Changes: 00133, bleeding-WwB1pFISwSkm7effSn6vN9HuzzzSOjJt |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |