|
|
|
Choosing A Webhost: |
Bleeding Edge Threats Daily Signature Changes: msg#00133security.ids.snort.bleedingsnort
[***] Results from Oinkmaster started Sat Jan 20 20:00:06 2007 [***] [+++] Added rules: [+++] 2003934 - BLEEDING-EDGE Malware Comet Systems Spyware Cursor DL (bleeding-malware.rules) [///] Modified active rules: [///] 2003217 - BLEEDING-EDGE MALWARE 180solutions (Zango) Spyware Installer Config 2 (bleeding-malware.rules) 2003243 - BLEEDING-EDGE MALWARE Suspicious User Agent (Download Agent) Possibly Related to TrinityAcquisitions.com (bleeding-malware.rules) 2400000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules) 2400001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules) 2400002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules) 2400003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules) 2400004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules) 2401000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules) 2401001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules) 2401002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules) 2401003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules) 2401004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules) 2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source (bleeding-dshield.rules) 2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING (bleeding-dshield-BLOCK.rules) 2404000 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 1) (bleeding-botcc.rules) 2404001 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 2) (bleeding-botcc.rules) 2404002 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 3) (bleeding-botcc.rules) 2404003 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 4) (bleeding-botcc.rules) 2404004 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 5) (bleeding-botcc.rules) 2404005 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 6) (bleeding-botcc.rules) 2405000 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules) 2405001 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules) 2405002 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules) 2405003 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules) 2405004 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules) 2405005 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules) [+++] Added non-rule lines: [+++] -> Added to bleeding-drop-BLOCK.rules (1): # VERSION 61 -> Added to bleeding-drop.rules (1): # VERSION 61 -> Added to bleeding-malware.rules (1): #from spywarelp data -> Added to bleeding-sid-msg.map (2): 2003243 || BLEEDING-EDGE MALWARE Suspicious User Agent (Download Agent) Possibly Related to TrinityAcquisitions.com 2003934 || BLEEDING-EDGE Malware Comet Systems Spyware Cursor DL [---] Removed non-rule lines: [---] -> Removed from bleeding-attack_response.rules (1): # $Id: bleeding-attack_response.rules $ -> Removed from bleeding-dos.rules (1): # $Id: bleeding-dos.rules $ -> Removed from bleeding-drop-BLOCK.rules (1): # VERSION 60 -> Removed from bleeding-drop.rules (1): # VERSION 60 -> Removed from bleeding-exploit.rules (1): # $Id: bleeding-exploit.rules $ -> Removed from bleeding-game.rules (1): # $Id: bleeding-game.rules $ -> Removed from bleeding-inappropriate.rules (1): # $Id: bleeding-inappropriate.rules $ -> Removed from bleeding-malware.rules (1): # $Id: bleeding-malware.rules $ -> Removed from bleeding-p2p.rules (1): # $Id: bleeding-p2p.rules $ -> Removed from bleeding-policy.rules (1): # $Id: bleeding-policy.rules $ -> Removed from bleeding-scan.rules (1): # $Id: bleeding-scan.rules $ -> Removed from bleeding-sid-msg.map (1): 2003243 || BLEEDING-EDGE MALWARE Suspicious User Agent (Download Agent) Possibly Related to TrinityAcquisitions.com || url,www.bleedingthreats.net/index.php/about-bleeding-edge-threats/all-projects/spyware-listening-post/download-agent-user-agent-research/ -> Removed from bleeding-virus.rules (1): # $Id: bleeding-virus.rules $ -> Removed from bleeding-web.rules (1): # $Id: bleeding-web.rules $
|
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Bleeding Edge Threats Daily Signature Changes, bleeding-WwB1pFISwSkm7effSn6vN9HuzzzSOjJt |
|---|---|
| Next by Date: | Stormy P2P bot Sigs, Matt Jonkman |
| Previous by Thread: | Bleeding Edge Threats Daily Signature Changes, bleeding-WwB1pFISwSkm7effSn6vN9HuzzzSOjJt |
| Next by Thread: | Bleeding Edge Threats Daily Signature Changes, bleeding-WwB1pFISwSkm7effSn6vN9HuzzzSOjJt |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
Free MagazinesCisco NewsReceive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business. subscribe Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field. subscribe The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business. subscribe Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company. subscribe Total Telecom Total Telecom is "The Economist of the communications industry". subscribe |
