|
|
Bleeding Edge Threats Daily Signature Changes: msg#00140security.ids.snort.bleedingsnort
[***] Results from Oinkmaster started Mon Jan 22 20:00:08 2007 [***] [+++] Added rules: [+++] 2003298 - BLEEDING-EDGE MALWARE KMIP.net Spyware (bleeding-malware.rules) 2003299 - BLEEDING-EDGE TROJAN Stormy P2P bot C&C Seek Traffic Outbound (bleeding-virus.rules) 2003300 - BLEEDING-EDGE TROJAN Stormy P2P bot C&C Reply Traffic Inbound (bleeding-virus.rules) 2003301 - BLEEDING-EDGE TROJAN Stormy P2P bot C&C Data Traffic Inbound (bleeding-virus.rules) 2003302 - BLEEDING-EDGE TROJAN psyBNC IRC Server Connection (bleeding-virus.rules) 2003303 - BLEEDING-EDGE POLICY FTP Login Attempt (non-anonymous) (bleeding-policy.rules) 2003304 - BLEEDING-EDGE MALWARE Effectivebrands.com Spyware Checkin (bleeding-malware.rules) 2003305 - BLEEDING-EDGE MALWARE Zango-Hotbar User Agent (sbu-hb-) (bleeding-malware.rules) 2003306 - BLEEDING-EDGE MALWARE 180solutions Spyware (tracked event 2 reporting) (bleeding-malware.rules) 2003307 - BLEEDING-EDGE Malware Comet Systems Spyware Cursor DL (bleeding-malware.rules) 2003308 - BLEEDING-EDGE P2P Edonkey IP Request (bleeding-p2p.rules) 2003309 - BLEEDING-EDGE P2P Edonkey IP Reply (bleeding-p2p.rules) 2003310 - BLEEDING-EDGE P2P Edonkey Publicize File (bleeding-p2p.rules) 2003311 - BLEEDING-EDGE P2P Edonkey Publicize File ACK (bleeding-p2p.rules) 2003312 - BLEEDING-EDGE P2P Edonkey Connect Request (bleeding-p2p.rules) 2003313 - BLEEDING-EDGE P2P Edonkey Connect Reply and Server List (bleeding-p2p.rules) 2003314 - BLEEDING-EDGE P2P Edonkey Search Request (by file hash) (bleeding-p2p.rules) 2003315 - BLEEDING-EDGE P2P Edonkey Search Reply (bleeding-p2p.rules) 2003316 - BLEEDING-EDGE P2P Edonkey IP Query End (bleeding-p2p.rules) 2003317 - BLEEDING-EDGE P2P Edonkey Search Request (any type file) (bleeding-p2p.rules) 2003318 - BLEEDING-EDGE P2P Edonkey Get Sources Request (by hash) (bleeding-p2p.rules) 2003319 - BLEEDING-EDGE P2P Edonkey Search Request (search by name) (bleeding-p2p.rules) 2003320 - BLEEDING-EDGE P2P Edonkey Search Results (bleeding-p2p.rules) 2003321 - BLEEDING-EDGE P2P Edonkey Server Message (bleeding-p2p.rules) 2003322 - BLEEDING-EDGE P2P Edonkey Server List (bleeding-p2p.rules) 2003323 - BLEEDING-EDGE P2P Edonkey Client to Server Hello (bleeding-p2p.rules) 2003324 - BLEEDING-EDGE P2P Edonkey Server Status (bleeding-p2p.rules) [///] Modified active rules: [///] 2000335 - BLEEDING-EDGE P2P Overnet (Edonkey) Server Announce (bleeding-p2p.rules) 2001298 - BLEEDING-EDGE P2P eDonkey Server Status Request (bleeding-p2p.rules) 2001299 - BLEEDING-EDGE P2P eDonkey Server Status (bleeding-p2p.rules) 2400000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules) 2400001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules) 2400002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules) 2400003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules) 2400004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules) 2401000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules) 2401001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules) 2401002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules) 2401003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules) 2401004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules) 2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source (bleeding-dshield.rules) 2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING (bleeding-dshield-BLOCK.rules) 2404000 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 1) (bleeding-botcc.rules) 2404001 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 2) (bleeding-botcc.rules) 2404002 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 3) (bleeding-botcc.rules) 2404003 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 4) (bleeding-botcc.rules) 2404004 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 5) (bleeding-botcc.rules) 2404005 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 6) (bleeding-botcc.rules) 2405000 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules) 2405001 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules) 2405002 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules) 2405003 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules) 2405004 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules) 2405005 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules) [---] Disabled rules: [---] 2000330 - BLEEDING-EDGE P2P ed2k connection to server (bleeding-p2p.rules) [---] Removed rules: [---] 2000331 - BLEEDING-EDGE P2P ed2k file search (bleeding-p2p.rules) 2001300 - BLEEDING-EDGE P2P eDonkey Hello Request (bleeding-p2p.rules) 2001305 - BLEEDING-EDGE P2P eDonkey Search (bleeding-p2p.rules) 2003928 - BLEEDING-EDGE MALWARE KMIP.net Spyware (bleeding-malware.rules) 2003929 - BLEEDING-EDGE TROJAN psyBNC IRC Server Connection (bleeding-virus.rules) 2003930 - BLEEDING-EDGE POLICY FTP Login Attempt (non-anonymous) (bleeding-policy.rules) 2003931 - BLEEDING-EDGE MALWARE Effectivebrands.com Spyware Checkin (bleeding-malware.rules) 2003932 - BLEEDING-EDGE MALWARE Zango-Hotbar User Agent (sbu-hb-) (bleeding-malware.rules) 2003933 - BLEEDING-EDGE MALWARE 180solutions Spyware (tracked event 2 reporting) (bleeding-malware.rules) 2003934 - BLEEDING-EDGE Malware Comet Systems Spyware Cursor DL (bleeding-malware.rules) [+++] Added non-rule lines: [+++] -> Added to bleeding-drop-BLOCK.rules (1): # VERSION 63 -> Added to bleeding-drop.rules (1): # VERSION 63 -> Added to bleeding-p2p.rules (1): #Matt Jonkman -> Added to bleeding-sid-msg.map (28): 2000335 || BLEEDING-EDGE P2P Overnet (Edonkey) Server Announce || url,www.overnet.com 2003298 || BLEEDING-EDGE MALWARE KMIP.net Spyware || url,www.kmip.net 2003299 || BLEEDING-EDGE TROJAN Stormy P2P bot C&C Seek Traffic Outbound 2003300 || BLEEDING-EDGE TROJAN Stormy P2P bot C&C Reply Traffic Inbound 2003301 || BLEEDING-EDGE TROJAN Stormy P2P bot C&C Data Traffic Inbound 2003302 || BLEEDING-EDGE TROJAN psyBNC IRC Server Connection 2003303 || BLEEDING-EDGE POLICY FTP Login Attempt (non-anonymous) 2003304 || BLEEDING-EDGE MALWARE Effectivebrands.com Spyware Checkin 2003305 || BLEEDING-EDGE MALWARE Zango-Hotbar User Agent (sbu-hb-) 2003306 || BLEEDING-EDGE MALWARE 180solutions Spyware (tracked event 2 reporting) || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html 2003307 || BLEEDING-EDGE Malware Comet Systems Spyware Cursor DL 2003308 || BLEEDING-EDGE P2P Edonkey IP Request || url,www.giac.org/certified_professionals/practicals/gcih/0446.php 2003309 || BLEEDING-EDGE P2P Edonkey IP Reply || url,www.giac.org/certified_professionals/practicals/gcih/0446.php 2003310 || BLEEDING-EDGE P2P Edonkey Publicize File || url,www.giac.org/certified_professionals/practicals/gcih/0446.php 2003311 || BLEEDING-EDGE P2P Edonkey Publicize File ACK || url,www.giac.org/certified_professionals/practicals/gcih/0446.php 2003312 || BLEEDING-EDGE P2P Edonkey Connect Request || url,www.giac.org/certified_professionals/practicals/gcih/0446.php 2003313 || BLEEDING-EDGE P2P Edonkey Connect Reply and Server List || url,www.giac.org/certified_professionals/practicals/gcih/0446.php 2003314 || BLEEDING-EDGE P2P Edonkey Search Request (by file hash) || url,www.giac.org/certified_professionals/practicals/gcih/0446.php 2003315 || BLEEDING-EDGE P2P Edonkey Search Reply || url,www.giac.org/certified_professionals/practicals/gcih/0446.php 2003316 || BLEEDING-EDGE P2P Edonkey IP Query End || url,www.giac.org/certified_professionals/practicals/gcih/0446.php 2003317 || BLEEDING-EDGE P2P Edonkey Search Request (any type file) || url,www.giac.org/certified_professionals/practicals/gcih/0446.php 2003318 || BLEEDING-EDGE P2P Edonkey Get Sources Request (by hash) || url,www.giac.org/certified_professionals/practicals/gcih/0446.php 2003319 || BLEEDING-EDGE P2P Edonkey Search Request (search by name) || url,www.giac.org/certified_professionals/practicals/gcih/0446.php 2003320 || BLEEDING-EDGE P2P Edonkey Search Results || url,www.giac.org/certified_professionals/practicals/gcih/0446.php 2003321 || BLEEDING-EDGE P2P Edonkey Server Message || url,www.giac.org/certified_professionals/practicals/gcih/0446.php 2003322 || BLEEDING-EDGE P2P Edonkey Server List || url,www.giac.org/certified_professionals/practicals/gcih/0446.php 2003323 || BLEEDING-EDGE P2P Edonkey Client to Server Hello || url,www.giac.org/certified_professionals/practicals/gcih/0446.php 2003324 || BLEEDING-EDGE P2P Edonkey Server Status || url,www.giac.org/certified_professionals/practicals/gcih/0446.php -> Added to bleeding-virus.rules (1): #Commenting these out. This is edonkey protocol. Altering the wexisting edonkey rules to be inclusive [---] Removed non-rule lines: [---] -> Removed from bleeding-drop-BLOCK.rules (1): # VERSION 61 -> Removed from bleeding-drop.rules (1): # VERSION 61 -> Removed from bleeding-sid-msg.map (11): 2000331 || BLEEDING-EDGE P2P ed2k file search || url,www.giac.org/practical/GCIH/Ian_Gosling_GCIH.pdf 2000335 || BLEEDING-EDGE P2P Overnet Server Announce || url,www.overnet.com 2001300 || BLEEDING-EDGE P2P eDonkey Hello Request || url,www.edonkey.com 2001305 || BLEEDING-EDGE P2P eDonkey Search || url,www.edonkey.com 2003928 || BLEEDING-EDGE MALWARE KMIP.net Spyware || url,www.kmip.net 2003929 || BLEEDING-EDGE TROJAN psyBNC IRC Server Connection 2003930 || BLEEDING-EDGE POLICY FTP Login Attempt (non-anonymous) 2003931 || BLEEDING-EDGE MALWARE Effectivebrands.com Spyware Checkin 2003932 || BLEEDING-EDGE MALWARE Zango-Hotbar User Agent (sbu-hb-) 2003933 || BLEEDING-EDGE MALWARE 180solutions Spyware (tracked event 2 reporting) || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html 2003934 || BLEEDING-EDGE Malware Comet Systems Spyware Cursor DL |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Edonkey Sigs: 00140, Matt Jonkman |
|---|---|
| Next by Date: | Bleeding Edge Threats Daily Signature Changes: 00140, bleeding-WwB1pFISwSkm7effSn6vN9HuzzzSOjJt |
| Previous by Thread: | Bleeding Edge Threats Daily Signature Changesi: 00140, bleeding-WwB1pFISwSkm7effSn6vN9HuzzzSOjJt |
| Next by Thread: | Bleeding Edge Threats Daily Signature Changes: 00140, bleeding-WwB1pFISwSkm7effSn6vN9HuzzzSOjJt |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |