Bleeding Edge Threats Daily Signature Changes: msg#00141 security.ids.snort.bleedingsnort

[***] Results from Oinkmaster started Tue Jan 23 20:00:06 2007 [***]

[+++] Added rules: [+++]

2003325 - BLEEDING-EDGE POLICY SMTP Executable attachment
(bleeding-policy.rules)
2404006 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 7)
(bleeding-botcc.rules)
2405006 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)

[///] Modified active rules: [///]

2400000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound
(bleeding-drop.rules)
2400001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound
(bleeding-drop.rules)
2400002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound
(bleeding-drop.rules)
2400003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound
(bleeding-drop.rules)
2400004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound
(bleeding-drop.rules)
2401000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING
SOURCE (bleeding-drop-BLOCK.rules)
2401001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING
SOURCE (bleeding-drop-BLOCK.rules)
2401002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING
SOURCE (bleeding-drop-BLOCK.rules)
2401003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING
SOURCE (bleeding-drop-BLOCK.rules)
2401004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING
SOURCE (bleeding-drop-BLOCK.rules)
2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source
(bleeding-dshield.rules)
2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING
(bleeding-dshield-BLOCK.rules)
2404000 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 1)
(bleeding-botcc.rules)
2404001 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 2)
(bleeding-botcc.rules)
2404002 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 3)
(bleeding-botcc.rules)
2404003 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 4)
(bleeding-botcc.rules)
2404004 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 5)
(bleeding-botcc.rules)
2404005 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 6)
(bleeding-botcc.rules)
2405000 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405001 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405002 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405003 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405004 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)
2405005 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE
(bleeding-botcc-BLOCK.rules)

[+++] Added non-rule lines: [+++]

-> Added to bleeding-drop-BLOCK.rules (1):
# VERSION 64

-> Added to bleeding-drop.rules (1):
# VERSION 64

-> Added to bleeding-policy.rules (2):
#Blake Hartstein of Demarc
#Potentially noisy, Not recommended unless you disallow exe files.
written for executable virii that spread through email

-> Added to bleeding-sid-msg.map (3):
2003325 || BLEEDING-EDGE POLICY SMTP Executable attachment
2404006 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 7)
|| url,www.shadowserver.org
2405006 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 7) -
BLOCKING SOURCE || url,www.shadowserver.org

[---] Removed non-rule lines: [---]

-> Removed from bleeding-drop-BLOCK.rules (1):
# VERSION 63

-> Removed from bleeding-drop.rules (1):
# VERSION 63

Previous by Date:	Bleeding Edge Threats Daily Signature Changes: 00141, bleeding-WwB1pFISwSkm7effSn6vN9HuzzzSOjJt
Next by Date:	Re: New sig for unknown bot: 00141, Jack Pepper
Previous by Thread:	Bleeding Edge Threats Daily Signature Changesi: 00141, bleeding-WwB1pFISwSkm7effSn6vN9HuzzzSOjJt
Next by Thread:	Hacker Defender C&C Sig: 00141, Matt Jonkman
Indexes:	[Date] [Thread] [Top] [All Lists]

<Prev in Thread]	Current Thread	[Next in Thread>