logo       

Loads of new Spyware Signatures: msg#00183

security.ids.snort.bleedingsnort

Subject: Loads of new Spyware Signatures

Cranked out a bunch of sigs for spyware, mostly from the spyware
listening post data. Proving to be very useful, if not overwhelming.
Also got some new stuff from a Checkpoint page:

http://www.checkpoint.com/securitycafe/readingroom/web_security/top_10_spyware_sites.html

There are a number there we don’t have coverage for. If you’re looking
to learn something about the spyware sigs, go to one of those sites in
vmware and wireshark the traffic, and install whatever they push.

Here are the new ones today:

2003335 || BLEEDING-EDGE MALWARE 2search.org User Agent (2search)
2003336 || BLEEDING-EDGE MALWARE AntiVermins.com Fake Antispyware
Package User Agent
2003337 || BLEEDING-EDGE MALWARE www.paretologic.com Suspect
Anti-Spyware AutoUpdate User Agent (Autoupdate)
2003338 || BLEEDING-EDGE MALWARE Paretologic Xoftspy Fake Antispyware Update
2003339 || BLEEDING-EDGE MALWARE Paretologic Xoftspy Fake Antispyware Update
2003340 || BLEEDING-EDGE MALWARE Baidu.com Spyware Bar Reporting ||
url,www.pctools.com/mrc/infections/id/BaiDu/
2003341 || BLEEDING-EDGE MALWARE Baidu.com Spyware Bar Pulling Content
|| url,www.pctools.com/mrc/infections/id/BaiDu/
2003342 || BLEEDING-EDGE MALWARE www.baidu.com Spyware User Agent (bar-get)
2003343 || BLEEDING-EDGE MALWARE CNSMin Spyware User Agent (CnsMin Agent)
2003344 || BLEEDING-EDGE MALWARE Trinityacquisitions.com and
Maximumexperience.com Spyware Activity
2003345 || BLEEDING-EDGE MALWARE Download UBAgent User Agent - lop.com
and other spyware || url,www.spywareinfo.com/articles/lop/
2003346 || BLEEDING-EDGE MALWARE Errorsafe.com Fake antispyware User
Agent (ErrorSafe Updater) || url,www.spywareinfo.com/articles/lop/
2003347 || BLEEDING-EDGE MALWARE Gamehouse.com User Agent
(GAMEHOUSE.NET.URL) || url,www.spywareinfo.com/articles/lop/
2003348 || BLEEDING-EDGE MALWARE Gamehouse.com Activity ||
url,www.gamehouse.com



--
--------------------------------------------
Matthew Jonkman
Bleeding Edge Threats
765-429-0398
765-807-3060 fax
http://www.bleedingthreats.net
--------------------------------------------

PGP: http://www.bleedingthreats.com/mattjonkman.asc


<Prev in Thread] Current Thread [Next in Thread>
Google Custom Search

News | FAQ | advertise