|
|
Loads of new Spyware Signatures: msg#00183security.ids.snort.bleedingsnort
Cranked out a bunch of sigs for spyware, mostly from the spyware listening post data. Proving to be very useful, if not overwhelming. Also got some new stuff from a Checkpoint page: http://www.checkpoint.com/securitycafe/readingroom/web_security/top_10_spyware_sites.html There are a number there we don’t have coverage for. If you’re looking to learn something about the spyware sigs, go to one of those sites in vmware and wireshark the traffic, and install whatever they push. Here are the new ones today: 2003335 || BLEEDING-EDGE MALWARE 2search.org User Agent (2search) 2003336 || BLEEDING-EDGE MALWARE AntiVermins.com Fake Antispyware Package User Agent 2003337 || BLEEDING-EDGE MALWARE www.paretologic.com Suspect Anti-Spyware AutoUpdate User Agent (Autoupdate) 2003338 || BLEEDING-EDGE MALWARE Paretologic Xoftspy Fake Antispyware Update 2003339 || BLEEDING-EDGE MALWARE Paretologic Xoftspy Fake Antispyware Update 2003340 || BLEEDING-EDGE MALWARE Baidu.com Spyware Bar Reporting || url,www.pctools.com/mrc/infections/id/BaiDu/ 2003341 || BLEEDING-EDGE MALWARE Baidu.com Spyware Bar Pulling Content || url,www.pctools.com/mrc/infections/id/BaiDu/ 2003342 || BLEEDING-EDGE MALWARE www.baidu.com Spyware User Agent (bar-get) 2003343 || BLEEDING-EDGE MALWARE CNSMin Spyware User Agent (CnsMin Agent) 2003344 || BLEEDING-EDGE MALWARE Trinityacquisitions.com and Maximumexperience.com Spyware Activity 2003345 || BLEEDING-EDGE MALWARE Download UBAgent User Agent - lop.com and other spyware || url,www.spywareinfo.com/articles/lop/ 2003346 || BLEEDING-EDGE MALWARE Errorsafe.com Fake antispyware User Agent (ErrorSafe Updater) || url,www.spywareinfo.com/articles/lop/ 2003347 || BLEEDING-EDGE MALWARE Gamehouse.com User Agent (GAMEHOUSE.NET.URL) || url,www.spywareinfo.com/articles/lop/ 2003348 || BLEEDING-EDGE MALWARE Gamehouse.com Activity || url,www.gamehouse.com -- -------------------------------------------- Matthew Jonkman Bleeding Edge Threats 765-429-0398 765-807-3060 fax http://www.bleedingthreats.net -------------------------------------------- PGP: http://www.bleedingthreats.com/mattjonkman.asc |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Re: Stormy P2P bot Sigs -- may be SKYPE ?: 00183, Russell Fulton |
|---|---|
| Next by Date: | Re: Stormy P2P bot Sigs -- may be SKYPE ?: 00183, Matt Jonkman |
| Previous by Thread: | New Web Sigsi: 00183, Matt Jonkman |
| Next by Thread: | IDS Policy Manager v2.0.2 Released: 00183, Matt Jonkman |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |