|
|
Bleedingsnort.com Daily Update: msg#00211security.ids.snort.sigs
[***] Results from Oinkmaster started Fri Oct 29 20:00:02 2004 [***] [+++] Added rules: [+++] -> Added to bleeding-virus.rules (2): alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (msg:"BLEEDING-EDGE VIRUS Possible Beagle.AV Worm Outbound"; content:"filename="; pcre:"m/(price|Price|Joke)\.(exe|scr|cpl|com)/"; reference:url,securityresponse.symantec.com/avcenter/venc/data/w32.beagle.av@xxxxxxx; sid:2001390; rev:1;) #alert tcp $EXTERNAL_NET any -> $HOME_NET 25 (msg:"BLEEDING-EDGE VIRUS Possible Beagle.AV Worm Inbound"; content:"filename="; pcre:"m/(price|Price|Joke)\.(exe|scr|cpl|com)/"; reference:url,securityresponse.symantec.com/avcenter/venc/data/w32.beagle.av@xxxxxxx; sid:2001391; rev:1;) [+++] Added non-rule lines: [+++] -> Added to bleeding-sid-msg.map (2): 2001390 || BLEEDING-EDGE VIRUS Possible Beagle.AV Worm Outbound || url,securityresponse.symantec.com/avcenter/venc/data/w32.beagle.av@xxxxxxx 2001391 || BLEEDING-EDGE VIRUS Possible Beagle.AV Worm Inbound || url,securityresponse.symantec.com/avcenter/venc/data/w32.beagle.av@xxxxxxx [*] Added files: [*] None. ------------------------------------------------------- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Re: Snort signatures for PBX: 00211, Frank Knobbe |
|---|---|
| Next by Date: | Bleedingsnort.com Daily Update: 00211, matt |
| Previous by Thread: | Bleedingsnort.com Daily Updatei: 00211, matt |
| Next by Thread: | Bleedingsnort.com Daily Update: 00211, matt |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |