[Emerging-Sigs] Emerging Threats Daily Signature Changes
emerging@emergingthreats.net
emerging at emergingthreats.net
Sat Apr 19 17:00:08 EDT 2008
[***] Results from Oinkmaster started Sat Apr 19 17:00:08 2008 [***]
[+++] Added rules: [+++]
2008142 - ET MALWARE Vapsup User-Agent (doshowmeanad loader v2.1) (bleeding-virus.rules)
2008143 - ET TROJAN Downloader Checkin Pattern Used by Several Trojans (bleeding-virus.rules)
2008144 - ET TROJAN Proxy.Corpes.j Infection Report (bleeding-virus.rules)
2008145 - ET MALWARE Speed-runner.com Fake Speed Test User-Agent (SRInstaller) (bleeding-malware.rules)
2008146 - ET MALWARE Speed-runner.com Fake Speed Test User-Agent (SpeedRunner) (bleeding-malware.rules)
2008147 - ET MALWARE Suspicious User-Agent (RBR) (bleeding-malware.rules)
2008148 - ET MALWARE Soft-Show.cn Related Fake AV Install Ad Pull (bleeding-malware.rules)
[+++] Added non-rule lines: [+++]
-> Added to bleeding-attack_response.rules (1):
# $Id: bleeding-attack_response.rules $
-> Added to bleeding-dos.rules (1):
# $Id: bleeding-dos.rules $
-> Added to bleeding-exploit.rules (1):
# $Id: bleeding-exploit.rules $
-> Added to bleeding-game.rules (1):
# $Id: bleeding-game.rules $
-> Added to bleeding-inappropriate.rules (1):
# $Id: bleeding-inappropriate.rules $
-> Added to bleeding-malware.rules (1):
# $Id: bleeding-malware.rules $
-> Added to bleeding-p2p.rules (1):
# $Id: bleeding-p2p.rules $
-> Added to bleeding-policy.rules (1):
# $Id: bleeding-policy.rules $
-> Added to bleeding-scan.rules (1):
# $Id: bleeding-scan.rules $
-> Added to bleeding-sid-msg.map (7):
2008142 || ET MALWARE Vapsup User-Agent (doshowmeanad loader v2.1)
2008143 || ET TROJAN Downloader Checkin Pattern Used by Several Trojans
2008144 || ET TROJAN Proxy.Corpes.j Infection Report
2008145 || ET MALWARE Speed-runner.com Fake Speed Test User-Agent (SRInstaller)
2008146 || ET MALWARE Speed-runner.com Fake Speed Test User-Agent (SpeedRunner)
2008147 || ET MALWARE Suspicious User-Agent (RBR)
2008148 || ET MALWARE Soft-Show.cn Related Fake AV Install Ad Pull
-> Added to bleeding-sid-msg.map.txt (7):
2008142 || ET MALWARE Vapsup User-Agent (doshowmeanad loader v2.1)
2008143 || ET TROJAN Downloader Checkin Pattern Used by Several Trojans
2008144 || ET TROJAN Proxy.Corpes.j Infection Report
2008145 || ET MALWARE Speed-runner.com Fake Speed Test User-Agent (SRInstaller)
2008146 || ET MALWARE Speed-runner.com Fake Speed Test User-Agent (SpeedRunner)
2008147 || ET MALWARE Suspicious User-Agent (RBR)
2008148 || ET MALWARE Soft-Show.cn Related Fake AV Install Ad Pull
-> Added to bleeding-virus.rules (2):
# $Id: bleeding-virus.rules $
#by matt jonkman, Proxy.Corpes.j 0fe727c2779b6891697db8f768b6d34b
-> Added to bleeding-voip.rules (1):
# $Id: bleeding-voip.rules $
-> Added to bleeding-web.rules (1):
# $Id: bleeding-web.rules $
-> Added to bleeding-web_sql_injection.rules (1):
# $Id: bleeding-web_sql_injection.rules $
-> Added to bleeding.rules (1):
# $Id: bleeding.rules $
[---] Removed non-rule lines: [---]
-> Removed from bleeding-sid-msg.map (10):
2404016 || ET DROP Known Bot C&C Server Traffic (group 17) || url,www.shadowserver.org
2404017 || ET DROP Known Bot C&C Server Traffic (group 18) || url,www.shadowserver.org
2404018 || ET DROP Known Bot C&C Server Traffic (group 19) || url,www.shadowserver.org
2404019 || ET DROP Known Bot C&C Server Traffic (group 20) || url,www.shadowserver.org
2404020 || ET DROP Known Bot C&C Server Traffic (group 21) || url,www.shadowserver.org
2405016 || ET DROP Known Bot C&C Traffic (group 17) - BLOCKING SOURCE || url,www.shadowserver.org
2405017 || ET DROP Known Bot C&C Traffic (group 18) - BLOCKING SOURCE || url,www.shadowserver.org
2405018 || ET DROP Known Bot C&C Traffic (group 19) - BLOCKING SOURCE || url,www.shadowserver.org
2405019 || ET DROP Known Bot C&C Traffic (group 20) - BLOCKING SOURCE || url,www.shadowserver.org
2405020 || ET DROP Known Bot C&C Traffic (group 21) - BLOCKING SOURCE || url,www.shadowserver.org
-> Removed from bleeding-sid-msg.map.txt (10):
2404016 || ET DROP Known Bot C&C Server Traffic (group 17) || url,www.shadowserver.org
2404017 || ET DROP Known Bot C&C Server Traffic (group 18) || url,www.shadowserver.org
2404018 || ET DROP Known Bot C&C Server Traffic (group 19) || url,www.shadowserver.org
2404019 || ET DROP Known Bot C&C Server Traffic (group 20) || url,www.shadowserver.org
2404020 || ET DROP Known Bot C&C Server Traffic (group 21) || url,www.shadowserver.org
2405016 || ET DROP Known Bot C&C Traffic (group 17) - BLOCKING SOURCE || url,www.shadowserver.org
2405017 || ET DROP Known Bot C&C Traffic (group 18) - BLOCKING SOURCE || url,www.shadowserver.org
2405018 || ET DROP Known Bot C&C Traffic (group 19) - BLOCKING SOURCE || url,www.shadowserver.org
2405019 || ET DROP Known Bot C&C Traffic (group 20) - BLOCKING SOURCE || url,www.shadowserver.org
2405020 || ET DROP Known Bot C&C Traffic (group 21) - BLOCKING SOURCE || url,www.shadowserver.org
More information about the Emerging-sigs
mailing list