[Emerging-Sigs] [Snort-sigs] Emerging Threats Weekly Signature Changes
emerging@emergingthreats.net
emerging at emergingthreats.net
Sat Apr 26 19:00:08 EDT 2008
[***] Results from Oinkmaster started Sat Apr 26 19:00:07 2008 [***]
[+++] Added rules: [+++]
2008149 - ET MALWARE 360safe.com related Fake Security Product Update (KillerSet) (bleeding-malware.rules)
2008150 - ET MALWARE Avsystemcare.com Fake AV User Agent (LocusSoftware, NetInstaller) (bleeding-malware.rules)
2008151 - ET MALWARE Speed-runner.com Fake Speed Test User-Agent (SRRecover) (bleeding-malware.rules)
2008152 - ET TROJAN Pakes/Cutwall/Kobcka Checkin URL (bleeding-virus.rules)
2008153 - ET TROJAN Citi-bank.ru Related Trojan Checkin (bleeding-virus.rules)
2008155 - ET TROJAN Trats.a Post-Infection Checkin (bleeding-virus.rules)
2008156 - ET TROJAN Hupigon User Agent Detected (VIP2007) (bleeding-virus.rules)
2008157 - ET MALWARE Sudelinker.com-Upspider.com Spyware Checkin (bleeding-malware.rules)
2008158 - ET MALWARE Sudelinker.com-Upspider.com Spyware Count (bleeding-malware.rules)
2404016 - ET DROP Known Bot C&C Server Traffic (group 17) (bleeding-botcc.rules)
2404017 - ET DROP Known Bot C&C Server Traffic (group 18) (bleeding-botcc.rules)
2404018 - ET DROP Known Bot C&C Server Traffic (group 19) (bleeding-botcc.rules)
2404019 - ET DROP Known Bot C&C Server Traffic (group 20) (bleeding-botcc.rules)
2405016 - ET DROP Known Bot C&C Traffic (group 17) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405017 - ET DROP Known Bot C&C Traffic (group 18) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405018 - ET DROP Known Bot C&C Traffic (group 19) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405019 - ET DROP Known Bot C&C Traffic (group 20) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
[///] Modified active rules: [///]
2001871 - ET MALWARE Target Saver Spyware User Agent (bleeding-malware.rules)
2008036 - ET MALWARE 360safe.com related Fake Security Product Update (bleeding-malware.rules)
2008083 - ET TROJAN Suspicious User Agent (Zlob Related) (UA00000) (bleeding-virus.rules)
2402000 - ET DROP Dshield Block Listed Source (bleeding-dshield.rules)
2403000 - ET DROP Dshield Block Listed Source - BLOCKING (bleeding-dshield-BLOCK.rules)
2404000 - ET DROP Known Bot C&C Server Traffic (group 1) (bleeding-botcc.rules)
2404001 - ET DROP Known Bot C&C Server Traffic (group 2) (bleeding-botcc.rules)
2404002 - ET DROP Known Bot C&C Server Traffic (group 3) (bleeding-botcc.rules)
2404003 - ET DROP Known Bot C&C Server Traffic (group 4) (bleeding-botcc.rules)
2404004 - ET DROP Known Bot C&C Server Traffic (group 5) (bleeding-botcc.rules)
2404005 - ET DROP Known Bot C&C Server Traffic (group 6) (bleeding-botcc.rules)
2404006 - ET DROP Known Bot C&C Server Traffic (group 7) (bleeding-botcc.rules)
2404007 - ET DROP Known Bot C&C Server Traffic (group 8) (bleeding-botcc.rules)
2404008 - ET DROP Known Bot C&C Server Traffic (group 9) (bleeding-botcc.rules)
2404009 - ET DROP Known Bot C&C Server Traffic (group 10) (bleeding-botcc.rules)
2404010 - ET DROP Known Bot C&C Server Traffic (group 11) (bleeding-botcc.rules)
2404011 - ET DROP Known Bot C&C Server Traffic (group 12) (bleeding-botcc.rules)
2404012 - ET DROP Known Bot C&C Server Traffic (group 13) (bleeding-botcc.rules)
2404013 - ET DROP Known Bot C&C Server Traffic (group 14) (bleeding-botcc.rules)
2404014 - ET DROP Known Bot C&C Server Traffic (group 15) (bleeding-botcc.rules)
2404015 - ET DROP Known Bot C&C Server Traffic (group 16) (bleeding-botcc.rules)
2405000 - ET DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405001 - ET DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405002 - ET DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405003 - ET DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405004 - ET DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405005 - ET DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405006 - ET DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405007 - ET DROP Known Bot C&C Traffic (group 8) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405008 - ET DROP Known Bot C&C Traffic (group 9) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405009 - ET DROP Known Bot C&C Traffic (group 10) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405010 - ET DROP Known Bot C&C Traffic (group 11) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405011 - ET DROP Known Bot C&C Traffic (group 12) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405012 - ET DROP Known Bot C&C Traffic (group 13) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405013 - ET DROP Known Bot C&C Traffic (group 14) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405014 - ET DROP Known Bot C&C Traffic (group 15) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405015 - ET DROP Known Bot C&C Traffic (group 16) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
[+++] Added non-rule lines: [+++]
-> Added to bleeding-sid-msg.map (17):
2008149 || ET MALWARE 360safe.com related Fake Security Product Update (KillerSet)
2008150 || ET MALWARE Avsystemcare.com Fake AV User Agent (LocusSoftware, NetInstaller)
2008151 || ET MALWARE Speed-runner.com Fake Speed Test User-Agent (SRRecover)
2008152 || ET TROJAN Pakes/Cutwall/Kobcka Checkin URL
2008153 || ET TROJAN Citi-bank.ru Related Trojan Checkin
2008155 || ET TROJAN Trats.a Post-Infection Checkin
2008156 || ET TROJAN Hupigon User Agent Detected (VIP2007)
2008157 || ET MALWARE Sudelinker.com-Upspider.com Spyware Checkin
2008158 || ET MALWARE Sudelinker.com-Upspider.com Spyware Count
2404016 || ET DROP Known Bot C&C Server Traffic (group 17) || url,www.shadowserver.org
2404017 || ET DROP Known Bot C&C Server Traffic (group 18) || url,www.shadowserver.org
2404018 || ET DROP Known Bot C&C Server Traffic (group 19) || url,www.shadowserver.org
2404019 || ET DROP Known Bot C&C Server Traffic (group 20) || url,www.shadowserver.org
2405016 || ET DROP Known Bot C&C Traffic (group 17) - BLOCKING SOURCE || url,www.shadowserver.org
2405017 || ET DROP Known Bot C&C Traffic (group 18) - BLOCKING SOURCE || url,www.shadowserver.org
2405018 || ET DROP Known Bot C&C Traffic (group 19) - BLOCKING SOURCE || url,www.shadowserver.org
2405019 || ET DROP Known Bot C&C Traffic (group 20) - BLOCKING SOURCE || url,www.shadowserver.org
-> Added to bleeding-sid-msg.map.txt (17):
2008149 || ET MALWARE 360safe.com related Fake Security Product Update (KillerSet)
2008150 || ET MALWARE Avsystemcare.com Fake AV User Agent (LocusSoftware, NetInstaller)
2008151 || ET MALWARE Speed-runner.com Fake Speed Test User-Agent (SRRecover)
2008152 || ET TROJAN Pakes/Cutwall/Kobcka Checkin URL
2008153 || ET TROJAN Citi-bank.ru Related Trojan Checkin
2008155 || ET TROJAN Trats.a Post-Infection Checkin
2008156 || ET TROJAN Hupigon User Agent Detected (VIP2007)
2008157 || ET MALWARE Sudelinker.com-Upspider.com Spyware Checkin
2008158 || ET MALWARE Sudelinker.com-Upspider.com Spyware Count
2404016 || ET DROP Known Bot C&C Server Traffic (group 17) || url,www.shadowserver.org
2404017 || ET DROP Known Bot C&C Server Traffic (group 18) || url,www.shadowserver.org
2404018 || ET DROP Known Bot C&C Server Traffic (group 19) || url,www.shadowserver.org
2404019 || ET DROP Known Bot C&C Server Traffic (group 20) || url,www.shadowserver.org
2405016 || ET DROP Known Bot C&C Traffic (group 17) - BLOCKING SOURCE || url,www.shadowserver.org
2405017 || ET DROP Known Bot C&C Traffic (group 18) - BLOCKING SOURCE || url,www.shadowserver.org
2405018 || ET DROP Known Bot C&C Traffic (group 19) - BLOCKING SOURCE || url,www.shadowserver.org
2405019 || ET DROP Known Bot C&C Traffic (group 20) - BLOCKING SOURCE || url,www.shadowserver.org
[---] Removed non-rule lines: [---]
-> Removed from bleeding-attack_response.rules (1):
# $Id: bleeding-attack_response.rules $
-> Removed from bleeding-dos.rules (1):
# $Id: bleeding-dos.rules $
-> Removed from bleeding-exploit.rules (1):
# $Id: bleeding-exploit.rules $
-> Removed from bleeding-game.rules (1):
# $Id: bleeding-game.rules $
-> Removed from bleeding-inappropriate.rules (1):
# $Id: bleeding-inappropriate.rules $
-> Removed from bleeding-malware.rules (1):
# $Id: bleeding-malware.rules $
-> Removed from bleeding-p2p.rules (1):
# $Id: bleeding-p2p.rules $
-> Removed from bleeding-policy.rules (1):
# $Id: bleeding-policy.rules $
-> Removed from bleeding-scan.rules (1):
# $Id: bleeding-scan.rules $
-> Removed from bleeding-virus.rules (1):
# $Id: bleeding-virus.rules $
-> Removed from bleeding-voip.rules (1):
# $Id: bleeding-voip.rules $
-> Removed from bleeding-web.rules (1):
# $Id: bleeding-web.rules $
-> Removed from bleeding-web_sql_injection.rules (1):
# $Id: bleeding-web_sql_injection.rules $
-> Removed from bleeding.rules (1):
# $Id: bleeding.rules $
-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
More information about the Emerging-sigs
mailing list