[Emerging-Sigs] Emerging Threats Weekly Signature Changes
Jackie Lai
gclai at draytek.com
Mon Feb 25 05:04:59 EST 2008
> 207873 - ET WEB WinIPDS Directory Traversal Vulnerabilities POST
> (bleeding-web.rules)
The SID seems to be a typo error? I think it should be 2007873.
========================
Jackie Lai, CISSP
mailto: gclai [at] draytek [dot] com
========================
----- Original Message -----
???: <emerging at emergingthreats.net>
???: <snort-sigs at lists.sourceforge.net>; <emerging-sigs at emergingthreats.net>
????: 2008?2?24? ?? 08:00
??: [Emerging-Sigs] Emerging Threats Weekly Signature Changes
>
> [***] Results from Oinkmaster started Sat Feb 23 19:00:09 2008 [***]
>
> [+++] Added rules: [+++]
>
> 207873 - ET WEB WinIPDS Directory Traversal Vulnerabilities POST
> (bleeding-web.rules)
> 2007855 - ET MALWARE OneStepSearch Host Activity (bleeding-malware.rules)
> 2007856 - ET MALWARE System-defender.com Fake AV Install Checkin
> (bleeding-malware.rules)
> 2007858 - ET TROJAN Delf Keylog FTP Upload (bleeding-virus.rules)
> 2007859 - ET MALWARE Suspicious User Agent - Possible Trojan Downloader
> (microsoft) (bleeding-malware.rules)
> 2007860 - ET MALWARE Suspicious User Agent - Possible Trojan Downloader
> (Internet Explorer 6.0) (bleeding-malware.rules)
> 2007861 - ET MALWARE Softcashier.com Spyware Install Checkin
> (bleeding-malware.rules)
> 2007862 - ET TROJAN LDPinch Checkin (3) (bleeding-virus.rules)
> 2007863 - ET TROJAN Banload HTTP Checkin (bleeding-virus.rules)
> 2007864 - ET TROJAN Banload HTTP Checkin Detected (bleeding-virus.rules)
> 2007865 - ET MALWARE Winreanimator.com Fake AV Install Attempt
> (bleeding-malware.rules)
> 2007866 - ET TROJAN Gadu-Gadu.pl Related Trojan Reporting via HTTP
> (bleeding-virus.rules)
> 2007867 - ET TROJAN Delf HTTP Post Checkin (1) (bleeding-virus.rules)
> 2007868 - ET MALWARE Suspicious User Agent - Possible Trojan Downloader
> (Firefox) (bleeding-malware.rules)
> 2007869 - ET MALWARE Vombanetwork Spyware User Agent
> (VombaProductsInstaller) (bleeding-malware.rules)
> 2007870 - ET MALWARE Vombanetworks.com Spyware Installer Checkin
> (bleeding-malware.rules)
> 2007871 - ET WEB Philips VOIP841 Web Server Directory Traversal
> (bleeding-web.rules)
> 2007872 - ET WEB WinIPDS Directory Traversal Vulnerabilities GET
> (bleeding-web.rules)
> 2007874 - ET EXPLOIT Now SMS/MMS Gateway HTTP BOF Vulnerability
> (bleeding-exploit.rules)
> 2007875 - ET EXPLOIT Now SMS/MMS Gateway SMPP BOF Vulnerability
> (bleeding-exploit.rules)
> 2007876 - ET EXPLOIT ExtremeZ-IP File and Print Server Multiple
> Vulnerabilities - udp (bleeding-exploit.rules)
> 2007877 - ET EXPLOIT ExtremeZ-IP File and Print Server Multiple
> Vulnerabilities - tcp (bleeding-exploit.rules)
> 2007878 - ET WEB Apple QuickTime <= 7.4.1 QTPlugin.ocx Multiple Remote
> Stack Overflow (bleeding-web.rules)
> 2007879 - ET EXPLOIT Cyan Soft Products Format String Vulnerability
> (bleeding-exploit.rules)
>
>
> [///] Modified active rules: [///]
>
> 2002157 - ET POLICY Skype User-Agent detected (bleeding-policy.rules)
> 2003070 - ET WORM Korgo.U Reporting (bleeding-virus.rules)
> 2003330 - ET POLICY Possible Spambot -- Host DNS MX Query High Count
> (bleeding-policy.rules)
> 2400000 - ET DROP Spamhaus DROP Listed Traffic Inbound
> (bleeding-drop.rules)
> 2400001 - ET DROP Spamhaus DROP Listed Traffic Inbound
> (bleeding-drop.rules)
> 2400002 - ET DROP Spamhaus DROP Listed Traffic Inbound
> (bleeding-drop.rules)
> 2400003 - ET DROP Spamhaus DROP Listed Traffic Inbound
> (bleeding-drop.rules)
> 2400004 - ET DROP Spamhaus DROP Listed Traffic Inbound
> (bleeding-drop.rules)
> 2401000 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE
> (bleeding-drop-BLOCK.rules)
> 2401001 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE
> (bleeding-drop-BLOCK.rules)
> 2401002 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE
> (bleeding-drop-BLOCK.rules)
> 2401003 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE
> (bleeding-drop-BLOCK.rules)
> 2401004 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE
> (bleeding-drop-BLOCK.rules)
> 2402000 - ET DROP Dshield Block Listed Source (bleeding-dshield.rules)
> 2403000 - ET DROP Dshield Block Listed Source - BLOCKING
> (bleeding-dshield-BLOCK.rules)
> 2404000 - ET DROP Known Bot C&C Server Traffic (group 1)
> (bleeding-botcc.rules)
> 2404001 - ET DROP Known Bot C&C Server Traffic (group 2)
> (bleeding-botcc.rules)
> 2404002 - ET DROP Known Bot C&C Server Traffic (group 3)
> (bleeding-botcc.rules)
> 2404003 - ET DROP Known Bot C&C Server Traffic (group 4)
> (bleeding-botcc.rules)
> 2404004 - ET DROP Known Bot C&C Server Traffic (group 5)
> (bleeding-botcc.rules)
> 2404005 - ET DROP Known Bot C&C Server Traffic (group 6)
> (bleeding-botcc.rules)
> 2404006 - ET DROP Known Bot C&C Server Traffic (group 7)
> (bleeding-botcc.rules)
> 2404007 - ET DROP Known Bot C&C Server Traffic (group 8)
> (bleeding-botcc.rules)
> 2404008 - ET DROP Known Bot C&C Server Traffic (group 9)
> (bleeding-botcc.rules)
> 2404009 - ET DROP Known Bot C&C Server Traffic (group 10)
> (bleeding-botcc.rules)
> 2404010 - ET DROP Known Bot C&C Server Traffic (group 11)
> (bleeding-botcc.rules)
> 2404011 - ET DROP Known Bot C&C Server Traffic (group 12)
> (bleeding-botcc.rules)
> 2404012 - ET DROP Known Bot C&C Server Traffic (group 13)
> (bleeding-botcc.rules)
> 2404013 - ET DROP Known Bot C&C Server Traffic (group 14)
> (bleeding-botcc.rules)
> 2404014 - ET DROP Known Bot C&C Server Traffic (group 15)
> (bleeding-botcc.rules)
> 2404015 - ET DROP Known Bot C&C Server Traffic (group 16)
> (bleeding-botcc.rules)
> 2404016 - ET DROP Known Bot C&C Server Traffic (group 17)
> (bleeding-botcc.rules)
> 2404017 - ET DROP Known Bot C&C Server Traffic (group 18)
> (bleeding-botcc.rules)
> 2405000 - ET DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE
> (bleeding-botcc-BLOCK.rules)
> 2405001 - ET DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE
> (bleeding-botcc-BLOCK.rules)
> 2405002 - ET DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE
> (bleeding-botcc-BLOCK.rules)
> 2405003 - ET DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE
> (bleeding-botcc-BLOCK.rules)
> 2405004 - ET DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE
> (bleeding-botcc-BLOCK.rules)
> 2405005 - ET DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE
> (bleeding-botcc-BLOCK.rules)
> 2405006 - ET DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE
> (bleeding-botcc-BLOCK.rules)
> 2405007 - ET DROP Known Bot C&C Traffic (group 8) - BLOCKING SOURCE
> (bleeding-botcc-BLOCK.rules)
> 2405008 - ET DROP Known Bot C&C Traffic (group 9) - BLOCKING SOURCE
> (bleeding-botcc-BLOCK.rules)
> 2405009 - ET DROP Known Bot C&C Traffic (group 10) - BLOCKING SOURCE
> (bleeding-botcc-BLOCK.rules)
> 2405010 - ET DROP Known Bot C&C Traffic (group 11) - BLOCKING SOURCE
> (bleeding-botcc-BLOCK.rules)
> 2405011 - ET DROP Known Bot C&C Traffic (group 12) - BLOCKING SOURCE
> (bleeding-botcc-BLOCK.rules)
> 2405012 - ET DROP Known Bot C&C Traffic (group 13) - BLOCKING SOURCE
> (bleeding-botcc-BLOCK.rules)
> 2405013 - ET DROP Known Bot C&C Traffic (group 14) - BLOCKING SOURCE
> (bleeding-botcc-BLOCK.rules)
> 2405014 - ET DROP Known Bot C&C Traffic (group 15) - BLOCKING SOURCE
> (bleeding-botcc-BLOCK.rules)
> 2405015 - ET DROP Known Bot C&C Traffic (group 16) - BLOCKING SOURCE
> (bleeding-botcc-BLOCK.rules)
> 2405016 - ET DROP Known Bot C&C Traffic (group 17) - BLOCKING SOURCE
> (bleeding-botcc-BLOCK.rules)
> 2405017 - ET DROP Known Bot C&C Traffic (group 18) - BLOCKING SOURCE
> (bleeding-botcc-BLOCK.rules)
> 2406005 - ET RBN Known Russian Business Network Monitored Domains (1)
> (bleeding-rbn.rules)
> 2406006 - ET RBN Known Russian Business Network Monitored Domains (2)
> (bleeding-rbn.rules)
> 2406007 - ET RBN Known Russian Business Network Monitored Domains (3)
> (bleeding-rbn.rules)
> 2406008 - ET RBN Known Russian Business Network Monitored Domains (4)
> (bleeding-rbn.rules)
> 2406009 - ET RBN Known Russian Business Network Monitored Domains (5)
> (bleeding-rbn.rules)
> 2406010 - ET RBN Known Russian Business Network Monitored Domains (6)
> (bleeding-rbn.rules)
> 2406011 - ET RBN Known Russian Business Network Monitored Domains (7)
> (bleeding-rbn.rules)
> 2406012 - ET RBN Known Russian Business Network Monitored Domains (8)
> (bleeding-rbn.rules)
> 2406013 - ET RBN Known Russian Business Network Monitored Domains (9)
> (bleeding-rbn.rules)
> 2406014 - ET RBN Known Russian Business Network Monitored Domains (10)
> (bleeding-rbn.rules)
> 2406015 - ET RBN Known Russian Business Network Monitored Domains (11)
> (bleeding-rbn.rules)
> 2406016 - ET RBN Known Russian Business Network Monitored Domains (12)
> (bleeding-rbn.rules)
> 2406017 - ET RBN Known Russian Business Network Monitored Domains (13)
> (bleeding-rbn.rules)
> 2406018 - ET RBN Known Russian Business Network Monitored Domains (14)
> (bleeding-rbn.rules)
> 2406019 - ET RBN Known Russian Business Network Monitored Domains (15)
> (bleeding-rbn.rules)
> 2406020 - ET RBN Known Russian Business Network Monitored Domains (16)
> (bleeding-rbn.rules)
> 2406021 - ET RBN Known Russian Business Network Monitored Domains (17)
> (bleeding-rbn.rules)
> 2406022 - ET RBN Known Russian Business Network Monitored Domains (18)
> (bleeding-rbn.rules)
> 2406023 - ET RBN Known Russian Business Network Monitored Domains (19)
> (bleeding-rbn.rules)
> 2406024 - ET RBN Known Russian Business Network Monitored Domains (20)
> (bleeding-rbn.rules)
> 2406025 - ET RBN Known Russian Business Network Monitored Domains (21)
> (bleeding-rbn.rules)
> 2406026 - ET RBN Known Russian Business Network Monitored Domains (22)
> (bleeding-rbn.rules)
> 2406027 - ET RBN Known Russian Business Network Monitored Domains (23)
> (bleeding-rbn.rules)
> 2406028 - ET RBN Known Russian Business Network Monitored Domains (24)
> (bleeding-rbn.rules)
> 2406029 - ET RBN Known Russian Business Network Monitored Domains (25)
> (bleeding-rbn.rules)
> 2406030 - ET RBN Known Russian Business Network Monitored Domains (26)
> (bleeding-rbn.rules)
> 2406031 - ET RBN Known Russian Business Network Monitored Domains (27)
> (bleeding-rbn.rules)
> 2406032 - ET RBN Known Russian Business Network Monitored Domains (28)
> (bleeding-rbn.rules)
> 2406033 - ET RBN Known Russian Business Network Monitored Domains (29)
> (bleeding-rbn.rules)
> 2406034 - ET RBN Known Russian Business Network Monitored Domains (30)
> (bleeding-rbn.rules)
> 2407005 - ET RBN Known Russian Business Network Monitored Domains -
> BLOCKING (1) (bleeding-rbn-BLOCK.rules)
> 2407006 - ET RBN Known Russian Business Network Monitored Domains -
> BLOCKING (2) (bleeding-rbn-BLOCK.rules)
> 2407007 - ET RBN Known Russian Business Network Monitored Domains -
> BLOCKING (3) (bleeding-rbn-BLOCK.rules)
> 2407008 - ET RBN Known Russian Business Network Monitored Domains -
> BLOCKING (4) (bleeding-rbn-BLOCK.rules)
> 2407009 - ET RBN Known Russian Business Network Monitored Domains -
> BLOCKING (5) (bleeding-rbn-BLOCK.rules)
> 2407010 - ET RBN Known Russian Business Network Monitored Domains -
> BLOCKING (6) (bleeding-rbn-BLOCK.rules)
> 2407011 - ET RBN Known Russian Business Network Monitored Domains -
> BLOCKING (7) (bleeding-rbn-BLOCK.rules)
> 2407012 - ET RBN Known Russian Business Network Monitored Domains -
> BLOCKING (8) (bleeding-rbn-BLOCK.rules)
> 2407013 - ET RBN Known Russian Business Network Monitored Domains -
> BLOCKING (9) (bleeding-rbn-BLOCK.rules)
> 2407014 - ET RBN Known Russian Business Network Monitored Domains -
> BLOCKING (10) (bleeding-rbn-BLOCK.rules)
> 2407015 - ET RBN Known Russian Business Network Monitored Domains -
> BLOCKING (11) (bleeding-rbn-BLOCK.rules)
> 2407016 - ET RBN Known Russian Business Network Monitored Domains -
> BLOCKING (12) (bleeding-rbn-BLOCK.rules)
> 2407017 - ET RBN Known Russian Business Network Monitored Domains -
> BLOCKING (13) (bleeding-rbn-BLOCK.rules)
> 2407018 - ET RBN Known Russian Business Network Monitored Domains -
> BLOCKING (14) (bleeding-rbn-BLOCK.rules)
> 2407019 - ET RBN Known Russian Business Network Monitored Domains -
> BLOCKING (15) (bleeding-rbn-BLOCK.rules)
> 2407020 - ET RBN Known Russian Business Network Monitored Domains -
> BLOCKING (16) (bleeding-rbn-BLOCK.rules)
> 2407021 - ET RBN Known Russian Business Network Monitored Domains -
> BLOCKING (17) (bleeding-rbn-BLOCK.rules)
> 2407022 - ET RBN Known Russian Business Network Monitored Domains -
> BLOCKING (18) (bleeding-rbn-BLOCK.rules)
> 2407023 - ET RBN Known Russian Business Network Monitored Domains -
> BLOCKING (19) (bleeding-rbn-BLOCK.rules)
> 2407024 - ET RBN Known Russian Business Network Monitored Domains -
> BLOCKING (20) (bleeding-rbn-BLOCK.rules)
> 2407025 - ET RBN Known Russian Business Network Monitored Domains -
> BLOCKING (21) (bleeding-rbn-BLOCK.rules)
> 2407026 - ET RBN Known Russian Business Network Monitored Domains -
> BLOCKING (22) (bleeding-rbn-BLOCK.rules)
> 2407027 - ET RBN Known Russian Business Network Monitored Domains -
> BLOCKING (23) (bleeding-rbn-BLOCK.rules)
> 2407028 - ET RBN Known Russian Business Network Monitored Domains -
> BLOCKING (24) (bleeding-rbn-BLOCK.rules)
> 2407029 - ET RBN Known Russian Business Network Monitored Domains -
> BLOCKING (25) (bleeding-rbn-BLOCK.rules)
> 2407030 - ET RBN Known Russian Business Network Monitored Domains -
> BLOCKING (26) (bleeding-rbn-BLOCK.rules)
> 2407031 - ET RBN Known Russian Business Network Monitored Domains -
> BLOCKING (27) (bleeding-rbn-BLOCK.rules)
> 2407032 - ET RBN Known Russian Business Network Monitored Domains -
> BLOCKING (28) (bleeding-rbn-BLOCK.rules)
> 2407033 - ET RBN Known Russian Business Network Monitored Domains -
> BLOCKING (29) (bleeding-rbn-BLOCK.rules)
> 2407034 - ET RBN Known Russian Business Network Monitored Domains -
> BLOCKING (30) (bleeding-rbn-BLOCK.rules)
>
>
> [+++] Added non-rule lines: [+++]
>
> -> Added to bleeding-drop-BLOCK.rules (2):
> # VERSION 1066
> # Generated 2008-02-22 01:03:00 EDT
>
> -> Added to bleeding-drop.rules (2):
> # VERSION 1066
> # Generated 2008-02-22 01:03:00 EDT
>
> -> Added to bleeding-exploit.rules (3):
> #by Akash Mahajan
> #by Akash Mahajan
> #by Akash Mahajan
>
> -> Added to bleeding-malware.rules (2):
> #by Will Metcalf
> #fake av, sig by matt jonkman
>
> -> Added to bleeding-rbn-BLOCK.rules (2):
> # VERSION 36
> # Updated 2008-02-21 10:21:51
>
> -> Added to bleeding-rbn.rules (2):
> # VERSION 36
> # Updated 2008-02-21 10:21:51
>
> -> Added to bleeding-sid-msg.map (24):
> 207873 || ET WEB WinIPDS Directory Traversal Vulnerabilities POST
> || bugtraq,27757 || url,aluigi.altervista.org/adv/winipds-adv.txt
> 2007855 || ET MALWARE OneStepSearch Host Activity
> 2007856 || ET MALWARE System-defender.com Fake AV Install Checkin
> || url,www.system-defender.com
> 2007858 || ET TROJAN Delf Keylog FTP Upload
> 2007859 || ET MALWARE Suspicious User Agent - Possible Trojan
> Downloader (microsoft)
> 2007860 || ET MALWARE Suspicious User Agent - Possible Trojan
> Downloader (Internet Explorer 6.0)
> 2007861 || ET MALWARE Softcashier.com Spyware Install Checkin
> 2007862 || ET TROJAN LDPinch Checkin (3)
> 2007863 || ET TROJAN Banload HTTP Checkin
> 2007864 || ET TROJAN Banload HTTP Checkin Detected
> 2007865 || ET MALWARE Winreanimator.com Fake AV Install Attempt ||
> url,www.winreanimator.com
> 2007866 || ET TROJAN Gadu-Gadu.pl Related Trojan Reporting via HTTP
> 2007867 || ET TROJAN Delf HTTP Post Checkin (1)
> 2007868 || ET MALWARE Suspicious User Agent - Possible Trojan
> Downloader (Firefox)
> 2007869 || ET MALWARE Vombanetwork Spyware User Agent
> (VombaProductsInstaller)
> 2007870 || ET MALWARE Vombanetworks.com Spyware Installer Checkin
> 2007871 || ET WEB Philips VOIP841 Web Server Directory Traversal ||
> bugtraq,27790 || url,www.milw0rm.com/exploits/5113
> 2007872 || ET WEB WinIPDS Directory Traversal Vulnerabilities GET
> || bugtraq,27757 || url,aluigi.altervista.org/adv/winipds-adv.txt
> 2007874 || ET EXPLOIT Now SMS/MMS Gateway HTTP BOF Vulnerability ||
> url,aluigi.altervista.org/adv/nowsmsz-adv.txt || bugtraq,27896
> 2007875 || ET EXPLOIT Now SMS/MMS Gateway SMPP BOF Vulnerability ||
> url,aluigi.altervista.org/adv/nowsmsz-adv.txt || bugtraq,27896
> 2007876 || ET EXPLOIT ExtremeZ-IP File and Print Server Multiple
> Vulnerabilities - udp || cve,CVE-2008-0767 ||
> url,aluigi.altervista.org/adv/ezipirla-adv.txt || bugtraq,27718
> 2007877 || ET EXPLOIT ExtremeZ-IP File and Print Server Multiple
> Vulnerabilities - tcp || cve,CVE-2008-0759 ||
> url,aluigi.altervista.org/adv/ezipirla-adv.txt || bugtraq,27718
> 2007878 || ET WEB Apple QuickTime <= 7.4.1 QTPlugin.ocx Multiple
> Remote Stack Overflow || url,www.milw0rm.com/exploits/5110 ||
> cve,CVE-2008-0778 || bugtraq,27769
> 2007879 || ET EXPLOIT Cyan Soft Products Format String
> Vulnerability || url,aluigi.altervista.org/adv/cyanuro-adv.txt ||
> bugtraq,27728 || cve,CVE-2008-0755
>
> -> Added to bleeding-sid-msg.map.txt (24):
> 207873 || ET WEB WinIPDS Directory Traversal Vulnerabilities POST
> || bugtraq,27757 || url,aluigi.altervista.org/adv/winipds-adv.txt
> 2007855 || ET MALWARE OneStepSearch Host Activity
> 2007856 || ET MALWARE System-defender.com Fake AV Install Checkin
> || url,www.system-defender.com
> 2007858 || ET TROJAN Delf Keylog FTP Upload
> 2007859 || ET MALWARE Suspicious User Agent - Possible Trojan
> Downloader (microsoft)
> 2007860 || ET MALWARE Suspicious User Agent - Possible Trojan
> Downloader (Internet Explorer 6.0)
> 2007861 || ET MALWARE Softcashier.com Spyware Install Checkin
> 2007862 || ET TROJAN LDPinch Checkin (3)
> 2007863 || ET TROJAN Banload HTTP Checkin
> 2007864 || ET TROJAN Banload HTTP Checkin Detected
> 2007865 || ET MALWARE Winreanimator.com Fake AV Install Attempt ||
> url,www.winreanimator.com
> 2007866 || ET TROJAN Gadu-Gadu.pl Related Trojan Reporting via HTTP
> 2007867 || ET TROJAN Delf HTTP Post Checkin (1)
> 2007868 || ET MALWARE Suspicious User Agent - Possible Trojan
> Downloader (Firefox)
> 2007869 || ET MALWARE Vombanetwork Spyware User Agent
> (VombaProductsInstaller)
> 2007870 || ET MALWARE Vombanetworks.com Spyware Installer Checkin
> 2007871 || ET WEB Philips VOIP841 Web Server Directory Traversal ||
> bugtraq,27790 || url,www.milw0rm.com/exploits/5113
> 2007872 || ET WEB WinIPDS Directory Traversal Vulnerabilities GET
> || bugtraq,27757 || url,aluigi.altervista.org/adv/winipds-adv.txt
> 2007874 || ET EXPLOIT Now SMS/MMS Gateway HTTP BOF Vulnerability ||
> url,aluigi.altervista.org/adv/nowsmsz-adv.txt || bugtraq,27896
> 2007875 || ET EXPLOIT Now SMS/MMS Gateway SMPP BOF Vulnerability ||
> url,aluigi.altervista.org/adv/nowsmsz-adv.txt || bugtraq,27896
> 2007876 || ET EXPLOIT ExtremeZ-IP File and Print Server Multiple
> Vulnerabilities - udp || cve,CVE-2008-0767 ||
> url,aluigi.altervista.org/adv/ezipirla-adv.txt || bugtraq,27718
> 2007877 || ET EXPLOIT ExtremeZ-IP File and Print Server Multiple
> Vulnerabilities - tcp || cve,CVE-2008-0759 ||
> url,aluigi.altervista.org/adv/ezipirla-adv.txt || bugtraq,27718
> 2007878 || ET WEB Apple QuickTime <= 7.4.1 QTPlugin.ocx Multiple
> Remote Stack Overflow || url,www.milw0rm.com/exploits/5110 ||
> cve,CVE-2008-0778 || bugtraq,27769
> 2007879 || ET EXPLOIT Cyan Soft Products Format String
> Vulnerability || url,aluigi.altervista.org/adv/cyanuro-adv.txt ||
> bugtraq,27728 || cve,CVE-2008-0755
>
> -> Added to bleeding-virus.rules (2):
> #delf keylog upload, kinda flimsy but works
> #spyware/trojan/backdoors all reported here. sig by matt jonkman
>
> -> Added to bleeding-web.rules (3):
> #by Akash Mahajan
> #by Akash Mahajan
> #by Akash Mahajan
>
> [---] Removed non-rule lines: [---]
>
> -> Removed from bleeding-drop-BLOCK.rules (2):
> # VERSION 1060
> # Generated 2008-02-16 01:03:00 EDT
>
> -> Removed from bleeding-drop.rules (2):
> # VERSION 1060
> # Generated 2008-02-16 01:03:00 EDT
>
> -> Removed from bleeding-rbn-BLOCK.rules (2):
> # VERSION 35
> # Updated 2008-02-08 16:03:09
>
> -> Removed from bleeding-rbn.rules (2):
> # VERSION 35
> # Updated 2008-02-08 16:03:09
>
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at emergingthreats.net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
> --
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.516 / Virus Database: 269.20.9/1293 - Release Date: 2008/2/22
> ¤W¤È 09:21
>
>
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the Emerging-sigs
mailing list