[Emerging-Sigs] Emerging Threats Daily Signature Changes

Tue Mar 18 16:00:11 EST 2008

[***] Results from Oinkmaster started Tue Mar 18 17:00:11 2008 [***]

[+++]          Added rules:          [+++]

 2008011 - ET TROJAN Pakes/Cutwall/Kobcka Update Detected High Ports (bleeding-virus.rules)
 2008012 - ET MALWARE Winquickupdates.com Related Trojan Install Report (bleeding-malware.rules)
 2008013 - ET MALWARE Suspicious User Agent (Internet) (bleeding-malware.rules)
 2008014 - ET CURRENT_EVENTS Suspicious Download (drv32.data) (bleeding.rules)
 2008015 - ET MALWARE Suspicious User Agent (Win95) (bleeding-malware.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (5):
        2008011 || ET TROJAN Pakes/Cutwall/Kobcka Update Detected High Ports
        2008012 || ET MALWARE Winquickupdates.com Related Trojan Install Report
        2008013 || ET MALWARE Suspicious User Agent (Internet)
        2008014 || ET CURRENT_EVENTS Suspicious Download (drv32.data)
        2008015 || ET MALWARE Suspicious User Agent (Win95)

     -> Added to bleeding-sid-msg.map.txt (5):
        2008011 || ET TROJAN Pakes/Cutwall/Kobcka Update Detected High Ports
        2008012 || ET MALWARE Winquickupdates.com Related Trojan Install Report
        2008013 || ET MALWARE Suspicious User Agent (Internet)
        2008014 || ET CURRENT_EVENTS Suspicious Download (drv32.data)
        2008015 || ET MALWARE Suspicious User Agent (Win95)

     -> Added to bleeding.rules (2):
        #by Victor Julien
        # Just testing to see if it works well. lots of bad stuff use this uri and an IP