[Emerging-updates] Live Commit Output
emerging@emergingthreats.net
emerging at emergingthreats.net
Wed Apr 2 07:49:57 EST 2008
[***] Results from Oinkmaster started Wed Apr 2 08:49:57 2008 [***]
[+++] Added rules: [+++]
2008080 - ET CURRENT_EVENTS Real Player rmoc3260.dll ActiveX Remote Code Execution Exploit (bleeding.rules)
[///] Modified active rules: [///]
2000600 - ET MALWARE MyWebSearch Toolbar Receiving Configuration (bleeding-malware.rules)
2001662 - ET MALWARE MyWebSearch Toolbar Traffic (Agent) (bleeding-malware.rules)
2001663 - ET MALWARE MyWebSearch Toolbar Traffic (host) (bleeding-malware.rules)
2002818 - ET MALWARE MyWebSearch Toolbar Traffic (general download) (bleeding-malware.rules)
2002819 - ET MALWARE MyWebSearch Toolbar Traffic (bin download) (bleeding-malware.rules)
2002836 - ET MALWARE MyWebSearch Toolbar Traffic (bar config download) (bleeding-malware.rules)
2003222 - ET MALWARE MyWebSearch Toolbar Receiving Config 2 (bleeding-malware.rules)
2003617 - ET MALWARE MyWebSearch Toolbar Posting Activity Report (bleeding-malware.rules)
2003621 - ET MALWARE MyWay Spyware Posting Activity Report - Dell Related (bleeding-malware.rules)
2400000 - ET DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
2401000 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
2402000 - ET DROP Dshield Block Listed Source (bleeding-dshield.rules)
2403000 - ET DROP Dshield Block Listed Source - BLOCKING (bleeding-dshield-BLOCK.rules)
2404000 - ET DROP Known Bot C&C Server Traffic (group 1) (bleeding-botcc.rules)
2404001 - ET DROP Known Bot C&C Server Traffic (group 2) (bleeding-botcc.rules)
2404002 - ET DROP Known Bot C&C Server Traffic (group 3) (bleeding-botcc.rules)
2404003 - ET DROP Known Bot C&C Server Traffic (group 4) (bleeding-botcc.rules)
2404004 - ET DROP Known Bot C&C Server Traffic (group 5) (bleeding-botcc.rules)
2404005 - ET DROP Known Bot C&C Server Traffic (group 6) (bleeding-botcc.rules)
2404006 - ET DROP Known Bot C&C Server Traffic (group 7) (bleeding-botcc.rules)
2404007 - ET DROP Known Bot C&C Server Traffic (group 8) (bleeding-botcc.rules)
2404008 - ET DROP Known Bot C&C Server Traffic (group 9) (bleeding-botcc.rules)
2404009 - ET DROP Known Bot C&C Server Traffic (group 10) (bleeding-botcc.rules)
2404010 - ET DROP Known Bot C&C Server Traffic (group 11) (bleeding-botcc.rules)
2404011 - ET DROP Known Bot C&C Server Traffic (group 12) (bleeding-botcc.rules)
2404012 - ET DROP Known Bot C&C Server Traffic (group 13) (bleeding-botcc.rules)
2404013 - ET DROP Known Bot C&C Server Traffic (group 14) (bleeding-botcc.rules)
2404014 - ET DROP Known Bot C&C Server Traffic (group 15) (bleeding-botcc.rules)
2404015 - ET DROP Known Bot C&C Server Traffic (group 16) (bleeding-botcc.rules)
2404016 - ET DROP Known Bot C&C Server Traffic (group 17) (bleeding-botcc.rules)
2404017 - ET DROP Known Bot C&C Server Traffic (group 18) (bleeding-botcc.rules)
2404018 - ET DROP Known Bot C&C Server Traffic (group 19) (bleeding-botcc.rules)
2404019 - ET DROP Known Bot C&C Server Traffic (group 20) (bleeding-botcc.rules)
2404020 - ET DROP Known Bot C&C Server Traffic (group 21) (bleeding-botcc.rules)
2405000 - ET DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405001 - ET DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405002 - ET DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405003 - ET DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405004 - ET DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405005 - ET DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405006 - ET DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405007 - ET DROP Known Bot C&C Traffic (group 8) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405008 - ET DROP Known Bot C&C Traffic (group 9) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405009 - ET DROP Known Bot C&C Traffic (group 10) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405010 - ET DROP Known Bot C&C Traffic (group 11) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405011 - ET DROP Known Bot C&C Traffic (group 12) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405012 - ET DROP Known Bot C&C Traffic (group 13) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405013 - ET DROP Known Bot C&C Traffic (group 14) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405014 - ET DROP Known Bot C&C Traffic (group 15) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405015 - ET DROP Known Bot C&C Traffic (group 16) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405016 - ET DROP Known Bot C&C Traffic (group 17) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405017 - ET DROP Known Bot C&C Traffic (group 18) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405018 - ET DROP Known Bot C&C Traffic (group 19) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405019 - ET DROP Known Bot C&C Traffic (group 20) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
2405020 - ET DROP Known Bot C&C Traffic (group 21) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
[---] Removed rules: [---]
2400001 - ET DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
2400002 - ET DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
2400003 - ET DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
2400004 - ET DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
2401001 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
2401002 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
2401003 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
2401004 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
[+++] Added non-rule lines: [+++]
-> Added to bleeding-drop-BLOCK.rules (2):
# VERSION 1106
# Generated 2008-04-02 01:03:02 EDT
-> Added to bleeding-drop.rules (2):
# VERSION 1106
# Generated 2008-04-02 01:03:02 EDT
-> Added to bleeding-sid-msg.map (10):
2000600 || ET MALWARE MyWebSearch Toolbar Receiving Configuration
2001662 || ET MALWARE MyWebSearch Toolbar Traffic (Agent)
2001663 || ET MALWARE MyWebSearch Toolbar Traffic (host)
2002818 || ET MALWARE MyWebSearch Toolbar Traffic (general download)
2002819 || ET MALWARE MyWebSearch Toolbar Traffic (bin download)
2002836 || ET MALWARE MyWebSearch Toolbar Traffic (bar config download)
2003222 || ET MALWARE MyWebSearch Toolbar Receiving Config 2
2003617 || ET MALWARE MyWebSearch Toolbar Posting Activity Report
2003621 || ET MALWARE MyWay Spyware Posting Activity Report - Dell Related
2008080 || ET CURRENT_EVENTS Real Player rmoc3260.dll ActiveX Remote Code Execution Exploit || url,www.milw0rm.com/exploits/5332 || cve,CVE-2008-1309 || bugtraq,28157
-> Added to bleeding-sid-msg.map.txt (10):
2000600 || ET MALWARE MyWebSearch Toolbar Receiving Configuration
2001662 || ET MALWARE MyWebSearch Toolbar Traffic (Agent)
2001663 || ET MALWARE MyWebSearch Toolbar Traffic (host)
2002818 || ET MALWARE MyWebSearch Toolbar Traffic (general download)
2002819 || ET MALWARE MyWebSearch Toolbar Traffic (bin download)
2002836 || ET MALWARE MyWebSearch Toolbar Traffic (bar config download)
2003222 || ET MALWARE MyWebSearch Toolbar Receiving Config 2
2003617 || ET MALWARE MyWebSearch Toolbar Posting Activity Report
2003621 || ET MALWARE MyWay Spyware Posting Activity Report - Dell Related
2008080 || ET CURRENT_EVENTS Real Player rmoc3260.dll ActiveX Remote Code Execution Exploit || url,www.milw0rm.com/exploits/5332 || cve,CVE-2008-1309 || bugtraq,28157
-> Added to bleeding.rules (2):
#by akash mahajan.
#temporary, not a perfect sig, will false
[---] Removed non-rule lines: [---]
-> Removed from bleeding-drop-BLOCK.rules (2):
# VERSION 1105
# Generated 2008-04-01 01:03:03 EDT
-> Removed from bleeding-drop.rules (2):
# VERSION 1105
# Generated 2008-04-01 01:03:03 EDT
-> Removed from bleeding-sid-msg.map (17):
2000600 || ET MALWARE Malware MyWebSearch Toolbar Receiving Configuration
2001662 || ET MALWARE Malware MyWebSearch Toolbar Traffic (Agent)
2001663 || ET MALWARE Malware MyWebSearch Toolbar Traffic (host)
2002818 || ET MALWARE Malware MyWebSearch Toolbar Traffic (general download)
2002819 || ET MALWARE Malware MyWebSearch Toolbar Traffic (bin download)
2002836 || ET MALWARE Malware MyWebSearch Toolbar Traffic (bar config download)
2003222 || ET MALWARE Malware MyWebSearch Toolbar Receiving Config 2
2003617 || ET MALWARE Malware MyWebSearch Toolbar Posting Activity Report
2003621 || ET MALWARE Malware MyWay Spyware Posting Activity Report - Dell Related
2400001 || ET DROP Spamhaus DROP Listed Traffic Inbound || url,www.spamhaus.org/drop/drop.lasso
2400002 || ET DROP Spamhaus DROP Listed Traffic Inbound || url,www.spamhaus.org/drop/drop.lasso
2400003 || ET DROP Spamhaus DROP Listed Traffic Inbound || url,www.spamhaus.org/drop/drop.lasso
2400004 || ET DROP Spamhaus DROP Listed Traffic Inbound || url,www.spamhaus.org/drop/drop.lasso
2401001 || ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE || url,www.spamhaus.org/drop/drop.lasso
2401002 || ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE || url,www.spamhaus.org/drop/drop.lasso
2401003 || ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE || url,www.spamhaus.org/drop/drop.lasso
2401004 || ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE || url,www.spamhaus.org/drop/drop.lasso
-> Removed from bleeding-sid-msg.map.txt (17):
2000600 || ET MALWARE Malware MyWebSearch Toolbar Receiving Configuration
2001662 || ET MALWARE Malware MyWebSearch Toolbar Traffic (Agent)
2001663 || ET MALWARE Malware MyWebSearch Toolbar Traffic (host)
2002818 || ET MALWARE Malware MyWebSearch Toolbar Traffic (general download)
2002819 || ET MALWARE Malware MyWebSearch Toolbar Traffic (bin download)
2002836 || ET MALWARE Malware MyWebSearch Toolbar Traffic (bar config download)
2003222 || ET MALWARE Malware MyWebSearch Toolbar Receiving Config 2
2003617 || ET MALWARE Malware MyWebSearch Toolbar Posting Activity Report
2003621 || ET MALWARE Malware MyWay Spyware Posting Activity Report - Dell Related
2400001 || ET DROP Spamhaus DROP Listed Traffic Inbound || url,www.spamhaus.org/drop/drop.lasso
2400002 || ET DROP Spamhaus DROP Listed Traffic Inbound || url,www.spamhaus.org/drop/drop.lasso
2400003 || ET DROP Spamhaus DROP Listed Traffic Inbound || url,www.spamhaus.org/drop/drop.lasso
2400004 || ET DROP Spamhaus DROP Listed Traffic Inbound || url,www.spamhaus.org/drop/drop.lasso
2401001 || ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE || url,www.spamhaus.org/drop/drop.lasso
2401002 || ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE || url,www.spamhaus.org/drop/drop.lasso
2401003 || ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE || url,www.spamhaus.org/drop/drop.lasso
2401004 || ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE || url,www.spamhaus.org/drop/drop.lasso
More information about the Emerging-updates
mailing list