[Emerging-updates] Live Commit Output

emerging@emergingthreats.net emerging at emergingthreats.net
Fri Mar 7 17:39:21 EST 2008


[***] Results from Oinkmaster started Fri Mar  7 17:39:21 2008 [***]

[+++]          Added rules:          [+++]

 2007941 - ET MALWARE Invalid HTTP GET Request - Often Malware Related (bleeding-malware.rules)


[///]     Modified active rules:     [///]

 2007939 - ET TROJAN Delf Checkin via HTTP (up) (bleeding-virus.rules)
 2007940 - ET TROJAN Banker.ili HTTP Checkin (bleeding-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-malware.rules (3):
        # Seeing several bits of malware that are creating their http get's
        #  incorrectly. They're adding an http://domain.com/url to the GET string,
        #  which should be just the uri. This will catch those

     -> Added to bleeding-sid-msg.map (3):
        2007939 || ET TROJAN Delf Checkin via HTTP (up)
        2007940 || ET TROJAN Banker.ili HTTP Checkin
        2007941 || ET MALWARE Invalid HTTP GET Request - Often Malware Related || url,doc.emergingthreats.net/2007941

     -> Added to bleeding-sid-msg.map.txt (3):
        2007939 || ET TROJAN Delf Checkin via HTTP (up)
        2007940 || ET TROJAN Banker.ili HTTP Checkin
        2007941 || ET MALWARE Invalid HTTP GET Request - Often Malware Related || url,doc.emergingthreats.net/2007941

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-attack_response.rules (1):
        # $Id: bleeding-attack_response.rules $

     -> Removed from bleeding-dos.rules (1):
        # $Id: bleeding-dos.rules $

     -> Removed from bleeding-exploit.rules (1):
        # $Id: bleeding-exploit.rules $

     -> Removed from bleeding-game.rules (1):
        # $Id: bleeding-game.rules $

     -> Removed from bleeding-inappropriate.rules (1):
        # $Id: bleeding-inappropriate.rules $

     -> Removed from bleeding-malware.rules (1):
        # $Id: bleeding-malware.rules $

     -> Removed from bleeding-p2p.rules (1):
        # $Id: bleeding-p2p.rules $

     -> Removed from bleeding-policy.rules (1):
        # $Id: bleeding-policy.rules $

     -> Removed from bleeding-scan.rules (1):
        # $Id: bleeding-scan.rules $

     -> Removed from bleeding-sid-msg.map (2):
        2007939 || ET TROJAN Delf Checkin via HTTP
        2007940 || ET TROJAN Banker.li HTTP Checkin

     -> Removed from bleeding-sid-msg.map.txt (2):
        2007939 || ET TROJAN Delf Checkin via HTTP
        2007940 || ET TROJAN Banker.li HTTP Checkin

     -> Removed from bleeding-virus.rules (1):
        # $Id: bleeding-virus.rules $

     -> Removed from bleeding-voip.rules (1):
        # $Id: bleeding-voip.rules $

     -> Removed from bleeding-web.rules (1):
        # $Id: bleeding-web.rules $

     -> Removed from bleeding-web_sql_injection.rules (1):
        # $Id: bleeding-web_sql_injection.rules $

     -> Removed from bleeding.rules (1):
        # $Id: bleeding.rules $



More information about the Emerging-updates mailing list