List Info

Thread: Bleeding Edge Threats Daily Signature Changes
Bleeding Edge Threats Daily Signature Changes
country flaguser name
United States		 2007-07-27 19:00:13 
[***] Results from Oinkmaster started Sat Jul 28 00:00:13
2007 [***]

[+++]          Added rules:          [+++]

 2006417 - BLEEDING-EDGE ATTACK-RESPONSE Weak Netbios Lanman
Auth Challenge Detected (bleeding-attack_response.rules)
 2006434 - BLEEDING-EDGE POLICY Possible Ecard Trojan
download (bleeding-policy.rules)
 2006435 - BLEEDING-EDGE SCAN LibSSH Based SSH Bruteforce
Attempt (bleeding-scan.rules)
 2006436 - BLEEDING-EDGE CURRENT_EVENTS FireFox Remote
Command EXE Mailto Link Detected (bleeding.rules)
 2006437 - BLEEDING-EDGE CURRENT_EVENTS FireFox Remote
Command EXE News Link Detected (bleeding.rules)
 2006438 - BLEEDING-EDGE CURRENT_EVENTS FireFox Remote
Command EXE Nntp Link Detected (bleeding.rules)
 2006439 - BLEEDING-EDGE CURRENT_EVENTS FireFox Remote
Command EXE Snews Link Detected (bleeding.rules)
 2006440 - BLEEDING-EDGE CURRENT_EVENTS FireFox Remote
Command EXE Telnet Link Detected (bleeding.rules)


[///]     Modified active rules:     [///]

 2002970 - BLEEDING-EDGE MALWARE VB WinHTTP User Agent -
Possible Malware (bleeding-malware.rules)
 2006390 - BLEEDING-EDGE CURRENT_EVENTS Known Storm Worm
Master site (bleeding.rules)
 2400000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic
Inbound (bleeding-drop.rules)
 2400001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic
Inbound (bleeding-drop.rules)
 2400002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic
Inbound (bleeding-drop.rules)
 2400003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic
Inbound (bleeding-drop.rules)
 2400004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic
Inbound (bleeding-drop.rules)
 2401000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic
Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic
Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic
Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic
Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic
Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source
(bleeding-dshield.rules)
 2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source -
BLOCKING (bleeding-dshield-BLOCK.rules)
 2404000 - BLEEDING-EDGE DROP Known Bot C&C Server
Traffic (group 1)  (bleeding-botcc.rules)
 2404001 - BLEEDING-EDGE DROP Known Bot C&C Server
Traffic (group 2)  (bleeding-botcc.rules)
 2404002 - BLEEDING-EDGE DROP Known Bot C&C Server
Traffic (group 3)  (bleeding-botcc.rules)
 2404003 - BLEEDING-EDGE DROP Known Bot C&C Server
Traffic (group 4)  (bleeding-botcc.rules)
 2404004 - BLEEDING-EDGE DROP Known Bot C&C Server
Traffic (group 5)  (bleeding-botcc.rules)
 2404005 - BLEEDING-EDGE DROP Known Bot C&C Server
Traffic (group 6)  (bleeding-botcc.rules)
 2404006 - BLEEDING-EDGE DROP Known Bot C&C Server
Traffic (group 7)  (bleeding-botcc.rules)
 2404007 - BLEEDING-EDGE DROP Known Bot C&C Server
Traffic (group 8)  (bleeding-botcc.rules)
 2404008 - BLEEDING-EDGE DROP Known Bot C&C Server
Traffic (group 9)  (bleeding-botcc.rules)
 2404009 - BLEEDING-EDGE DROP Known Bot C&C Server
Traffic (group 10)  (bleeding-botcc.rules)
 2405000 - BLEEDING-EDGE DROP Known Bot C&C Traffic
(group 1) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405001 - BLEEDING-EDGE DROP Known Bot C&C Traffic
(group 2) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405002 - BLEEDING-EDGE DROP Known Bot C&C Traffic
(group 3) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405003 - BLEEDING-EDGE DROP Known Bot C&C Traffic
(group 4) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405004 - BLEEDING-EDGE DROP Known Bot C&C Traffic
(group 5) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405005 - BLEEDING-EDGE DROP Known Bot C&C Traffic
(group 6) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405006 - BLEEDING-EDGE DROP Known Bot C&C Traffic
(group 7) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405007 - BLEEDING-EDGE DROP Known Bot C&C Traffic
(group 8) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405008 - BLEEDING-EDGE DROP Known Bot C&C Traffic
(group 9) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405009 - BLEEDING-EDGE DROP Known Bot C&C Traffic
(group 10) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)


[---]         Removed rules:         [---]

 2006417 - BLEEDING-EDGE POLICY Weak Netbios Lanman Auth
Challenge Detected (bleeding-policy.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-attack_response.rules (3):
        #by Adam Ellison
        # Detects the old style weak and crackable windows
auth in use. By default this should not be in
        #  active use, but can be forced by hostile parties
by a number of methods

     -> Added to bleeding-drop-BLOCK.rules (1):
        #  VERSION 258

     -> Added to bleeding-drop.rules (1):
        #  VERSION 258

     -> Added to bleeding-policy.rules (1):
        #to catch the common urls for storm worm downloads,
etc

     -> Added to bleeding-scan.rules (2):
        #by Jabal Raval
        # this string is very unlikely to be seen in normal
traffic

     -> Added to bleeding-sid-msg.map (8):
        2006417 || BLEEDING-EDGE ATTACK-RESPONSE Weak
Netbios Lanman Auth Challenge Detected
        2006434 || BLEEDING-EDGE POLICY Possible Ecard
Trojan download
        2006435 || BLEEDING-EDGE SCAN LibSSH Based SSH
Bruteforce Attempt
        2006436 || BLEEDING-EDGE CURRENT_EVENTS FireFox
Remote Command EXE Mailto Link Detected ||
url,xs-sniper.com/blog/remote-command-exec-firefox-2005/
        2006437 || BLEEDING-EDGE CURRENT_EVENTS FireFox
Remote Command EXE News Link Detected ||
url,xs-sniper.com/blog/remote-command-exec-firefox-2005/
        2006438 || BLEEDING-EDGE CURRENT_EVENTS FireFox
Remote Command EXE Nntp Link Detected ||
url,xs-sniper.com/blog/remote-command-exec-firefox-2005/
        2006439 || BLEEDING-EDGE CURRENT_EVENTS FireFox
Remote Command EXE Snews Link Detected ||
url,xs-sniper.com/blog/remote-command-exec-firefox-2005/
        2006440 || BLEEDING-EDGE CURRENT_EVENTS FireFox
Remote Command EXE Telnet Link Detected ||
url,xs-sniper.com/blog/remote-command-exec-firefox-2005/

     -> Added to bleeding.rules (1):
        #by Scott Melnick

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-drop-BLOCK.rules (1):
        #  VERSION 256

     -> Removed from bleeding-drop.rules (1):
        #  VERSION 256

     -> Removed from bleeding-policy.rules (3):
        #by Adam Ellison
        # Detects the old style weak and crackable windows
auth in use. By default this should not be in
        #  active use, but can be forced by hostile parties
by a number of methods

     -> Removed from bleeding-sid-msg.map (1):
        2006417 || BLEEDING-EDGE POLICY Weak Netbios Lanman
Auth Challenge Detected

_______________________________________________
Bleeding-sigs mailing list
Bleeding-sigsbleedingthreats.net
http://lists.bleedingthreats.net/cgi-bin/
mailman/listinfo/bleeding-sigs
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )