List Info

Thread: Bleeding Edge Threats Daily Signature Changes
Bleeding Edge Threats Daily Signature Changes
country flaguser name
United States		 2007-10-28 15:00:12 
[***] Results from Oinkmaster started Sun Oct 28 20:00:12
2007 [***]

[---]         Disabled rules:        [---]

 2006436 - BLEEDING-EDGE CURRENT_EVENTS FireFox Remote
Command EXE Mailto Link Detected (bleeding.rules)
 2006437 - BLEEDING-EDGE CURRENT_EVENTS FireFox Remote
Command EXE News Link Detected (bleeding.rules)
 2006438 - BLEEDING-EDGE CURRENT_EVENTS FireFox Remote
Command EXE Nntp Link Detected (bleeding.rules)
 2006439 - BLEEDING-EDGE CURRENT_EVENTS FireFox Remote
Command EXE Snews Link Detected (bleeding.rules)
 2006440 - BLEEDING-EDGE CURRENT_EVENTS FireFox Remote
Command EXE Telnet Link Detected (bleeding.rules)
 2007342 - BLEEDING-EDGE CURRENT_EVENTS Vulnerable MS
FlashPix ActiveX Control in Use (bleeding.rules)


[---]         Removed rules:         [---]

 2003169 - BLEEDING-EDGE CURRENT EVENTS Microsoft XMLHTTPD
CLSID in use - Possible Attack (bleeding.rules)
 2003588 - BLEEDING-EDGE CURRENT EVENTS Worm.Pyks HTTP
C&C Traffic (User-Agent skw00001) (bleeding.rules)
 2003589 - BLEEDING-EDGE CURRENT EVENTS Worm.Pyks HTTP
C&C Post Traffic (User-Agent h9tslbw0) (bleeding.rules)
 2006358 - BLEEDING-EDGE CURRENT_EVENTS Unknown Bot initial
connection open (bleeding.rules)
 2006359 - BLEEDING-EDGE CURRENT_EVENTS Unknown Bot
connection second step (bleeding.rules)
 2006360 - BLEEDING-EDGE CURRENT_EVENTS Unknown Bot C&C
Channel -- Please report to bleedingbleedingthreats.net
(bleeding.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (190):
        2500077 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (78) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500078 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (79) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500079 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (80) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500080 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (81) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500081 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (82) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500082 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (83) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500083 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (84) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500084 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (85) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500085 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (86) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500086 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (87) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500087 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (88) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500088 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (89) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500089 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (90) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500090 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (91) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500091 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (92) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500092 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (93) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500093 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (94) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500094 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (95) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500095 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (96) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500096 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (97) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500097 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (98) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500098 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (99) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500099 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (100) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500100 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (101) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500101 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (102) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500102 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (103) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500103 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (104) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500104 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (105) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500105 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (106) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500106 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (107) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500107 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (108) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500108 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (109) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500109 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (110) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500110 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (111) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500111 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (112) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500112 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (113) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500113 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (114) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500114 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (115) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500115 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (116) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500116 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (117) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500117 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (118) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500118 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (119) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500119 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (120) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500120 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (121) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500121 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (122) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500122 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (123) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500123 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (124) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500124 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (125) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500125 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (126) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500126 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (127) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500127 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (128) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500128 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (129) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500129 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (130) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500130 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (131) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500131 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (132) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500132 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (133) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500133 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (134) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500134 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (135) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500135 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (136) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500136 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (137) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500137 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (138) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500138 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (139) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500139 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (140) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500140 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (141) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500141 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (142) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500142 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (143) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500143 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (144) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500144 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (145) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500145 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (146) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500146 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (147) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500147 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (148) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500148 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (149) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500149 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (150) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500150 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (151) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500151 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (152) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500152 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (153) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500153 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (154) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500154 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (155) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500155 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (156) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500156 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (157) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500157 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (158) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500158 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (159) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500159 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (160) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500160 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (161) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500161 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (162) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500162 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (163) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500163 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (164) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500164 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (165) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500165 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (166) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500166 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (167) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500167 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (168) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500168 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (169) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500169 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (170) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500170 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (171) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2500171 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic (172) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510077 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (78) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510078 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (79) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510079 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (80) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510080 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (81) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510081 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (82) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510082 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (83) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510083 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (84) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510084 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (85) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510085 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (86) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510086 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (87) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510087 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (88) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510088 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (89) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510089 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (90) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510090 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (91) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510091 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (92) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510092 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (93) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510093 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (94) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510094 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (95) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510095 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (96) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510096 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (97) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510097 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (98) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510098 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (99) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510099 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (100) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510100 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (101) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510101 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (102) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510102 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (103) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510103 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (104) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510104 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (105) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510105 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (106) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510106 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (107) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510107 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (108) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510108 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (109) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510109 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (110) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510110 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (111) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510111 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (112) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510112 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (113) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510113 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (114) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510114 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (115) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510115 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (116) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510116 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (117) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510117 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (118) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510118 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (119) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510119 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (120) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510120 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (121) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510121 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (122) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510122 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (123) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510123 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (124) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510124 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (125) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510125 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (126) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510126 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (127) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510127 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (128) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510128 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (129) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510129 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (130) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510130 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (131) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510131 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (132) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510132 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (133) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510133 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (134) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510134 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (135) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510135 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (136) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510136 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (137) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510137 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (138) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510138 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (139) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510139 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (140) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510140 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (141) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510141 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (142) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510142 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (143) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510143 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (144) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510144 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (145) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510145 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (146) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510146 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (147) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510147 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (148) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510148 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (149) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510149 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (150) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510150 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (151) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510151 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (152) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510152 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (153) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510153 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (154) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510154 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (155) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510155 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (156) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510156 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (157) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510157 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (158) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510158 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (159) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510159 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (160) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510160 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (161) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510161 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (162) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510162 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (163) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510163 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (164) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510164 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (165) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510165 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (166) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510166 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (167) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510167 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (168) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510168 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (169) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510169 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (170) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510170 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (171) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts
        2510171 || BLEEDING-EDGE COMPROMISED Known
Compromised or Hostile Host Traffic - BLOCKING (172) ||
url,doc.bleedingthreats.net/bin/view/Main/CompromisedHosts

     -> Added to bleeding.rules (1):
        #threat passed, too high load to keep for long term.
To be removed soon

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (6):
        2003169 || BLEEDING-EDGE CURRENT EVENTS Microsoft
XMLHTTPD CLSID in use - Possible Attack || cve,2006-5745 ||
url,www.microsoft.com/technet/security/Bulletin/MS06-071.msp
x ||
url,www.microsoft.com/technet/security/advisory/927892.mspx
|| url,www.frsirt.com/english/advisories/2006/4334
        2003588 || BLEEDING-EDGE CURRENT EVENTS Worm.Pyks
HTTP C&C Traffic (User-Agent skw00001) ||
url,doc.bleedingthreats.net/2003588
        2003589 || BLEEDING-EDGE CURRENT EVENTS Worm.Pyks
HTTP C&C Post Traffic (User-Agent h9tslbw0) ||
url,doc.bleedingthreats.net/2003589
        2006358 || BLEEDING-EDGE CURRENT_EVENTS Unknown Bot
initial connection open
        2006359 || BLEEDING-EDGE CURRENT_EVENTS Unknown Bot
connection second step
        2006360 || BLEEDING-EDGE CURRENT_EVENTS Unknown Bot
C&C Channel -- Please report to bleedingbleedingthreats.net

     -> Removed from bleeding.rules (9):
        #may not last long, so putting this in current
events until more information and a better sig is
available.
        #matt Jonkman
        #set for deletion
        #by matt jonkman
        # some new bot. uses some new C&C method, this
should detect it. Haven't decrypted the comunication yet
        # AV does not have a name for it yet
        #by matt Jonkman, sample submitted anonymously
        # I'm putting these sigs in current events because
the worm will likely morph quickly making them obsolete.
        # If it doesn't we'll move these into a permanent
ruleset

_______________________________________________
Bleeding-sigs mailing list
Bleeding-sigsbleedingthreats.net
http://lists.bleedingthreats.net/cgi-bin/
mailman/listinfo/bleeding-sigs
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )