Snort mailing list archives

Re: Adware/Malware Rules List

From: James Nonya <slave_tothe_box () yahoo com>
Date: Tue, 2 Mar 2004 11:39:24 -0800 (PST)

Ok....here it is..I've added the last one (hotbar)

alert tcp any any -> any any (msg:"Malware Keenvalue";
content:"Keenvalue";nocase;)
alert tcp any any -> any any (msg:"Malware flowgo";
content:"flowgo";nocase;)
alert tcp any any -> any any (msg:"Malware
2020search"; content:"2020search";nocase;)
alert tcp any any -> any any (msg:"Malware
rcprograms"; content:"rcprograms";nocase;)
alert tcp any any -> any any (msg:"Malware gator";
content:"webpdpcookie";nocase;)
alert tcp any any -> any any (msg:"Malware hotbar";
content:"hotbar";nocase;)

I altered them from "alert ip" to alert tcp...udp was
picking up DNS requests ;-)

James

On Tue, 02 Mar 2004 08:39:44 -0800
"Bryan Irvine" <bryan.irvine () kingcountyjournal com>
wrote:

I must have missed that original post or I would

have downloaded those.

We are having some problems here with so called

"spyware".


Did you get these from anyone yet?

--Bryan

On Mon, 2004-03-01 at 09:37, Max Valdez wrote:

On Friday 27 February 2004 10:05 am, Darden,

Patrick S. wrote:

I had a large number of requests for my ruleset

for Ad/Malware, so I have

placed it on the web at:

https://www.armc.org/malware/

<https://www.armc.org/malware/>


It ain't nothing special, but it works for us.

If you have any additions,

please email me so we can
make this ruleset grow into something useful.

Thanks,
--Patrick Darden
--Internetworking Manager


Anyone got this ?? i cannot conect to the site

since friday

Max

-------------------------------------------------------

SF.Net is sponsored by: Speed Start Your Linux Apps

Now.

Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!

http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or

unsubscribe:

https://lists.sourceforge.net/lists/listinfo/snort-users

Snort-users list archive:

http://www.geocrawler.com/redir-sf.php3?list=snort-users


__________________________________
Do you Yahoo!?
Yahoo! Search - Find what youre looking for faster
http://search.yahoo.com


-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Adware/Malware Rules List Darden, Patrick S. (Feb 27)
- RE: Adware/Malware Rules List Jerry Shenk (Feb 29)
  - RE: Adware/Malware Rules List Mark E. Donaldson (Feb 29)
- Re: Adware/Malware Rules List Max Valdez (Mar 01)
  - Re: Adware/Malware Rules List Bryan Irvine (Mar 02)
- <Possible follow-ups>
- Re: Adware/Malware Rules List James Nonya (Mar 02)
  - RE: Adware/Malware Rules List Jerry Shenk (Mar 04)