Snort mailing list archives
Re: Adware/Malware Rules List
From: James Nonya <slave_tothe_box () yahoo com>
Date: Tue, 2 Mar 2004 11:39:24 -0800 (PST)
Ok....here it is..I've added the last one (hotbar) alert tcp any any -> any any (msg:"Malware Keenvalue"; content:"Keenvalue";nocase;) alert tcp any any -> any any (msg:"Malware flowgo"; content:"flowgo";nocase;) alert tcp any any -> any any (msg:"Malware 2020search"; content:"2020search";nocase;) alert tcp any any -> any any (msg:"Malware rcprograms"; content:"rcprograms";nocase;) alert tcp any any -> any any (msg:"Malware gator"; content:"webpdpcookie";nocase;) alert tcp any any -> any any (msg:"Malware hotbar"; content:"hotbar";nocase;) I altered them from "alert ip" to alert tcp...udp was picking up DNS requests ;-) James On Tue, 02 Mar 2004 08:39:44 -0800 "Bryan Irvine" <bryan.irvine () kingcountyjournal com> wrote:
I must have missed that original post or I would
have downloaded those.
We are having some problems here with so called
"spyware".
Did you get these from anyone yet? --Bryan On Mon, 2004-03-01 at 09:37, Max Valdez wrote:On Friday 27 February 2004 10:05 am, Darden,
Patrick S. wrote:
I had a large number of requests for my ruleset
for Ad/Malware, so I have
placed it on the web at: https://www.armc.org/malware/
<https://www.armc.org/malware/>
It ain't nothing special, but it works for us.
If you have any additions,
please email me so we can make this ruleset grow into something useful. Thanks, --Patrick Darden --Internetworking ManagerAnyone got this ?? i cannot conect to the site
since friday
Max
-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps
Now.
Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or
unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users __________________________________ Do you Yahoo!? Yahoo! Search - Find what youre looking for faster http://search.yahoo.com ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Adware/Malware Rules List Darden, Patrick S. (Feb 27)
- RE: Adware/Malware Rules List Jerry Shenk (Feb 29)
- RE: Adware/Malware Rules List Mark E. Donaldson (Feb 29)
- Re: Adware/Malware Rules List Max Valdez (Mar 01)
- Re: Adware/Malware Rules List Bryan Irvine (Mar 02)
- <Possible follow-ups>
- Re: Adware/Malware Rules List James Nonya (Mar 02)
- RE: Adware/Malware Rules List Jerry Shenk (Mar 04)
- RE: Adware/Malware Rules List Jerry Shenk (Feb 29)