For those of you that aren’t aware…. Bleeding Snort is a collection of “bleeding edge” snort signatures. Snort is an intrusion detection framework. This note is by way of SARC that the bleedingsnort.org domain is now no longer under their control. bleedingsnort.com is and continues to be their official domain. Unfortunately it appears as though the .org address may now be used as a host for malware. (It’s at least currently serving up ads to leech off the mistaken traffic.) SOOOO…. bottom line – bleedingsnort.com is the official site for the Bleeding Edge Snort project. More details here.
Tag: SARC
-
Linux network worm…
There is a linux network worm (virus) in the wild, which I’ve mentioned already in an earlier post. I did want to take a few moments to highlight this and dispell a few myths. (This is the first linux virus I recall seeing over at SARC in the last couple years….) Myth #1) linux doesn’t get viruses…. bull, this current worm is proof. Myth #2) if linux had bigger market share there would be tons of linux viruses – Maybe, but remember that much of the internet’s backbone runs on linux (all the machines at my providers webhosting company and indeed MANY others)
-
Zotob updates
A couple of late afternoon updates at the handlers diary at incidents.org (sans institute). For starters, it looks like there may be a variation of zotob that has a mass mailer included. I didn’t specifically see this in SARC’s writeups of zotob.a or zotob.b, so, I’m wondering if this is going to be a .c? This variant connects to the same IRC server as the others, but a different channel. (The IRC connection was to allow remote control.)