[prev in list] [next in list] [prev in thread] [next in thread]
List: emerging-sigs
Subject: [Emerging-Sigs] Emerging Threats Weekly Signature Changes
From: emerging () emergingthreats ! net (emerging () emergingthreats ! net)
Date: 2008-10-25 22:00:08
Message-ID: 20081025220008.F003345026 () goliath ! jonkmans ! com
[Download RAW message or body]
[***] Results from Oinkmaster started Sat Oct 25 18:00:08 2008 [***]
[+++] Added rules: [+++]
2008678 - ET EXPLOIT Hummingbird Deployment Wizard 2008 ActiveX Insecure Methods \
(emerging-exploit.rules) 2008679 - ET WEB_SPECIFIC CafeEngine id Remote SQL \
Injection (dish.php) (emerging-web_sql_injection.rules) 2008680 - ET WEB_SPECIFIC \
CafeEngine id Remote SQL Injection (menu.php) (emerging-web_sql_injection.rules) \
2008681 - ET MALWARE iframebiz - /qwertyuiyw12ertyuytre/adv***.php \
(emerging-malware.rules) 2008682 - ET TROJAN Trojan.Zonebac.D (emerging-virus.rules)
2008683 - ET EXPLOIT Dart Communications PowerTCP FTP for ActiveX DartFtp.dll \
Control Buffer Overflow (emerging-exploit.rules) 2008684 - ET WEB_SPECIFIC E-Shop \
Shopping Cart Script search_results.php SQL Injection \
(emerging-web_sql_injection.rules) 2008685 - ET WEB_SPECIFIC Joomla DS-Syndicate \
Component feed_id SQL Injection (emerging-web_sql_injection.rules) 2008686 - ET \
WEB_SPECIFIC zeeproperty adid Parameter Remote SQL Injection \
(emerging-web_sql_injection.rules) 2008687 - ET WEB PassWiki site_id Parameter Local \
File Inclusion (emerging-web.rules) 2008688 - ET WEB_SPECIFIC XOOPS Makale Module id \
SQL Injection (emerging-web_sql_injection.rules) 2008689 - ET TROJAN Gimmiv.A.dll \
Infection (emerging-virus.rules) 2008690 - ET EXPLOIT Microsoft Windows NETAPI Stack \
Overflow Inbound - MS08-067 (1) (emerging-exploit.rules) 2008691 - ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (2) \
(emerging-exploit.rules) 2008692 - ET EXPLOIT Microsoft Windows NETAPI Stack \
Overflow Inbound - MS08-067 (3) (emerging-exploit.rules) 2008693 - ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (4) \
(emerging-exploit.rules) 2008694 - ET EXPLOIT Microsoft Windows NETAPI Stack \
Overflow Inbound - MS08-067 (5) (emerging-exploit.rules) 2008695 - ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (6) \
(emerging-exploit.rules) 2008696 - ET EXPLOIT Microsoft Windows NETAPI Stack \
Overflow Inbound - MS08-067 (7) (emerging-exploit.rules) 2008697 - ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (8) \
(emerging-exploit.rules) 2008698 - ET EXPLOIT Microsoft Windows NETAPI Stack \
Overflow Inbound - MS08-067 (9) (emerging-exploit.rules) 2008699 - ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (10) \
(emerging-exploit.rules) 2008700 - ET EXPLOIT Microsoft Windows NETAPI Stack \
Overflow Inbound - MS08-067 - Known Exploit Instance (emerging-exploit.rules) \
2008701 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (11) \
(emerging-exploit.rules) 2008702 - ET EXPLOIT Microsoft Windows NETAPI Stack \
Overflow Inbound - MS08-067 (12) (emerging-exploit.rules) 2008703 - ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (13) \
(emerging-exploit.rules) 2008704 - ET EXPLOIT Microsoft Windows NETAPI Stack \
Overflow Inbound - MS08-067 (14) (emerging-exploit.rules) 2008705 - ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (15) \
(emerging-exploit.rules) 2008706 - ET EXPLOIT Microsoft Windows NETAPI Stack \
Overflow Inbound - MS08-067 (16) (emerging-exploit.rules) 2008707 - ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (17) \
(emerging-exploit.rules) 2008708 - ET EXPLOIT Microsoft Windows NETAPI Stack \
Overflow Inbound - MS08-067 (18) (emerging-exploit.rules) 2008709 - ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (19) \
(emerging-exploit.rules) 2008710 - ET EXPLOIT Microsoft Windows NETAPI Stack \
Overflow Inbound - MS08-067 (20) (emerging-exploit.rules) 2008711 - ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (21) \
(emerging-exploit.rules) 2008712 - ET EXPLOIT Microsoft Windows NETAPI Stack \
Overflow Inbound - MS08-067 (22) (emerging-exploit.rules) 2008713 - ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (23) \
(emerging-exploit.rules) 2008714 - ET EXPLOIT Microsoft Windows NETAPI Stack \
Overflow Inbound - MS08-067 (24) (emerging-exploit.rules) 2008715 - ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (25) \
(emerging-exploit.rules) 2008716 - ET EXPLOIT Microsoft Windows NETAPI Stack \
Overflow Inbound - MS08-067 (26) (emerging-exploit.rules) 2008717 - ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (27) \
(emerging-exploit.rules) 2008718 - ET EXPLOIT Microsoft Windows NETAPI Stack \
Overflow Inbound - MS08-067 (28) (emerging-exploit.rules) 2008719 - ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (29) \
(emerging-exploit.rules) 2008720 - ET EXPLOIT Microsoft Windows NETAPI Stack \
Overflow Inbound - MS08-067 (30) (emerging-exploit.rules) 2008721 - ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 - Known Exploit Instance \
(2) (emerging-exploit.rules) 2008722 - ET WEB_SPECIFIC Simple Customer contact.php \
SQL injection (emerging-web_sql_injection.rules) 2008723 - ET WEB_SPECIFIC ShopMaker \
product.php id Parameter Remote SQL Injection (emerging-web_sql_injection.rules) \
2008724 - ET WEB_SPECIFIC Bahar Download Script aspkat.asp SQL Injection \
(emerging-web_sql_injection.rules) 2008725 - ET WEB_SPECIFIC WordPress Newsletter \
Plugin newsletter Parameter SQL Injection (emerging-web_sql_injection.rules) 2008726 \
- ET TROJAN Gimmiv Infection Ping Outbound (emerging-virus.rules) 2008727 - ET \
TROJAN Gimmiv Infection Ping Inbound (emerging-virus.rules) 2008728 - ET TROJAN \
General Downloader URL - Post Infection (emerging-virus.rules) 2400008 - ET DROP \
Spamhaus DROP Listed Traffic Inbound (emerging-drop.rules) 2401008 - ET DROP \
Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (emerging-drop-BLOCK.rules) \
2404020 - ET DROP Known Bot C&C Server Traffic (group 21) (emerging-botcc.rules) \
2405020 - ET DROP Known Bot C&C Traffic (group 21) - BLOCKING SOURCE \
(emerging-botcc-BLOCK.rules)
[///] Modified active rules: [///]
2008391 - ET MALWARE Suspicious User-Agent (svchost) (emerging-malware.rules)
2008668 - ET WEB_SPECIFIC myEvent viewevent.php SQL Injection \
(emerging-web_sql_injection.rules) 2008669 - ET WEB_SPECIFIC AstroSPACES profile.php \
SQL Injection (emerging-web_sql_injection.rules) 2008670 - ET WEB_SPECIFIC SweetCMS \
page SQL Injection (emerging-web_sql_injection.rules) 2008672 - ET WEB_SPECIFIC My \
PHP Dating id parameter SQL Injection (emerging-web_sql_injection.rules) 2008673 - \
ET EXPLOIT Microsoft PicturePusher ActiveX Cross Site File Upload Attack \
(emerging-exploit.rules) 2400000 - ET DROP Spamhaus DROP Listed Traffic Inbound \
(emerging-drop.rules) 2400001 - ET DROP Spamhaus DROP Listed Traffic Inbound \
(emerging-drop.rules) 2400002 - ET DROP Spamhaus DROP Listed Traffic Inbound \
(emerging-drop.rules) 2400003 - ET DROP Spamhaus DROP Listed Traffic Inbound \
(emerging-drop.rules) 2400004 - ET DROP Spamhaus DROP Listed Traffic Inbound \
(emerging-drop.rules) 2400005 - ET DROP Spamhaus DROP Listed Traffic Inbound \
(emerging-drop.rules) 2400006 - ET DROP Spamhaus DROP Listed Traffic Inbound \
(emerging-drop.rules) 2400007 - ET DROP Spamhaus DROP Listed Traffic Inbound \
(emerging-drop.rules) 2401000 - ET DROP Spamhaus DROP Listed Traffic Inbound - \
BLOCKING SOURCE (emerging-drop-BLOCK.rules) 2401001 - ET DROP Spamhaus DROP Listed \
Traffic Inbound - BLOCKING SOURCE (emerging-drop-BLOCK.rules) 2401002 - ET DROP \
Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (emerging-drop-BLOCK.rules) \
2401003 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE \
(emerging-drop-BLOCK.rules) 2401004 - ET DROP Spamhaus DROP Listed Traffic Inbound - \
BLOCKING SOURCE (emerging-drop-BLOCK.rules) 2401005 - ET DROP Spamhaus DROP Listed \
Traffic Inbound - BLOCKING SOURCE (emerging-drop-BLOCK.rules) 2401006 - ET DROP \
Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (emerging-drop-BLOCK.rules) \
2401007 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE \
(emerging-drop-BLOCK.rules) 2402000 - ET DROP Dshield Block Listed Source \
(emerging-dshield.rules) 2403000 - ET DROP Dshield Block Listed Source - BLOCKING \
(emerging-dshield-BLOCK.rules) 2404000 - ET DROP Known Bot C&C Server Traffic (group \
1) (emerging-botcc.rules) 2404001 - ET DROP Known Bot C&C Server Traffic (group 2) \
(emerging-botcc.rules) 2404002 - ET DROP Known Bot C&C Server Traffic (group 3) \
(emerging-botcc.rules) 2404003 - ET DROP Known Bot C&C Server Traffic (group 4) \
(emerging-botcc.rules) 2404004 - ET DROP Known Bot C&C Server Traffic (group 5) \
(emerging-botcc.rules) 2404005 - ET DROP Known Bot C&C Server Traffic (group 6) \
(emerging-botcc.rules) 2404006 - ET DROP Known Bot C&C Server Traffic (group 7) \
(emerging-botcc.rules) 2404007 - ET DROP Known Bot C&C Server Traffic (group 8) \
(emerging-botcc.rules) 2404008 - ET DROP Known Bot C&C Server Traffic (group 9) \
(emerging-botcc.rules) 2404009 - ET DROP Known Bot C&C Server Traffic (group 10) \
(emerging-botcc.rules) 2404010 - ET DROP Known Bot C&C Server Traffic (group 11) \
(emerging-botcc.rules) 2404011 - ET DROP Known Bot C&C Server Traffic (group 12) \
(emerging-botcc.rules) 2404012 - ET DROP Known Bot C&C Server Traffic (group 13) \
(emerging-botcc.rules) 2404013 - ET DROP Known Bot C&C Server Traffic (group 14) \
(emerging-botcc.rules) 2404014 - ET DROP Known Bot C&C Server Traffic (group 15) \
(emerging-botcc.rules) 2404015 - ET DROP Known Bot C&C Server Traffic (group 16) \
(emerging-botcc.rules) 2404016 - ET DROP Known Bot C&C Server Traffic (group 17) \
(emerging-botcc.rules) 2404017 - ET DROP Known Bot C&C Server Traffic (group 18) \
(emerging-botcc.rules) 2404018 - ET DROP Known Bot C&C Server Traffic (group 19) \
(emerging-botcc.rules) 2404019 - ET DROP Known Bot C&C Server Traffic (group 20) \
(emerging-botcc.rules) 2405000 - ET DROP Known Bot C&C Traffic (group 1) - BLOCKING \
SOURCE (emerging-botcc-BLOCK.rules) 2405001 - ET DROP Known Bot C&C Traffic (group \
2) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405002 - ET DROP Known Bot C&C \
Traffic (group 3) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405003 - ET DROP \
Known Bot C&C Traffic (group 4) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) \
2405004 - ET DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE \
(emerging-botcc-BLOCK.rules) 2405005 - ET DROP Known Bot C&C Traffic (group 6) - \
BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405006 - ET DROP Known Bot C&C Traffic \
(group 7) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405007 - ET DROP Known Bot \
C&C Traffic (group 8) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405008 - ET \
DROP Known Bot C&C Traffic (group 9) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) \
2405009 - ET DROP Known Bot C&C Traffic (group 10) - BLOCKING SOURCE \
(emerging-botcc-BLOCK.rules) 2405010 - ET DROP Known Bot C&C Traffic (group 11) - \
BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405011 - ET DROP Known Bot C&C Traffic \
(group 12) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405012 - ET DROP Known \
Bot C&C Traffic (group 13) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405013 - \
ET DROP Known Bot C&C Traffic (group 14) - BLOCKING SOURCE \
(emerging-botcc-BLOCK.rules) 2405014 - ET DROP Known Bot C&C Traffic (group 15) - \
BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405015 - ET DROP Known Bot C&C Traffic \
(group 16) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405016 - ET DROP Known \
Bot C&C Traffic (group 17) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405017 - \
ET DROP Known Bot C&C Traffic (group 18) - BLOCKING SOURCE \
(emerging-botcc-BLOCK.rules) 2405018 - ET DROP Known Bot C&C Traffic (group 19) - \
BLOCKING SOURCE (emerging-botcc-BLOCK.rules) 2405019 - ET DROP Known Bot C&C Traffic \
(group 20) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
[+++] Added non-rule lines: [+++]
-> Added to emerging-drop-BLOCK.rules (2):
# VERSION 1338
# Generated 2008-10-25 00:03:02 EDT
-> Added to emerging-drop.rules (2):
# VERSION 1338
# Generated 2008-10-25 00:03:02 EDT
-> Added to emerging-exploit.rules (2):
#by stillsecure
#by Secureworks
-> Added to emerging-malware.rules (1):
#by Deapesh Misra
-> Added to emerging-sid-msg.map (55):
2008678 || ET EXPLOIT Hummingbird Deployment Wizard 2008 ActiveX Insecure \
Methods || url,secunia.com/Advisories/32337/
2008679 || ET WEB_SPECIFIC CafeEngine id Remote SQL Injection (dish.php) || \
url,milw0rm.com/exploits/6762 || url,secunia.com/advisories/32308/
2008680 || ET WEB_SPECIFIC CafeEngine id Remote SQL Injection (menu.php) || \
url,milw0rm.com/exploits/6762 || url,secunia.com/advisories/32308/ 2008681 || ET \
MALWARE iframebiz - /qwertyuiyw12ertyuytre/adv***.php || \
url,www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DLOADR.QC&VSect=T \
|| url,iframecash.biz 2008682 || ET TROJAN Trojan.Zonebac.D
2008683 || ET EXPLOIT Dart Communications PowerTCP FTP for ActiveX \
DartFtp.dll Control Buffer Overflow || url,www.milw0rm.com/exploits/6793 || \
bugtraq,31814
2008684 || ET WEB_SPECIFIC E-Shop Shopping Cart Script search_results.php SQL \
Injection || bugtraq,30692
2008685 || ET WEB_SPECIFIC Joomla DS-Syndicate Component feed_id SQL \
Injection || url,www.milw0rm.com/exploits/6792 || \
url,www.secunia.com/advisories/32321
2008686 || ET WEB_SPECIFIC zeeproperty adid Parameter Remote SQL Injection || \
url,milw0rm.com/exploits/6780 || url,secunia.com/Advisories/32333/
2008687 || ET WEB PassWiki site_id Parameter Local File Inclusion || \
bugtraq,29455
2008688 || ET WEB_SPECIFIC XOOPS Makale Module id SQL Injection || \
url,www.milw0rm.com/exploits/6795 || \
url,secunia.com/advisories/32347/
2008689 || ET TROJAN Gimmiv.A.dll Infection || \
url,www.microsoft.com/security/portal/Entry.aspx?name=TrojanSpy%3aWin32%2fGimmiv.A \
2008690 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (1) \
|| url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008691 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (2) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008692 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (3) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008693 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (4) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008694 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (5) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008695 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (6) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008696 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (7) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008697 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (8) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008698 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (9) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008699 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (10) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008700 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 - Known Exploit Instance \
|| url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008701 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (11) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008702 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (12) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008703 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (13) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008704 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (14) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008705 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (15) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008706 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (16) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008707 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (17) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008708 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (18) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008709 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (19) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008710 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (20) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008711 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (21) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008712 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (22) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008713 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (23) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008714 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (24) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008715 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (25) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008716 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (26) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008717 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (27) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008718 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (28) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008719 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (29) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008720 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (30) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008721 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 - Known Exploit Instance \
(2) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
2008722 || ET WEB_SPECIFIC Simple Customer contact.php SQL injection || \
bugtraq,28852
2008723 || ET WEB_SPECIFIC ShopMaker product.php id Parameter Remote SQL \
Injection || bugtraq,31854 || url,www.milw0rm.com/exploits/6799
2008724 || ET WEB_SPECIFIC Bahar Download Script aspkat.asp SQL Injection || \
bugtraq,31852 2008725 || ET WEB_SPECIFIC WordPress Newsletter Plugin newsletter \
Parameter SQL Injection || url,secunia.com/advisories/32336 || \
url,milw0rm.com/exploits/6777 2008726 || ET TROJAN Gimmiv Infection Ping Outbound
2008727 || ET TROJAN Gimmiv Infection Ping Inbound
2008728 || ET TROJAN General Downloader URL - Post Infection
2400008 || ET DROP Spamhaus DROP Listed Traffic Inbound || \
url,www.spamhaus.org/drop/drop.lasso
2401008 || ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE || \
url,www.spamhaus.org/drop/drop.lasso
2404020 || ET DROP Known Bot C&C Server Traffic (group 21) || \
url,www.shadowserver.org
2405020 || ET DROP Known Bot C&C Traffic (group 21) - BLOCKING SOURCE || \
url,www.shadowserver.org
-> Added to emerging-sid-msg.map.txt (55):
2008678 || ET EXPLOIT Hummingbird Deployment Wizard 2008 ActiveX Insecure \
Methods || url,secunia.com/Advisories/32337/
2008679 || ET WEB_SPECIFIC CafeEngine id Remote SQL Injection (dish.php) || \
url,milw0rm.com/exploits/6762 || url,secunia.com/advisories/32308/
2008680 || ET WEB_SPECIFIC CafeEngine id Remote SQL Injection (menu.php) || \
url,milw0rm.com/exploits/6762 || url,secunia.com/advisories/32308/ 2008681 || ET \
MALWARE iframebiz - /qwertyuiyw12ertyuytre/adv***.php || \
url,www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DLOADR.QC&VSect=T \
|| url,iframecash.biz 2008682 || ET TROJAN Trojan.Zonebac.D
2008683 || ET EXPLOIT Dart Communications PowerTCP FTP for ActiveX \
DartFtp.dll Control Buffer Overflow || url,www.milw0rm.com/exploits/6793 || \
bugtraq,31814
2008684 || ET WEB_SPECIFIC E-Shop Shopping Cart Script search_results.php SQL \
Injection || bugtraq,30692
2008685 || ET WEB_SPECIFIC Joomla DS-Syndicate Component feed_id SQL \
Injection || url,www.milw0rm.com/exploits/6792 || \
url,www.secunia.com/advisories/32321
2008686 || ET WEB_SPECIFIC zeeproperty adid Parameter Remote SQL Injection || \
url,milw0rm.com/exploits/6780 || url,secunia.com/Advisories/32333/
2008687 || ET WEB PassWiki site_id Parameter Local File Inclusion || \
bugtraq,29455
2008688 || ET WEB_SPECIFIC XOOPS Makale Module id SQL Injection || \
url,www.milw0rm.com/exploits/6795 || \
url,secunia.com/advisories/32347/
2008689 || ET TROJAN Gimmiv.A.dll Infection || \
url,www.microsoft.com/security/portal/Entry.aspx?name=TrojanSpy%3aWin32%2fGimmiv.A \
2008690 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (1) \
|| url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008691 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (2) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008692 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (3) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008693 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (4) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008694 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (5) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008695 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (6) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008696 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (7) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008697 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (8) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008698 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (9) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008699 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (10) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008700 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 - Known Exploit Instance \
|| url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008701 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (11) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008702 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (12) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008703 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (13) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008704 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (14) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008705 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (15) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008706 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (16) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008707 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (17) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008708 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (18) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008709 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (19) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008710 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (20) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008711 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (21) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008712 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (22) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008713 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (23) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008714 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (24) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008715 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (25) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008716 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (26) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008717 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (27) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008718 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (28) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008719 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (29) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008720 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (30) || \
url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 2008721 || ET EXPLOIT \
Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 - Known Exploit Instance \
(2) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || \
url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
2008722 || ET WEB_SPECIFIC Simple Customer contact.php SQL injection || \
bugtraq,28852
2008723 || ET WEB_SPECIFIC ShopMaker product.php id Parameter Remote SQL \
Injection || bugtraq,31854 || url,www.milw0rm.com/exploits/6799
2008724 || ET WEB_SPECIFIC Bahar Download Script aspkat.asp SQL Injection || \
bugtraq,31852 2008725 || ET WEB_SPECIFIC WordPress Newsletter Plugin newsletter \
Parameter SQL Injection || url,secunia.com/advisories/32336 || \
url,milw0rm.com/exploits/6777 2008726 || ET TROJAN Gimmiv Infection Ping Outbound
2008727 || ET TROJAN Gimmiv Infection Ping Inbound
2008728 || ET TROJAN General Downloader URL - Post Infection
2400008 || ET DROP Spamhaus DROP Listed Traffic Inbound || \
url,www.spamhaus.org/drop/drop.lasso
2401008 || ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE || \
url,www.spamhaus.org/drop/drop.lasso
2404020 || ET DROP Known Bot C&C Server Traffic (group 21) || \
url,www.shadowserver.org
2405020 || ET DROP Known Bot C&C Traffic (group 21) - BLOCKING SOURCE || \
url,www.shadowserver.org
-> Added to emerging-virus.rules (2):
#by michael sconzo
#ref 483dbf6dd97ec249b0ec84a358e39260
-> Added to emerging-web.rules (1):
#by Stillsecure
-> Added to emerging-web_sql_injection.rules (1):
#by stillsecure
[---] Removed non-rule lines: [---]
-> Removed from emerging-drop-BLOCK.rules (2):
# VERSION 1330
# Generated 2008-10-18 00:03:02 EDT
-> Removed from emerging-drop.rules (2):
# VERSION 1330
# Generated 2008-10-18 00:03:02 EDT
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic