[prev in list] [next in list] [prev in thread] [next in thread]
List: emerging-updates
Subject: [Emerging-updates] Daily Ruleset Update Summary 4/29/2011
From: jonkman () emergingthreatspro ! com (Matthew Jonkman)
Date: 2011-04-29 21:34:39
Message-ID: 496D16A5-D050-4681-A0AF-F196CE2B2953 () emergingthreatspro ! com
[Download RAW message or body]
More malware, some specific web apps, and a batch of GPL sigs moved to the new sid \
range.
Have a great weekend!
[+++] Added rules: [+++]
2012650 - ET CURRENT_EVENTS All Numerical .cn Domain HTTP Request Likely Malware \
Related (current_events.rules) 2012735 - ET POLICY Browser Search Bar User-Agent \
String (Babylon) (policy.rules) 2012736 - ET CURRENT_EVENTS \
Trojan-GameThief.Win32.OnLineGames.bnye Checkin (current_events.rules) 2012739 - ET \
WORM Rimecud Worm checkin (worm.rules) 2012740 - ET USER_AGENTS \
Backdoor.Win32.Vertexbot.A Checkin UA (user_agents.rules) 2012741 - ET ACTIVEX \
Gesytec ElonFmt ActiveX Component GetItem1 member Buffer Overflow Attempt \
(activex.rules) 2012742 - ET ACTIVEX Gesytec ElonFmt ActiveX Component Format String \
Function Call (activex.rules) 2012743 - ET WEB_SPECIFIC_APPS SaurusCMS \
captcha_image.php script Remote File inclusion Attempt (web_specific_apps.rules) \
2012744 - ET WEB_SPECIFIC_APPS Publishing Technology id Parameter Blind SQL Injection \
Attempt (web_specific_apps.rules) 2012745 - ET WEB_SPECIFIC_APPS phpRS id parameter \
SELECT FROM SQL Injection Attempt (web_specific_apps.rules) 2012746 - ET \
WEB_SPECIFIC_APPS phpRS id parameter DELETE FROM SQL Injection Attempt \
(web_specific_apps.rules) 2012747 - ET WEB_SPECIFIC_APPS phpRS id parameter UNION \
SELECT SQL Injection Attempt (web_specific_apps.rules) 2012748 - ET \
WEB_SPECIFIC_APPS phpRS id parameter INSERT INTO SQL Injection Attempt \
(web_specific_apps.rules) 2012749 - ET WEB_SPECIFIC_APPS phpRS id parameter UPDATE \
SET SQL Injection Attempt (web_specific_apps.rules) 2012750 - ET WEB_SPECIFIC_APPS \
OrangeHRM path Parameter Local File Inclusion Attempt (web_specific_apps.rules) \
2012751 - ET USER_AGENTS suspicious user agent string (changhuatong) \
(user_agents.rules) 2012752 - ET USER_AGENTS Vertex Trojan UA (VERTEXNET) \
(user_agents.rules) 2012753 - ET MALWARE Possible FakeAV Binary Download \
(malware.rules) 2012754 - ET SCAN Possible SQLMAP Scan (scan.rules)
2012755 - ET SCAN Possible SQLMAP Scan (scan.rules)
2012756 - ET WEB_CLIENT Windows Help and Support Center XSS Attempt \
(web_client.rules) 2012757 - ET USER_AGENTS suspicious user agent string \
(CholTBAgent) (user_agents.rules) 2101882 - GPL ATTACK_RESPONSE id check returned \
userid (attack_response.rules) 2101883 - GPL ATTACK_RESPONSE id check returned \
nobody (attack_response.rules) 2101884 - GPL ATTACK_RESPONSE id check returned web \
(attack_response.rules) 2101885 - GPL ATTACK_RESPONSE id check returned http \
(attack_response.rules) 2101886 - GPL ATTACK_RESPONSE id check returned apache \
(attack_response.rules) 2101888 - GPL FTP SITE CPWD overflow attempt (ftp.rules)
2101891 - GPL RPC status GHBN format string attack (rpc.rules)
2101892 - GPL SNMP null community string attempt (snmp.rules)
2101893 - GPL SNMP missing community string attempt (snmp.rules)
2101894 - GPL EXPLOIT kadmind buffer overflow attempt (exploit.rules)
2101895 - GPL EXPLOIT kadmind buffer overflow attempt (exploit.rules)
2101896 - GPL EXPLOIT kadmind buffer overflow attempt (exploit.rules)
2101897 - GPL EXPLOIT kadmind buffer overflow attempt (exploit.rules)
2101898 - GPL EXPLOIT kadmind buffer overflow attempt 2 (exploit.rules)
2101899 - GPL EXPLOIT kadmind buffer overflow attempt 3 (exploit.rules)
2802096 - ETPRO TROJAN Trojan.Win32.Sefnit Checkin (trojan.rules)
2802097 - ETPRO TROJAN Trojan.MSIL.Qhost.ajb checkin (trojan.rules)
2802098 - ETPRO TROJAN Trojan.MSIL.Qhost.ajb Activity (trojan.rules)
2802099 - ETPRO TROJAN Backdoor.Win32.Rewdulon.A Checkin (trojan.rules)
[///] Modified active rules: [///]
2002400 - ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer) \
(user_agents.rules) 2011007 - ET ACTIVEX Microsoft Internet Explorer Tabular DataURL \
ActiveX Control Memory Corruption Attempt (activex.rules) 2011125 - ET POLICY \
Maxthon Browser Background Agent UA (MxAgent) (policy.rules) 2802083 - ETPRO \
ATTACK_RESPONSE MediaCast Password Dump Attack Response (attack_response.rules)
[---] Removed rules: [---]
2012650 - ET MALWARE All Numerical .cn Domain HTTP Request Likely Malware Related \
(malware.rules) 2012735 - ET USER_AGENTS Suspicious User-Agent String (Babylon) \
(user_agents.rules) 2012736 - ET TROJAN Trojan-GameThief.Win32.OnLineGames.bnye \
Checkin (trojan.rules) 2801927 - ETPRO USER_AGENTS Backdoor.Win32.Vertexbot.A \
Checkin UA (user_agents.rules)
----------------------------------------------------
Matthew Jonkman
Emergingthreats.net
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630 x110
Fax 312-264-0205
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------
PGP: http://www.jonkmans.com/mattjonkman.asc
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic