'[Emerging-updates] Daily Ruleset Update Summary 4/29/2011'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       emerging-updates
Subject:    [Emerging-updates] Daily Ruleset Update Summary 4/29/2011
From:       jonkman () emergingthreatspro ! com (Matthew Jonkman)
Date:       2011-04-29 21:34:39
Message-ID: 496D16A5-D050-4681-A0AF-F196CE2B2953 () emergingthreatspro ! com
[Download RAW message or body]

More malware, some specific web apps, and a batch of GPL sigs moved to the new sid \
range.

Have a great weekend!


[+++]          Added rules:          [+++]

 2012650 - ET CURRENT_EVENTS All Numerical .cn Domain HTTP Request Likely Malware \
Related (current_events.rules)  2012735 - ET POLICY Browser Search Bar User-Agent \
String (Babylon) (policy.rules)  2012736 - ET CURRENT_EVENTS \
Trojan-GameThief.Win32.OnLineGames.bnye Checkin (current_events.rules)  2012739 - ET \
WORM Rimecud Worm checkin (worm.rules)  2012740 - ET USER_AGENTS \
Backdoor.Win32.Vertexbot.A Checkin UA (user_agents.rules)  2012741 - ET ACTIVEX \
Gesytec ElonFmt ActiveX Component GetItem1 member Buffer Overflow Attempt \
(activex.rules)  2012742 - ET ACTIVEX Gesytec ElonFmt ActiveX Component Format String \
Function Call (activex.rules)  2012743 - ET WEB_SPECIFIC_APPS SaurusCMS \
captcha_image.php script Remote File inclusion Attempt (web_specific_apps.rules)  \
2012744 - ET WEB_SPECIFIC_APPS Publishing Technology id Parameter Blind SQL Injection \
Attempt (web_specific_apps.rules)  2012745 - ET WEB_SPECIFIC_APPS phpRS id parameter \
SELECT FROM SQL Injection Attempt (web_specific_apps.rules)  2012746 - ET \
WEB_SPECIFIC_APPS phpRS id parameter DELETE FROM SQL Injection Attempt \
(web_specific_apps.rules)  2012747 - ET WEB_SPECIFIC_APPS phpRS id parameter UNION \
SELECT SQL Injection Attempt (web_specific_apps.rules)  2012748 - ET \
WEB_SPECIFIC_APPS phpRS id parameter INSERT INTO SQL Injection Attempt \
(web_specific_apps.rules)  2012749 - ET WEB_SPECIFIC_APPS phpRS id parameter UPDATE \
SET SQL Injection Attempt (web_specific_apps.rules)  2012750 - ET WEB_SPECIFIC_APPS \
OrangeHRM path Parameter Local File Inclusion Attempt (web_specific_apps.rules)  \
2012751 - ET USER_AGENTS suspicious user agent string (changhuatong) \
(user_agents.rules)  2012752 - ET USER_AGENTS Vertex Trojan UA (VERTEXNET) \
(user_agents.rules)  2012753 - ET MALWARE Possible FakeAV Binary Download \
(malware.rules)  2012754 - ET SCAN Possible SQLMAP Scan (scan.rules)
 2012755 - ET SCAN Possible SQLMAP Scan (scan.rules)
 2012756 - ET WEB_CLIENT Windows Help and Support Center XSS Attempt \
(web_client.rules)  2012757 - ET USER_AGENTS suspicious user agent string \
(CholTBAgent) (user_agents.rules)  2101882 - GPL ATTACK_RESPONSE id check returned \
userid (attack_response.rules)  2101883 - GPL ATTACK_RESPONSE id check returned \
nobody (attack_response.rules)  2101884 - GPL ATTACK_RESPONSE id check returned web \
(attack_response.rules)  2101885 - GPL ATTACK_RESPONSE id check returned http \
(attack_response.rules)  2101886 - GPL ATTACK_RESPONSE id check returned apache \
(attack_response.rules)  2101888 - GPL FTP SITE CPWD overflow attempt (ftp.rules)
 2101891 - GPL RPC status GHBN format string attack (rpc.rules)
 2101892 - GPL SNMP null community string attempt (snmp.rules)
 2101893 - GPL SNMP missing community string attempt (snmp.rules)
 2101894 - GPL EXPLOIT kadmind buffer overflow attempt (exploit.rules)
 2101895 - GPL EXPLOIT kadmind buffer overflow attempt (exploit.rules)
 2101896 - GPL EXPLOIT kadmind buffer overflow attempt (exploit.rules)
 2101897 - GPL EXPLOIT kadmind buffer overflow attempt (exploit.rules)
 2101898 - GPL EXPLOIT kadmind buffer overflow attempt 2 (exploit.rules)
 2101899 - GPL EXPLOIT kadmind buffer overflow attempt 3 (exploit.rules)
 2802096 - ETPRO TROJAN Trojan.Win32.Sefnit Checkin (trojan.rules)
 2802097 - ETPRO TROJAN Trojan.MSIL.Qhost.ajb checkin (trojan.rules)
 2802098 - ETPRO TROJAN Trojan.MSIL.Qhost.ajb Activity (trojan.rules)
 2802099 - ETPRO TROJAN Backdoor.Win32.Rewdulon.A Checkin (trojan.rules)


[///]     Modified active rules:     [///]

 2002400 - ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer) \
(user_agents.rules)  2011007 - ET ACTIVEX Microsoft Internet Explorer Tabular DataURL \
ActiveX Control Memory Corruption Attempt (activex.rules)  2011125 - ET POLICY \
Maxthon Browser Background Agent UA (MxAgent) (policy.rules)  2802083 - ETPRO \
ATTACK_RESPONSE MediaCast Password Dump Attack Response (attack_response.rules)


[---]         Removed rules:         [---]

 2012650 - ET MALWARE All Numerical .cn Domain HTTP Request Likely Malware Related \
(malware.rules)  2012735 - ET USER_AGENTS Suspicious User-Agent String (Babylon) \
(user_agents.rules)  2012736 - ET TROJAN Trojan-GameThief.Win32.OnLineGames.bnye \
Checkin (trojan.rules)  2801927 - ETPRO USER_AGENTS Backdoor.Win32.Vertexbot.A \
Checkin UA (user_agents.rules)


----------------------------------------------------
Matthew Jonkman
Emergingthreats.net
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630 x110
Fax 312-264-0205
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic