[Emerging-Sigs] Emerging Threats Daily Signature Changes
emerging@emergingthreats.net
emerging at emergingthreats.net
Fri Feb 15 17:00:09 EST 2008
[***] Results from Oinkmaster started Fri Feb 15 17:00:08 2008 [***]
[+++] Added rules: [+++]
2007850 - ET EXPLOIT Move Networks Media Player QMPUpgrade.dll ActiveX Control Buffer Overflow Vulnerability (bleeding-exploit.rules)
2007851 - ET EXPLOIT Citrix Presentation Server Client WFICA.OCX ActiveX Component Heap Buffer Overflow Exploit (bleeding-exploit.rules)
2007852 - ET EXPLOIT Gateway Weblaunch2.ocx ActiveX Control Insecure Method Exploit (bleeding-exploit.rules)
2007853 - ET EXPLOIT ImageShack Toolbar ImageShackToolbar.dll ActiveX Control Insecure Method Vulnerability (bleeding-exploit.rules)
[///] Modified active rules: [///]
2007724 - ET TROJAN Prg Trojan HTTP POST version 2 (bleeding-virus.rules)
2007816 - ET CURRENT_EVENTS Vulnerable Aurigma ImageUploader5 ActiveX CLSID in Use (bleeding.rules)
[+++] Added non-rule lines: [+++]
-> Added to bleeding-sid-msg.map (10):
2007724 || ET TROJAN Prg Trojan HTTP POST version 2 || url,ip.securescience.net/advisories/pubMalwareCaseStudy.pdf
2007816 || ET CURRENT_EVENTS Vulnerable Aurigma ImageUploader5 ActiveX CLSID in Use || url,isc.sans.org/diary.html?storyid=3929 || url,www.milw0rm.com/exploits/5049
2007850 || ET EXPLOIT Move Networks Media Player QMPUpgrade.dll ActiveX Control Buffer Overflow Vulnerability || url,www.milw0rm.com/exploits/4979 || bugtraq,27438
2007851 || ET EXPLOIT Citrix Presentation Server Client WFICA.OCX ActiveX Component Heap Buffer Overflow Exploit || cve,CVE-2006-6334 || bugtraq,21458 || url,www.milw0rm.com/exploits/5106
2007852 || ET EXPLOIT Gateway Weblaunch2.ocx ActiveX Control Insecure Method Exploit || bugtraq,27193 || url,www.milw0rm.com/exploits/4982
2007853 || ET EXPLOIT ImageShack Toolbar ImageShackToolbar.dll ActiveX Control Insecure Method Vulnerability || bugtraq,27439 || url,www.milw0rm.com/exploits/4981
2402000 || ET DROP Dshield Block Listed Source || url,feeds.dshield.org/block.txt
2403000 || ET DROP Dshield Block Listed Source - BLOCKING || url,feeds.dshield.org/block.txt
2404017 || ET DROP Known Bot C&C Server Traffic (group 18) || url,www.shadowserver.org
2405017 || ET DROP Known Bot C&C Traffic (group 18) - BLOCKING SOURCE || url,www.shadowserver.org
-> Added to bleeding-sid-msg.map.txt (10):
2007724 || ET TROJAN Prg Trojan HTTP POST version 2 || url,ip.securescience.net/advisories/pubMalwareCaseStudy.pdf
2007816 || ET CURRENT_EVENTS Vulnerable Aurigma ImageUploader5 ActiveX CLSID in Use || url,isc.sans.org/diary.html?storyid=3929 || url,www.milw0rm.com/exploits/5049
2007850 || ET EXPLOIT Move Networks Media Player QMPUpgrade.dll ActiveX Control Buffer Overflow Vulnerability || url,www.milw0rm.com/exploits/4979 || bugtraq,27438
2007851 || ET EXPLOIT Citrix Presentation Server Client WFICA.OCX ActiveX Component Heap Buffer Overflow Exploit || cve,CVE-2006-6334 || bugtraq,21458 || url,www.milw0rm.com/exploits/5106
2007852 || ET EXPLOIT Gateway Weblaunch2.ocx ActiveX Control Insecure Method Exploit || bugtraq,27193 || url,www.milw0rm.com/exploits/4982
2007853 || ET EXPLOIT ImageShack Toolbar ImageShackToolbar.dll ActiveX Control Insecure Method Vulnerability || bugtraq,27439 || url,www.milw0rm.com/exploits/4981
2402000 || ET DROP Dshield Block Listed Source || url,feeds.dshield.org/block.txt
2403000 || ET DROP Dshield Block Listed Source - BLOCKING || url,feeds.dshield.org/block.txt
2404017 || ET DROP Known Bot C&C Server Traffic (group 18) || url,www.shadowserver.org
2405017 || ET DROP Known Bot C&C Traffic (group 18) - BLOCKING SOURCE || url,www.shadowserver.org
[---] Removed non-rule lines: [---]
-> Removed from bleeding-sid-msg.map (2):
2007724 || ET TROJAN Prg Trojan HTTP POST version 2 || url, ip.securescience.net/advisories/pubMalwareCaseStudy.pdf
2007816 || ET CURRENT_EVENTS Vulnerable Aurigma ImageUploader5 ActiveX CLSID in Use || url,isc.sans.org/diary.html?storyid=3929
-> Removed from bleeding-sid-msg.map.txt (2):
2007724 || ET TROJAN Prg Trojan HTTP POST version 2 || url, ip.securescience.net/advisories/pubMalwareCaseStudy.pdf
2007816 || ET CURRENT_EVENTS Vulnerable Aurigma ImageUploader5 ActiveX CLSID in Use || url,isc.sans.org/diary.html?storyid=3929
More information about the Emerging-sigs
mailing list