[Emerging-Sigs] Emerging Threats Daily Signature Changes

[emerging@emergingthreats.net]

[***] Results from Oinkmaster started Wed Feb 27 17:00:10 2008 [***]

[+++]          Added rules:          [+++]

 2007885 - ET MALWARE Suspicious User Agent (downloader) (bleeding-malware.rules)
 2007886 - ET MALWARE Anti-virus-pro.com Fake AV Checkin (bleeding-malware.rules)
 2007887 - ET CURRENT_EVENTS Possible Comodo AntiVirus 2.0 ExecuteStr() Remote Command Execution Vulnerability (bleeding.rules)
 2007888 - ET CURRENT_EVENTS Rising Online Scanner Insecure Method Vulnerability (bleeding.rules)
 2007889 - ET WEB Cacti SQL Injection Vulnerability -- graph_view graph_list UNION SELECT (bleeding-web.rules)
 2007890 - ET WEB Cacti SQL Injection Vulnerability -- graph_view graph_list INSERT (bleeding-web.rules)
 2007891 - ET WEB Cacti SQL Injection Vulnerability -- graph_view graph_list DELETE (bleeding-web.rules)
 2007892 - ET WEB Cacti SQL Injection Vulnerability -- graph_view graph_list UPDATE (bleeding-web.rules)
 2007893 - ET WEB Cacti SQL Injection Vulnerability -- tree.php leaf_id SELECT (bleeding-web.rules)
 2007894 - ET WEB Cacti SQL Injection Vulnerability -- tree.php leaf_id UNION SELECT (bleeding-web.rules)
 2007895 - ET WEB Cacti SQL Injection Vulnerability -- tree.php leaf_id INSERT (bleeding-web.rules)
 2007896 - ET WEB Cacti SQL Injection Vulnerability -- tree.php leaf_id DELETE (bleeding-web.rules)
 2007897 - ET WEB Cacti SQL Injection Vulnerability -- tree.php leaf_id UPDATE (bleeding-web.rules)
 2007898 - ET TROJAN Sohanad Checkin via HTTP (bleeding-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-malware.rules (1):
        #fake antispyware package, sig by matt jonkman

     -> Added to bleeding-sid-msg.map (16):
        2007885 || ET MALWARE Suspicious User Agent (downloader)
        2007886 || ET MALWARE Anti-virus-pro.com Fake AV Checkin
        2007887 || ET CURRENT_EVENTS Possible Comodo AntiVirus 2.0 ExecuteStr() Remote Command Execution Vulnerability || url,www.milw0rm.com/exploits/4974 || bugtraq,27424 || cve,CVE-2008-0470
        2007888 || ET CURRENT_EVENTS Rising Online Scanner Insecure Method Vulnerability || url,www.milw0rm.com/exploits/5188 || bugtraq,27997
        2007889 || ET WEB Cacti SQL Injection Vulnerability -- graph_view graph_list UNION SELECT || bugtraq,27749 || cve,CVE-2008-0785
        2007890 || ET WEB Cacti SQL Injection Vulnerability -- graph_view graph_list INSERT || bugtraq,27749 || cve,CVE-2008-0785
        2007891 || ET WEB Cacti SQL Injection Vulnerability -- graph_view graph_list DELETE || bugtraq,27749 || cve,CVE-2008-0785
        2007892 || ET WEB Cacti SQL Injection Vulnerability -- graph_view graph_list UPDATE || bugtraq,27749 || cve,CVE-2008-0785
        2007893 || ET WEB Cacti SQL Injection Vulnerability -- tree.php leaf_id SELECT || bugtraq,27749 || cve,CVE-2008-0785
        2007894 || ET WEB Cacti SQL Injection Vulnerability -- tree.php leaf_id UNION SELECT || bugtraq,27749 || cve,CVE-2008-0785
        2007895 || ET WEB Cacti SQL Injection Vulnerability -- tree.php leaf_id INSERT || bugtraq,27749 || cve,CVE-2008-0785
        2007896 || ET WEB Cacti SQL Injection Vulnerability -- tree.php leaf_id DELETE || bugtraq,27749 || cve,CVE-2008-0785
        2007897 || ET WEB Cacti SQL Injection Vulnerability -- tree.php leaf_id UPDATE || bugtraq,27749 || cve,CVE-2008-0785
        2007898 || ET TROJAN Sohanad Checkin via HTTP
        2404018 || ET DROP Known Bot C&C Server Traffic (group 19)  || url,www.shadowserver.org
        2405018 || ET DROP Known Bot C&C Traffic (group 19) - BLOCKING SOURCE || url,www.shadowserver.org

     -> Added to bleeding-sid-msg.map.txt (16):
        2007885 || ET MALWARE Suspicious User Agent (downloader)
        2007886 || ET MALWARE Anti-virus-pro.com Fake AV Checkin
        2007887 || ET CURRENT_EVENTS Possible Comodo AntiVirus 2.0 ExecuteStr() Remote Command Execution Vulnerability || url,www.milw0rm.com/exploits/4974 || bugtraq,27424 || cve,CVE-2008-0470
        2007888 || ET CURRENT_EVENTS Rising Online Scanner Insecure Method Vulnerability || url,www.milw0rm.com/exploits/5188 || bugtraq,27997
        2007889 || ET WEB Cacti SQL Injection Vulnerability -- graph_view graph_list UNION SELECT || bugtraq,27749 || cve,CVE-2008-0785
        2007890 || ET WEB Cacti SQL Injection Vulnerability -- graph_view graph_list INSERT || bugtraq,27749 || cve,CVE-2008-0785
        2007891 || ET WEB Cacti SQL Injection Vulnerability -- graph_view graph_list DELETE || bugtraq,27749 || cve,CVE-2008-0785
        2007892 || ET WEB Cacti SQL Injection Vulnerability -- graph_view graph_list UPDATE || bugtraq,27749 || cve,CVE-2008-0785
        2007893 || ET WEB Cacti SQL Injection Vulnerability -- tree.php leaf_id SELECT || bugtraq,27749 || cve,CVE-2008-0785
        2007894 || ET WEB Cacti SQL Injection Vulnerability -- tree.php leaf_id UNION SELECT || bugtraq,27749 || cve,CVE-2008-0785
        2007895 || ET WEB Cacti SQL Injection Vulnerability -- tree.php leaf_id INSERT || bugtraq,27749 || cve,CVE-2008-0785
        2007896 || ET WEB Cacti SQL Injection Vulnerability -- tree.php leaf_id DELETE || bugtraq,27749 || cve,CVE-2008-0785
        2007897 || ET WEB Cacti SQL Injection Vulnerability -- tree.php leaf_id UPDATE || bugtraq,27749 || cve,CVE-2008-0785
        2007898 || ET TROJAN Sohanad Checkin via HTTP
        2404018 || ET DROP Known Bot C&C Server Traffic (group 19)  || url,www.shadowserver.org
        2405018 || ET DROP Known Bot C&C Traffic (group 19) - BLOCKING SOURCE || url,www.shadowserver.org

     -> Added to bleeding-web.rules (1):
        #by Akash Mahajan of stillsecure