[Emerging-Sigs] Emerging Threats Daily Signature Changes

emerging@emergingthreats.net emerging at emergingthreats.net
Thu Jul 3 16:00:09 EDT 2008 

[***] Results from Oinkmaster started Thu Jul  3 16:00:08 2008 [***]

[+++]          Added rules:          [+++]

 2008363 - ET MALWARE Suspicious User-Agent (ISMYIE) (emerging-malware.rules)
 2008364 - ET TROJAN Donkeyp2p Update Detected (emerging-virus.rules)
 2008365 - ET MALWARE Suspicious User-Agent (Playtech Downloader) (emerging-malware.rules)
 2008366 - ET TROJAN LD Pinch Checkin (HTTP POST on port 82) (emerging-virus.rules)
 2008367 - ET MALWARE Possible Windows executable sent when remote host claims to send Javascript (emerging-malware.rules)
 2008368 - ET TROJAN Unknown Keylogger checkin (emerging.rules)
 2008369 - ET TROJAN Keylogger Crack by bahman (emerging-virus.rules)


[///]     Modified active rules:     [///]

 2001684 - ET MALWARE Windows executable sent when remote host claims to send image, Win32 (emerging-malware.rules)
 2001685 - ET MALWARE Possible Windows executable sent when remote host claims to send an image (emerging-malware.rules)
 2008185 - ET TROJAN Win32 Cloaker Related Post Infection Checkin (emerging-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to emerging-sid-msg.map (9):
        2008363 || ET MALWARE Suspicious User-Agent (ISMYIE)
        2008364 || ET TROJAN Donkeyp2p Update Detected
        2008365 || ET MALWARE Suspicious User-Agent (Playtech Downloader)
        2008366 || ET TROJAN LD Pinch Checkin (HTTP POST on port 82)
        2008367 || ET MALWARE Possible Windows executable sent when remote host claims to send Javascript
        2008368 || ET TROJAN Unknown Keylogger checkin
        2008369 || ET TROJAN Keylogger Crack by bahman
        2404021 || ET DROP Known Bot C&C Server Traffic (group 22)  || url,www.shadowserver.org
        2405021 || ET DROP Known Bot C&C Traffic (group 22) - BLOCKING SOURCE || url,www.shadowserver.org

     -> Added to emerging-sid-msg.map.txt (9):
        2008363 || ET MALWARE Suspicious User-Agent (ISMYIE)
        2008364 || ET TROJAN Donkeyp2p Update Detected
        2008365 || ET MALWARE Suspicious User-Agent (Playtech Downloader)
        2008366 || ET TROJAN LD Pinch Checkin (HTTP POST on port 82)
        2008367 || ET MALWARE Possible Windows executable sent when remote host claims to send Javascript
        2008368 || ET TROJAN Unknown Keylogger checkin
        2008369 || ET TROJAN Keylogger Crack by bahman
        2404021 || ET DROP Known Bot C&C Server Traffic (group 22)  || url,www.shadowserver.org
        2405021 || ET DROP Known Bot C&C Traffic (group 22) - BLOCKING SOURCE || url,www.shadowserver.org

     -> Added to emerging-virus.rules (1):
        #by marcus at unsober

     -> Added to emerging.rules (1):
        #different trojan, by marcus at unsober

More information about the Emerging-sigs mailing list