[Emerging-Sigs] Emerging Threats Daily Signature Changes

emerging@emergingthreats.net emerging at emergingthreats.net
Tue Jul 8 16:00:09 EDT 2008 

[***] Results from Oinkmaster started Tue Jul  8 16:00:09 2008 [***]

[+++]          Added rules:          [+++]

 2008376 - ET TROJAN RegHelper Installation (emerging-virus.rules)
 2008377 - ET TROJAN Virtumod/Agent.ufv/Virtumonde Get Request (emerging-virus.rules)
 2008378 - ET MALWARE Suspicious User-Agent (ErrCode) (emerging-malware.rules)
 2008379 - ET MALWARE Swizzor Checkin (kgen_up) (emerging-virus.rules)
 2008380 - ET TROJAN Poison Ivy Key Exchange with CnC Init (emerging-virus.rules)
 2008381 - ET TROJAN Poison Ivy Key Exchange with CnC Response (emerging-virus.rules)
 2008382 - ET CURRENT_EVENTS Gcia.info Related Trojan Checkin (1) (emerging.rules)
 2008383 - ET CURRENT_EVENTS Gcia.info Related Trojan Checkin (2) (emerging.rules)
 2008384 - ET CURRENT_EVENTS Gcia.info Related Trojan Checkin (3) (emerging.rules)


[///]     Modified active rules:     [///]

 2002872 - ET POLICY Myspace Login Attempt (emerging-policy.rules)
 2007771 - ET TROJAN Pakes/Cutwall/Kobcka Update URL Detected (emerging-virus.rules)
 2008232 - ET TROJAN Generic Spambot (often Tibs) Post-Infection Checkin (justcount.net likely) (emerging-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to emerging-policy.rules (1):
        #by dajackman, updated by Mike Wall at BLCPro, LLC

     -> Added to emerging-sid-msg.map (9):
        2008376 || ET TROJAN RegHelper Installation
        2008377 || ET TROJAN Virtumod/Agent.ufv/Virtumonde Get Request
        2008378 || ET MALWARE Suspicious User-Agent (ErrCode)
        2008379 || ET MALWARE Swizzor Checkin (kgen_up)
        2008380 || ET TROJAN Poison Ivy Key Exchange with CnC Init
        2008381 || ET TROJAN Poison Ivy Key Exchange with CnC Response
        2008382 || ET CURRENT_EVENTS Gcia.info Related Trojan Checkin (1)
        2008383 || ET CURRENT_EVENTS Gcia.info Related Trojan Checkin (2)
        2008384 || ET CURRENT_EVENTS Gcia.info Related Trojan Checkin (3)

     -> Added to emerging-sid-msg.map.txt (9):
        2008376 || ET TROJAN RegHelper Installation
        2008377 || ET TROJAN Virtumod/Agent.ufv/Virtumonde Get Request
        2008378 || ET MALWARE Suspicious User-Agent (ErrCode)
        2008379 || ET MALWARE Swizzor Checkin (kgen_up)
        2008380 || ET TROJAN Poison Ivy Key Exchange with CnC Init
        2008381 || ET TROJAN Poison Ivy Key Exchange with CnC Response
        2008382 || ET CURRENT_EVENTS Gcia.info Related Trojan Checkin (1)
        2008383 || ET CURRENT_EVENTS Gcia.info Related Trojan Checkin (2)
        2008384 || ET CURRENT_EVENTS Gcia.info Related Trojan Checkin (3)

     -> Added to emerging-virus.rules (3):
        #by Matt Jonkman, Analsis by Michael Hale Ligh
        #ref: fc6926b25b1df52729f7e206b461e8ef
        # ref: 196df30f6f8a8a1b42ee19ac58404553

     -> Added to emerging.rules (1):
        #by Philipp Bescht

[---]     Removed non-rule lines:    [---]

     -> Removed from emerging-policy.rules (1):
        #by dajackman

More information about the Emerging-sigs mailing list