[Emerging-Sigs] Emerging Threats Daily Signature Changes
emerging@emergingthreats.net
emerging at emergingthreats.net
Thu Jul 10 16:00:08 EDT 2008
[***] Results from Oinkmaster started Thu Jul 10 16:00:08 2008 [***]
[+++] Added rules: [+++]
2008391 - ET MALWARE Suspicious User-Agent (svchost) (emerging-malware.rules)
2008393 - ET TROJAN 3alupKo/Win32.Socks.n Related Checkin URL (2) (emerging-virus.rules)
2008394 - ET CURRENT_EVENTS Likely Trojan-Downloader.Win32.Homles.br (/17PHolmes.cmt) (emerging.rules)
2008395 - ET TROJAN 3alupKo/Win32.Socks.n Related Checkin URL (3) (emerging-virus.rules)
2008396 - ET TROJAN Zlob Initial Check-in Version 2 (confirm.php?sid=) (emerging-virus.rules)
2008397 - ET TROJAN Fullspace.cc or Related Checkin (1) (emerging-virus.rules)
2008398 - ET TROJAN Fullspace.cc or Related Checkin (2) (emerging-virus.rules)
2008399 - ET TROJAN contacy.info Trojan Checkin (User agent clk_jdfhid( (emerging-virus.rules)
[///] Modified active rules: [///]
2001984 - ET POLICY SSH session in progress on Unusual Port (emerging-policy.rules)
2003466 - ET WEB PHP Attack Tool Morfeus F Scanner (emerging-web.rules)
2008280 - ET TROJAN 3alupKo/Win32.Socks.n Related Checkin URL (emerging-virus.rules)
2008325 - ET TROJAN Socks/Sality HTTP Checkin (emerging-virus.rules)
2008386 - ET TROJAN Zlob HTTP Checkin (emerging-virus.rules)
[---] Removed rules: [---]
2008290 - ET TROJAN Socks.ae Related Checkin URL (emerging-virus.rules)
[+++] Added non-rule lines: [+++]
-> Added to emerging-malware.rules (1):
#by Jose Miguel
-> Added to emerging-sid-msg.map (9):
2008325 || ET TROJAN Socks/Sality HTTP Checkin
2008391 || ET MALWARE Suspicious User-Agent (svchost)
2008393 || ET TROJAN 3alupKo/Win32.Socks.n Related Checkin URL (2)
2008394 || ET CURRENT_EVENTS Likely Trojan-Downloader.Win32.Homles.br (/17PHolmes.cmt)
2008395 || ET TROJAN 3alupKo/Win32.Socks.n Related Checkin URL (3)
2008396 || ET TROJAN Zlob Initial Check-in Version 2 (confirm.php?sid=)
2008397 || ET TROJAN Fullspace.cc or Related Checkin (1)
2008398 || ET TROJAN Fullspace.cc or Related Checkin (2)
2008399 || ET TROJAN contacy.info Trojan Checkin (User agent clk_jdfhid(
-> Added to emerging-sid-msg.map.txt (9):
2008325 || ET TROJAN Socks/Sality HTTP Checkin
2008391 || ET MALWARE Suspicious User-Agent (svchost)
2008393 || ET TROJAN 3alupKo/Win32.Socks.n Related Checkin URL (2)
2008394 || ET CURRENT_EVENTS Likely Trojan-Downloader.Win32.Homles.br (/17PHolmes.cmt)
2008395 || ET TROJAN 3alupKo/Win32.Socks.n Related Checkin URL (3)
2008396 || ET TROJAN Zlob Initial Check-in Version 2 (confirm.php?sid=)
2008397 || ET TROJAN Fullspace.cc or Related Checkin (1)
2008398 || ET TROJAN Fullspace.cc or Related Checkin (2)
2008399 || ET TROJAN contacy.info Trojan Checkin (User agent clk_jdfhid(
-> Added to emerging-virus.rules (3):
#by Philipp Bescht
#by Philipp Bescht
#by Steven Adair
[---] Removed non-rule lines: [---]
-> Removed from emerging-sid-msg.map (2):
2008290 || ET TROJAN Socks.ae Related Checkin URL
2008325 || ET TROJAN Socks/Sality manda.php GET
-> Removed from emerging-sid-msg.map.txt (2):
2008290 || ET TROJAN Socks.ae Related Checkin URL
2008325 || ET TROJAN Socks/Sality manda.php GET
More information about the Emerging-sigs
mailing list