[Emerging-Sigs] Emerging Threats Daily Signature Changes
emerging@emergingthreats.net
emerging at emergingthreats.net
Wed Mar 5 17:00:08 EST 2008
[***] Results from Oinkmaster started Wed Mar 5 17:00:08 2008 [***]
[+++] Added rules: [+++]
2007843 - ET TROJAN Bzub2 Related RPC/Http Checkin (bleeding-virus.rules)
2007908 - ET MALWARE Searchspy.co.kr Spyware User Agent (HTTPGETDATA) (bleeding-malware.rules)
2007909 - ET MALWARE Searchspy.co.kr Spyware User Agent (HTTPFILEDOWN) (bleeding-malware.rules)
2007910 - ET MALWARE Searchspy.co.kr Spyware User Agent (HTTP_FILEDOWN) (bleeding-malware.rules)
2007911 - ET TROJAN Delf Download via HTTP (bleeding-virus.rules)
2007912 - ET TROJAN Suspicious User-Agent - Possible Trojan-Dropper.Win32.Agent.eut (Yhrbg) (bleeding-virus.rules)
2007913 - ET TROJAN Dialer.MC(vf) HTTP Request - Checkin (bleeding-virus.rules)
2007914 - ET WORM SDBot HTTP Checkin (bleeding-virus.rules)
2007917 - ET TROJAN Dropper-497 (Yumato) Initial Checkin (bleeding-virus.rules)
2007918 - ET TROJAN Dropper-497 (Yumato) System Stats Report (bleeding-virus.rules)
2007919 - ET TROJAN Dropper-497 Yumato Reply from server (bleeding-virus.rules)
2007920 - ET TROJAN Dropper-497 (Yumato) Status Reply from server (bleeding-virus.rules)
[///] Modified active rules: [///]
2007695 - ET POLICY Windows 98 User-Agent Detected - Possible Malware or Non-Updated System (bleeding-policy.rules)
2007701 - ET TROJAN Storm Worm Encrypted Variant 1 Traffic (1) (bleeding-virus.rules)
2007702 - ET TROJAN Storm Worm Encrypted Variant 1 Traffic (2) (bleeding-virus.rules)
[+++] Added non-rule lines: [+++]
-> Added to bleeding-malware.rules (1):
#by victor julien
-> Added to bleeding-sid-msg.map (12):
2007843 || ET TROJAN Bzub2 Related RPC/Http Checkin
2007908 || ET MALWARE Searchspy.co.kr Spyware User Agent (HTTPGETDATA)
2007909 || ET MALWARE Searchspy.co.kr Spyware User Agent (HTTPFILEDOWN)
2007910 || ET MALWARE Searchspy.co.kr Spyware User Agent (HTTP_FILEDOWN)
2007911 || ET TROJAN Delf Download via HTTP
2007912 || ET TROJAN Suspicious User-Agent - Possible Trojan-Dropper.Win32.Agent.eut (Yhrbg)
2007913 || ET TROJAN Dialer.MC(vf) HTTP Request - Checkin
2007914 || ET WORM SDBot HTTP Checkin
2007917 || ET TROJAN Dropper-497 (Yumato) Initial Checkin || url,doc.emergingthreats.net/bin/view/Main/TrojanDropper497
2007918 || ET TROJAN Dropper-497 (Yumato) System Stats Report || url,doc.emergingthreats.net/bin/view/Main/TrojanDropper497
2007919 || ET TROJAN Dropper-497 Yumato Reply from server || url,doc.emergingthreats.net/bin/view/Main/TrojanDropper497
2007920 || ET TROJAN Dropper-497 (Yumato) Status Reply from server || url,doc.emergingthreats.net/bin/view/Main/TrojanDropper497
-> Added to bleeding-sid-msg.map.txt (12):
2007843 || ET TROJAN Bzub2 Related RPC/Http Checkin
2007908 || ET MALWARE Searchspy.co.kr Spyware User Agent (HTTPGETDATA)
2007909 || ET MALWARE Searchspy.co.kr Spyware User Agent (HTTPFILEDOWN)
2007910 || ET MALWARE Searchspy.co.kr Spyware User Agent (HTTP_FILEDOWN)
2007911 || ET TROJAN Delf Download via HTTP
2007912 || ET TROJAN Suspicious User-Agent - Possible Trojan-Dropper.Win32.Agent.eut (Yhrbg)
2007913 || ET TROJAN Dialer.MC(vf) HTTP Request - Checkin
2007914 || ET WORM SDBot HTTP Checkin
2007917 || ET TROJAN Dropper-497 (Yumato) Initial Checkin || url,doc.emergingthreats.net/bin/view/Main/TrojanDropper497
2007918 || ET TROJAN Dropper-497 (Yumato) System Stats Report || url,doc.emergingthreats.net/bin/view/Main/TrojanDropper497
2007919 || ET TROJAN Dropper-497 Yumato Reply from server || url,doc.emergingthreats.net/bin/view/Main/TrojanDropper497
2007920 || ET TROJAN Dropper-497 (Yumato) Status Reply from server || url,doc.emergingthreats.net/bin/view/Main/TrojanDropper497
-> Added to bleeding-virus.rules (3):
#by Victor Julien
#matt jonkman, labeled logsnif, bzub2, dopip
#discovered by victor julien, sigs by matt jonkman, interesting one. Uses an html-like tag language on 8181
More information about the Emerging-sigs
mailing list