[Emerging-Sigs] Emerging Threats Daily Signature Changes
emerging@emergingthreats.net
emerging at emergingthreats.net
Sun Mar 9 16:00:07 EST 2008
[***] Results from Oinkmaster started Sun Mar 9 17:00:07 2008 [***]
[+++] Added rules: [+++]
2007611 - ET MALWARE Possible Infection Report Mail - Indy Mail lib and No Message Body - Priority 1 (bleeding-virus.rules)
2007612 - ET MALWARE Possible Infection Report Mail - Indy Mail lib and No Message Body - Priority 3 (bleeding-virus.rules)
2007613 - ET MALWARE Possible Infection Report Mail - Indy Mail lib and MAC Message Body - Priority 1 (bleeding-virus.rules)
2007614 - ET MALWARE Possible Infection Report Mail - Indy Mail lib and MAC Message Body - Priority 3 (bleeding-virus.rules)
2007949 - ET TROJAN Medbod UDP Phone Home Packet - Please report hits to emerging at emergingthreats.net for analysis (bleeding-virus.rules)
2007950 - ET MALWARE Possible Infection Report Mail - Indy Mail lib and Nome do Computador in Body (bleeding-virus.rules)
2007951 - ET MALWARE Hex Encoded IP HTTP Request - Likely Malware (bleeding-malware.rules)
2007952 - ET TROJAN Downloader.49651 Checkin (bleeding-virus.rules)
2007953 - ET TROJAN Downloader.49651 Install Report (bleeding-virus.rules)
2007954 - ET TROJAN Downloader.49651 Online Report (bleeding-virus.rules)
2007955 - ET TROJAN Cygo Checkin (bleeding-virus.rules)
2007956 - ET MALWARE Snoopstick.net Related Spyware User-Agent (SnoopStick Updater) (bleeding-malware.rules)
2007957 - ET TROJAN Banker.ike UDP C&C (bleeding-virus.rules)
2007958 - ET MALWARE Msconfig.co.kr Related User Agent (BACKMAN) (bleeding-malware.rules)
2007959 - ET MALWARE Msconfig.co.kr Related User Agent (GLOBALx) (bleeding-malware.rules)
[///] Modified active rules: [///]
2000035 - ET POLICY Hotmail Inbox Access (bleeding-policy.rules)
2000036 - ET POLICY Hotmail Message Access (bleeding-policy.rules)
2000037 - ET POLICY Hotmail Compose Message Access (bleeding-policy.rules)
2000038 - ET POLICY Hotmail Compose Message Submit (bleeding-policy.rules)
2000039 - ET POLICY Hotmail Compose Message Submit Data (bleeding-policy.rules)
2001197 - ET WEB_SPECIFIC PHPNuke SQL injection attempt (bleeding-web_sql_injection.rules)
2001202 - ET WEB_SPECIFIC PHPNuke general SQL injection attempt (bleeding-web_sql_injection.rules)
2001218 - ET WEB_SPECIFIC PHPNuke general XSS attempt (bleeding-web_sql_injection.rules)
2001342 - ET WEB IIS ASP.net Auth Bypass / Canonicalization (bleeding-web.rules)
2001343 - ET WEB IIS ASP.net Auth Bypass / Canonicalization % 5 C (bleeding-web.rules)
2001344 - ET WEB PHP EasyDynamicPages exploit (bleeding-web.rules)
2002160 - ET MALWARE CoolWebSearch Spyware (Feat) (bleeding-malware.rules)
2002164 - ET MALWARE Hotbar Spyware User-Agent (bleeding-malware.rules)
2002166 - ET MALWARE Alexa Search Toolbar User-Agent (Alexa Toolbar) (bleeding-malware.rules)
2002167 - ET MALWARE Possible Malware - Wise User Agent (Wise) (bleeding-malware.rules)
2002169 - ET MALWARE iWon Spyware (iWonSearchAssistant) (bleeding-malware.rules)
2002394 - ET MALWARE Adwave/MarketScore User Agent (WTA) (bleeding-malware.rules)
2002395 - ET MALWARE Miva User Agent (TPSystem) (bleeding-malware.rules)
2002396 - ET MALWARE Miva Spyware User Agent (Travel Update) (bleeding-malware.rules)
2002397 - ET MALWARE Precision Targeting User Agent (XC) (bleeding-malware.rules)
2002398 - ET MALWARE DelFin Project User Agent (Dpi) (bleeding-malware.rules)
2002399 - ET MALWARE DelFin Project User Agent (PromulGate) (bleeding-malware.rules)
2002401 - ET MALWARE Web Search User Agent (ST3PS) (bleeding-malware.rules)
2002402 - ET MALWARE Suspicious Spyware Related User Agent (UtilMind HTTPGet) (bleeding-malware.rules)
2002403 - ET MALWARE Context Plus User Agent (PTS) (bleeding-malware.rules)
2002404 - ET MALWARE Movies etc User Agent (IOInstall) (bleeding-malware.rules)
2002405 - ET MALWARE Internet Optimizer User Agent (ROGUE) (bleeding-malware.rules)
2002731 - ET WEB PHP Generic phpbb arbitrary command attempt (bleeding-web_sql_injection.rules)
2002996 - ET WEB PHP GeekLog Remote File Include Vulnerability (bleeding-web_sql_injection.rules)
2003474 - ET VOIP Asterisk Register with no URI or Version DOS Attempt (bleeding-voip.rules)
2007712 - ET TROJAN Srizbi requesting template (bleeding-virus.rules)
2007729 - ET CURRENT EVENTS Likely Zlob Binary Requested (VideoAccessCodecInstall.exe) (bleeding.rules)
2007742 - ET TROJAN Storm C&C with typo'd User-Agent (Windoss) (bleeding-virus.rules)
2007781 - ET TROJAN Zapchast Bot User-Agent (bleeding-virus.rules)
2007906 - ET GAMES Ourgame GLWorld 2.x hgs_startNotify()/hgs_startGame() ActiveX BoF (bleeding-game.rules)
2007924 - ET TROJAN Suspicious User-Agent - Possible Trojan Downloader (downloaded) (bleeding-virus.rules)
2007925 - ET TROJAN Suspicious User-Agent - Possible Trojan Downloader (wnames) (bleeding-virus.rules)
2007926 - ET TROJAN Suspicious User-Agent - Possible Trojan Downloader (cv_v5.0.0) (bleeding-virus.rules)
[///] Modified inactive rules: [///]
2001328 - ET POLICY SSN Detected in Clear Text (bleeding-policy.rules)
2001375 - ET POLICY Credit Card Number Detected in Clear (16 digit spaced) (bleeding-policy.rules)
2001376 - ET POLICY Credit Card Number Detected in Clear (16 digit dashed) (bleeding-policy.rules)
2001377 - ET POLICY Credit Card Number Detected in Clear (16 digit) (bleeding-policy.rules)
2001378 - ET POLICY Credit Card Number Detected in Clear (15 digit) (bleeding-policy.rules)
2001379 - ET POLICY Credit Card Number Detected in Clear (15 digit spaced) (bleeding-policy.rules)
2001380 - ET POLICY Credit Card Number Detected in Clear (15 digit dashed) (bleeding-policy.rules)
2001381 - ET POLICY Credit Card Number Detected in Clear (14 digit) (bleeding-policy.rules)
2001382 - ET POLICY Credit Card Number Detected in Clear (14 digit spaced) (bleeding-policy.rules)
2001383 - ET POLICY Credit Card Number Detected in Clear (14 digit dashed) (bleeding-policy.rules)
2001384 - ET POLICY SSN Detected in Clear Text (bleeding-policy.rules)
[---] Removed rules: [---]
2002161 - ET MALWARE CoolWebSearch Spyware (feat2) (bleeding-malware.rules)
2002163 - ET MALWARE Ezula Update Engine (bleeding-malware.rules)
2002165 - ET MALWARE IESearch Spyware (bleeding-malware.rules)
2002168 - ET MALWARE Svcmm Parasite (bleeding-malware.rules)
2007611 - ET POLICY Possible Infection Report Mail - Indy Mail lib and No Message Body - Priority 1 (bleeding-policy.rules)
2007612 - ET POLICY Possible Infection Report Mail - Indy Mail lib and No Message Body - Priority 3 (bleeding-policy.rules)
2007613 - ET POLICY Possible Infection Report Mail - Indy Mail lib and MAC Message Body - Priority 1 (bleeding-policy.rules)
2007614 - ET POLICY Possible Infection Report Mail - Indy Mail lib and MAC Message Body - Priority 3 (bleeding-policy.rules)
2007941 - ET MALWARE Invalid HTTP GET Request - Often Malware Related (bleeding-malware.rules)
[+++] Added non-rule lines: [+++]
-> Added to bleeding-malware.rules (1):
#many malware packages use hex to obscure an IP
-> Added to bleeding-sid-msg.map (53):
2000035 || ET POLICY Hotmail Inbox Access
2000036 || ET POLICY Hotmail Message Access
2000037 || ET POLICY Hotmail Compose Message Access
2000038 || ET POLICY Hotmail Compose Message Submit
2000039 || ET POLICY Hotmail Compose Message Submit Data
2001197 || ET WEB_SPECIFIC PHPNuke SQL injection attempt || url,www.waraxe.us/index.php?modname=sa&id=35
2001202 || ET WEB_SPECIFIC PHPNuke general SQL injection attempt || url,www.waraxe.us/?modname=sa&id=036 || url,www.waraxe.us/?modname=sa&id=030
2001218 || ET WEB_SPECIFIC PHPNuke general XSS attempt || url,www.waraxe.us/?modname=sa&id=030
2001342 || ET WEB IIS ASP.net Auth Bypass / Canonicalization
2001343 || ET WEB IIS ASP.net Auth Bypass / Canonicalization % 5 C
2001344 || ET WEB PHP EasyDynamicPages exploit || cve,CAN-2004-0073 || url,www.securitytracker.com/alerts/2004/Jan/1008584.html
2001375 || ET POLICY Credit Card Number Detected in Clear (16 digit spaced) || url,www.beachnet.com/~hstiles/cardtype.html
2001376 || ET POLICY Credit Card Number Detected in Clear (16 digit dashed) || url,www.beachnet.com/~hstiles/cardtype.html
2001377 || ET POLICY Credit Card Number Detected in Clear (16 digit) || url,www.beachnet.com/~hstiles/cardtype.html
2001378 || ET POLICY Credit Card Number Detected in Clear (15 digit) || url,www.beachnet.com/~hstiles/cardtype.html
2001379 || ET POLICY Credit Card Number Detected in Clear (15 digit spaced) || url,www.beachnet.com/~hstiles/cardtype.html
2001380 || ET POLICY Credit Card Number Detected in Clear (15 digit dashed) || url,www.beachnet.com/~hstiles/cardtype.html
2001381 || ET POLICY Credit Card Number Detected in Clear (14 digit) || url,www.beachnet.com/~hstiles/cardtype.html
2001382 || ET POLICY Credit Card Number Detected in Clear (14 digit spaced) || url,www.beachnet.com/~hstiles/cardtype.html
2001383 || ET POLICY Credit Card Number Detected in Clear (14 digit dashed) || url,www.beachnet.com/~hstiles/cardtype.html
2002164 || ET MALWARE Hotbar Spyware User-Agent || url,www.pchell.com/support/hotbar.shtml || url,www.doxdesk.com/parasite/Hotbar.html
2002166 || ET MALWARE Alexa Search Toolbar User-Agent (Alexa Toolbar) || url,www.spywareguide.com/product_show.php?id=418
2002167 || ET MALWARE Possible Malware - Wise User Agent (Wise) || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453076771
2002169 || ET MALWARE iWon Spyware (iWonSearchAssistant) || url,www.spywareguide.com/product_show.php?id=461
2002394 || ET MALWARE Adwave/MarketScore User Agent (WTA) || url,www.marketscore.com || url,www.adwave.com/our_mission.aspx
2002395 || ET MALWARE Miva User Agent (TPSystem) || url,www.findwhat.com || url,www.miva.com
2002396 || ET MALWARE Miva Spyware User Agent (Travel Update) || url,www.miva.com
2002397 || ET MALWARE Precision Targeting User Agent (XC) || url,www.precisiontargeting.com
2002398 || ET MALWARE DelFin Project User Agent (Dpi) || url,www.delfinproject.com
2002399 || ET MALWARE DelFin Project User Agent (PromulGate) || url,www.delfinproject.com
2002401 || ET MALWARE Web Search User Agent (ST3PS) || url,www.websearch.com
2002402 || ET MALWARE Suspicious Spyware Related User Agent (UtilMind HTTPGet) || url,www.websearch.com
2002403 || ET MALWARE Context Plus User Agent (PTS) || url,www.contextplus.net
2002404 || ET MALWARE Movies etc User Agent (IOInstall) || url,www.movies-etc.com
2002405 || ET MALWARE Internet Optimizer User Agent (ROGUE) || url,www.internet-optimizer.com
2002731 || ET WEB PHP Generic phpbb arbitrary command attempt || url,cve.mitre.org/cgi-bin/cvekey.cgi?keyword=phpbb_root_path
2002996 || ET WEB PHP GeekLog Remote File Include Vulnerability || url,securitydot.net/xpl/exploits/vulnerabilities/articles/1122/exploit.html
2007611 || ET MALWARE Possible Infection Report Mail - Indy Mail lib and No Message Body - Priority 1
2007612 || ET MALWARE Possible Infection Report Mail - Indy Mail lib and No Message Body - Priority 3
2007613 || ET MALWARE Possible Infection Report Mail - Indy Mail lib and MAC Message Body - Priority 1
2007614 || ET MALWARE Possible Infection Report Mail - Indy Mail lib and MAC Message Body - Priority 3
2007906 || ET GAMES Ourgame GLWorld 2.x hgs_startNotify()/hgs_startGame() ActiveX BoF || url,www.symantec.com/enterprise/security_response/weblog/2008/02/zeroday_exploit_for_lianzong_g.html || cve,CVE-2008-0647 || bugtraq,27626 || url,www.milw0rm.com/exploits/5153
2007949 || ET TROJAN Medbod UDP Phone Home Packet - Please report hits to emerging at emergingthreats.net for analysis
2007950 || ET MALWARE Possible Infection Report Mail - Indy Mail lib and Nome do Computador in Body
2007951 || ET MALWARE Hex Encoded IP HTTP Request - Likely Malware
2007952 || ET TROJAN Downloader.49651 Checkin
2007953 || ET TROJAN Downloader.49651 Install Report
2007954 || ET TROJAN Downloader.49651 Online Report
2007955 || ET TROJAN Cygo Checkin
2007956 || ET MALWARE Snoopstick.net Related Spyware User-Agent (SnoopStick Updater)
2007957 || ET TROJAN Banker.ike UDP C&C
2007958 || ET MALWARE Msconfig.co.kr Related User Agent (BACKMAN)
2007959 || ET MALWARE Msconfig.co.kr Related User Agent (GLOBALx)
-> Added to bleeding-sid-msg.map.txt (53):
2000035 || ET POLICY Hotmail Inbox Access
2000036 || ET POLICY Hotmail Message Access
2000037 || ET POLICY Hotmail Compose Message Access
2000038 || ET POLICY Hotmail Compose Message Submit
2000039 || ET POLICY Hotmail Compose Message Submit Data
2001197 || ET WEB_SPECIFIC PHPNuke SQL injection attempt || url,www.waraxe.us/index.php?modname=sa&id=35
2001202 || ET WEB_SPECIFIC PHPNuke general SQL injection attempt || url,www.waraxe.us/?modname=sa&id=036 || url,www.waraxe.us/?modname=sa&id=030
2001218 || ET WEB_SPECIFIC PHPNuke general XSS attempt || url,www.waraxe.us/?modname=sa&id=030
2001342 || ET WEB IIS ASP.net Auth Bypass / Canonicalization
2001343 || ET WEB IIS ASP.net Auth Bypass / Canonicalization % 5 C
2001344 || ET WEB PHP EasyDynamicPages exploit || cve,CAN-2004-0073 || url,www.securitytracker.com/alerts/2004/Jan/1008584.html
2001375 || ET POLICY Credit Card Number Detected in Clear (16 digit spaced) || url,www.beachnet.com/~hstiles/cardtype.html
2001376 || ET POLICY Credit Card Number Detected in Clear (16 digit dashed) || url,www.beachnet.com/~hstiles/cardtype.html
2001377 || ET POLICY Credit Card Number Detected in Clear (16 digit) || url,www.beachnet.com/~hstiles/cardtype.html
2001378 || ET POLICY Credit Card Number Detected in Clear (15 digit) || url,www.beachnet.com/~hstiles/cardtype.html
2001379 || ET POLICY Credit Card Number Detected in Clear (15 digit spaced) || url,www.beachnet.com/~hstiles/cardtype.html
2001380 || ET POLICY Credit Card Number Detected in Clear (15 digit dashed) || url,www.beachnet.com/~hstiles/cardtype.html
2001381 || ET POLICY Credit Card Number Detected in Clear (14 digit) || url,www.beachnet.com/~hstiles/cardtype.html
2001382 || ET POLICY Credit Card Number Detected in Clear (14 digit spaced) || url,www.beachnet.com/~hstiles/cardtype.html
2001383 || ET POLICY Credit Card Number Detected in Clear (14 digit dashed) || url,www.beachnet.com/~hstiles/cardtype.html
2002164 || ET MALWARE Hotbar Spyware User-Agent || url,www.pchell.com/support/hotbar.shtml || url,www.doxdesk.com/parasite/Hotbar.html
2002166 || ET MALWARE Alexa Search Toolbar User-Agent (Alexa Toolbar) || url,www.spywareguide.com/product_show.php?id=418
2002167 || ET MALWARE Possible Malware - Wise User Agent (Wise) || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453076771
2002169 || ET MALWARE iWon Spyware (iWonSearchAssistant) || url,www.spywareguide.com/product_show.php?id=461
2002394 || ET MALWARE Adwave/MarketScore User Agent (WTA) || url,www.marketscore.com || url,www.adwave.com/our_mission.aspx
2002395 || ET MALWARE Miva User Agent (TPSystem) || url,www.findwhat.com || url,www.miva.com
2002396 || ET MALWARE Miva Spyware User Agent (Travel Update) || url,www.miva.com
2002397 || ET MALWARE Precision Targeting User Agent (XC) || url,www.precisiontargeting.com
2002398 || ET MALWARE DelFin Project User Agent (Dpi) || url,www.delfinproject.com
2002399 || ET MALWARE DelFin Project User Agent (PromulGate) || url,www.delfinproject.com
2002401 || ET MALWARE Web Search User Agent (ST3PS) || url,www.websearch.com
2002402 || ET MALWARE Suspicious Spyware Related User Agent (UtilMind HTTPGet) || url,www.websearch.com
2002403 || ET MALWARE Context Plus User Agent (PTS) || url,www.contextplus.net
2002404 || ET MALWARE Movies etc User Agent (IOInstall) || url,www.movies-etc.com
2002405 || ET MALWARE Internet Optimizer User Agent (ROGUE) || url,www.internet-optimizer.com
2002731 || ET WEB PHP Generic phpbb arbitrary command attempt || url,cve.mitre.org/cgi-bin/cvekey.cgi?keyword=phpbb_root_path
2002996 || ET WEB PHP GeekLog Remote File Include Vulnerability || url,securitydot.net/xpl/exploits/vulnerabilities/articles/1122/exploit.html
2007611 || ET MALWARE Possible Infection Report Mail - Indy Mail lib and No Message Body - Priority 1
2007612 || ET MALWARE Possible Infection Report Mail - Indy Mail lib and No Message Body - Priority 3
2007613 || ET MALWARE Possible Infection Report Mail - Indy Mail lib and MAC Message Body - Priority 1
2007614 || ET MALWARE Possible Infection Report Mail - Indy Mail lib and MAC Message Body - Priority 3
2007906 || ET GAMES Ourgame GLWorld 2.x hgs_startNotify()/hgs_startGame() ActiveX BoF || url,www.symantec.com/enterprise/security_response/weblog/2008/02/zeroday_exploit_for_lianzong_g.html || cve,CVE-2008-0647 || bugtraq,27626 || url,www.milw0rm.com/exploits/5153
2007949 || ET TROJAN Medbod UDP Phone Home Packet - Please report hits to emerging at emergingthreats.net for analysis
2007950 || ET MALWARE Possible Infection Report Mail - Indy Mail lib and Nome do Computador in Body
2007951 || ET MALWARE Hex Encoded IP HTTP Request - Likely Malware
2007952 || ET TROJAN Downloader.49651 Checkin
2007953 || ET TROJAN Downloader.49651 Install Report
2007954 || ET TROJAN Downloader.49651 Online Report
2007955 || ET TROJAN Cygo Checkin
2007956 || ET MALWARE Snoopstick.net Related Spyware User-Agent (SnoopStick Updater)
2007957 || ET TROJAN Banker.ike UDP C&C
2007958 || ET MALWARE Msconfig.co.kr Related User Agent (BACKMAN)
2007959 || ET MALWARE Msconfig.co.kr Related User Agent (GLOBALx)
-> Added to bleeding-virus.rules (3):
# A large number of trojans report an infection by sending a blank email to a gmail or other free provider
# They're pretty bland, other than they almost always use the Indy Mail lib. So the mail is slightly unique
# This sig should catch them outbound
[---] Removed non-rule lines: [---]
-> Removed from bleeding-malware.rules (4):
# Seeing several bits of malware that are creating their http get's
# incorrectly. They're adding an http://domain.com/url to the GET string,
# which should be just the uri. This will catch those
#Extra content check for snort <2.4.3 doesn't support pure not rules
-> Removed from bleeding-policy.rules (3):
# A large number of trojans report an infection by sending a blank email to a gmail or other free provider
# They're pretty bland, other than they almost always use the Indy Mail lib. So the mail is slightly unique
# This sig should catch them outbound
-> Removed from bleeding-sid-msg.map (47):
2000035 || ET Hotmail Inbox Access
2000036 || ET Hotmail Message Access
2000037 || ET Hotmail Compose Message Access
2000038 || ET Hotmail Compose Message Submit
2000039 || ET Hotmail Compose Message Submit Data
2001197 || ET PHPNuke SQL injection attempt || url,www.waraxe.us/index.php?modname=sa&id=35
2001202 || ET PHPNuke general SQL injection attempt || url,www.waraxe.us/?modname=sa&id=036 || url,www.waraxe.us/?modname=sa&id=030
2001218 || ET PHPNuke general XSS attempt || url,www.waraxe.us/?modname=sa&id=030
2001342 || ET WEB-IIS ASP.net Auth Bypass / Canonicalization
2001343 || ET WEB-IIS ASP.net Auth Bypass / Canonicalization % 5 C
2001344 || ET WEB-PHP EasyDynamicPages exploit || cve,CAN-2004-0073 || url,www.securitytracker.com/alerts/2004/Jan/1008584.html
2001375 || ET Credit Card Number Detected in Clear (16 digit spaced) || url,www.beachnet.com/~hstiles/cardtype.html
2001376 || ET Credit Card Number Detected in Clear (16 digit dashed) || url,www.beachnet.com/~hstiles/cardtype.html
2001377 || ET Credit Card Number Detected in Clear (16 digit) || url,www.beachnet.com/~hstiles/cardtype.html
2001378 || ET Credit Card Number Detected in Clear (15 digit) || url,www.beachnet.com/~hstiles/cardtype.html
2001379 || ET Credit Card Number Detected in Clear (15 digit spaced) || url,www.beachnet.com/~hstiles/cardtype.html
2001380 || ET Credit Card Number Detected in Clear (15 digit dashed) || url,www.beachnet.com/~hstiles/cardtype.html
2001381 || ET Credit Card Number Detected in Clear (14 digit) || url,www.beachnet.com/~hstiles/cardtype.html
2001382 || ET Credit Card Number Detected in Clear (14 digit spaced) || url,www.beachnet.com/~hstiles/cardtype.html
2001383 || ET Credit Card Number Detected in Clear (14 digit dashed) || url,www.beachnet.com/~hstiles/cardtype.html
2002161 || ET MALWARE CoolWebSearch Spyware (feat2) || url,www.doxdesk.com/parasite/CoolWebSearch.html || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453075759 || url,www.spywareguide.com/product_show.php?id=599
2002163 || ET MALWARE Ezula Update Engine || url,www.spywareguide.com/product_show.php?id=9
2002164 || ET MALWARE Hotbar Spyware || url,www.pchell.com/support/hotbar.shtml || url,www.doxdesk.com/parasite/Hotbar.html
2002165 || ET MALWARE IESearch Spyware || url,www.spywareguide.com/product_show.php?id=982
2002166 || ET MALWARE Alexa Search Toolbar || url,www.spywareguide.com/product_show.php?id=418
2002167 || ET MALWARE Possible Spyware - Wise User Agent || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453076771
2002168 || ET MALWARE Svcmm Parasite || url,doxdesk.com/parasite/SvcMM.html || url,castlecops.com/startuplist-5862.html
2002169 || ET MALWARE iWon Spyware || url,www.spywareguide.com/product_show.php?id=461
2002394 || ET MALWARE Adwave/MarketScore User Agent || url,www.marketscore.com || url,www.adwave.com/our_mission.aspx
2002395 || ET MALWARE Miva User Agent || url,www.findwhat.com || url,www.miva.com
2002396 || ET MALWARE Miva User Agent 2 || url,www.miva.com
2002397 || ET MALWARE Precision Targeting User Agent || url,www.precisiontargeting.com
2002398 || ET MALWARE DelFin Project User Agent || url,www.delfinproject.com
2002399 || ET MALWARE DelFin Project User Agent 2 || url,www.delfinproject.com
2002401 || ET MALWARE Web Search User Agent 2 || url,www.websearch.com
2002402 || ET MALWARE Web Search User Agent 3 || url,www.websearch.com
2002403 || ET MALWARE Context Plus User Agent 2 || url,www.contextplus.net
2002404 || ET MALWARE Movies etc User Agent || url,www.movies-etc.com
2002405 || ET MALWARE Internet Optimizer User Agent 2 || url,www.internet-optimizer.com
2002731 || ET WEB-PHP Generic phpbb arbitrary command attempt || url,cve.mitre.org/cgi-bin/cvekey.cgi?keyword=phpbb_root_path
2002996 || ET WEB-PHP GeekLog Remote File Include Vulnerability || url,securitydot.net/xpl/exploits/vulnerabilities/articles/1122/exploit.html
2007611 || ET POLICY Possible Infection Report Mail - Indy Mail lib and No Message Body - Priority 1
2007612 || ET POLICY Possible Infection Report Mail - Indy Mail lib and No Message Body - Priority 3
2007613 || ET POLICY Possible Infection Report Mail - Indy Mail lib and MAC Message Body - Priority 1
2007614 || ET POLICY Possible Infection Report Mail - Indy Mail lib and MAC Message Body - Priority 3
2007906 || ET GAME Ourgame GLWorld 2.x hgs_startNotify()/hgs_startGame() ActiveX BoF || url,www.symantec.com/enterprise/security_response/weblog/2008/02/zeroday_exploit_for_lianzong_g.html || cve,CVE-2008-0647 || bugtraq,27626 || url,www.milw0rm.com/exploits/5153
2007941 || ET MALWARE Invalid HTTP GET Request - Often Malware Related || url,doc.emergingthreats.net/2007941
-> Removed from bleeding-sid-msg.map.txt (47):
2000035 || ET Hotmail Inbox Access
2000036 || ET Hotmail Message Access
2000037 || ET Hotmail Compose Message Access
2000038 || ET Hotmail Compose Message Submit
2000039 || ET Hotmail Compose Message Submit Data
2001197 || ET PHPNuke SQL injection attempt || url,www.waraxe.us/index.php?modname=sa&id=35
2001202 || ET PHPNuke general SQL injection attempt || url,www.waraxe.us/?modname=sa&id=036 || url,www.waraxe.us/?modname=sa&id=030
2001218 || ET PHPNuke general XSS attempt || url,www.waraxe.us/?modname=sa&id=030
2001342 || ET WEB-IIS ASP.net Auth Bypass / Canonicalization
2001343 || ET WEB-IIS ASP.net Auth Bypass / Canonicalization % 5 C
2001344 || ET WEB-PHP EasyDynamicPages exploit || cve,CAN-2004-0073 || url,www.securitytracker.com/alerts/2004/Jan/1008584.html
2001375 || ET Credit Card Number Detected in Clear (16 digit spaced) || url,www.beachnet.com/~hstiles/cardtype.html
2001376 || ET Credit Card Number Detected in Clear (16 digit dashed) || url,www.beachnet.com/~hstiles/cardtype.html
2001377 || ET Credit Card Number Detected in Clear (16 digit) || url,www.beachnet.com/~hstiles/cardtype.html
2001378 || ET Credit Card Number Detected in Clear (15 digit) || url,www.beachnet.com/~hstiles/cardtype.html
2001379 || ET Credit Card Number Detected in Clear (15 digit spaced) || url,www.beachnet.com/~hstiles/cardtype.html
2001380 || ET Credit Card Number Detected in Clear (15 digit dashed) || url,www.beachnet.com/~hstiles/cardtype.html
2001381 || ET Credit Card Number Detected in Clear (14 digit) || url,www.beachnet.com/~hstiles/cardtype.html
2001382 || ET Credit Card Number Detected in Clear (14 digit spaced) || url,www.beachnet.com/~hstiles/cardtype.html
2001383 || ET Credit Card Number Detected in Clear (14 digit dashed) || url,www.beachnet.com/~hstiles/cardtype.html
2002161 || ET MALWARE CoolWebSearch Spyware (feat2) || url,www.doxdesk.com/parasite/CoolWebSearch.html || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453075759 || url,www.spywareguide.com/product_show.php?id=599
2002163 || ET MALWARE Ezula Update Engine || url,www.spywareguide.com/product_show.php?id=9
2002164 || ET MALWARE Hotbar Spyware || url,www.pchell.com/support/hotbar.shtml || url,www.doxdesk.com/parasite/Hotbar.html
2002165 || ET MALWARE IESearch Spyware || url,www.spywareguide.com/product_show.php?id=982
2002166 || ET MALWARE Alexa Search Toolbar || url,www.spywareguide.com/product_show.php?id=418
2002167 || ET MALWARE Possible Spyware - Wise User Agent || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453076771
2002168 || ET MALWARE Svcmm Parasite || url,doxdesk.com/parasite/SvcMM.html || url,castlecops.com/startuplist-5862.html
2002169 || ET MALWARE iWon Spyware || url,www.spywareguide.com/product_show.php?id=461
2002394 || ET MALWARE Adwave/MarketScore User Agent || url,www.marketscore.com || url,www.adwave.com/our_mission.aspx
2002395 || ET MALWARE Miva User Agent || url,www.findwhat.com || url,www.miva.com
2002396 || ET MALWARE Miva User Agent 2 || url,www.miva.com
2002397 || ET MALWARE Precision Targeting User Agent || url,www.precisiontargeting.com
2002398 || ET MALWARE DelFin Project User Agent || url,www.delfinproject.com
2002399 || ET MALWARE DelFin Project User Agent 2 || url,www.delfinproject.com
2002401 || ET MALWARE Web Search User Agent 2 || url,www.websearch.com
2002402 || ET MALWARE Web Search User Agent 3 || url,www.websearch.com
2002403 || ET MALWARE Context Plus User Agent 2 || url,www.contextplus.net
2002404 || ET MALWARE Movies etc User Agent || url,www.movies-etc.com
2002405 || ET MALWARE Internet Optimizer User Agent 2 || url,www.internet-optimizer.com
2002731 || ET WEB-PHP Generic phpbb arbitrary command attempt || url,cve.mitre.org/cgi-bin/cvekey.cgi?keyword=phpbb_root_path
2002996 || ET WEB-PHP GeekLog Remote File Include Vulnerability || url,securitydot.net/xpl/exploits/vulnerabilities/articles/1122/exploit.html
2007611 || ET POLICY Possible Infection Report Mail - Indy Mail lib and No Message Body - Priority 1
2007612 || ET POLICY Possible Infection Report Mail - Indy Mail lib and No Message Body - Priority 3
2007613 || ET POLICY Possible Infection Report Mail - Indy Mail lib and MAC Message Body - Priority 1
2007614 || ET POLICY Possible Infection Report Mail - Indy Mail lib and MAC Message Body - Priority 3
2007906 || ET GAME Ourgame GLWorld 2.x hgs_startNotify()/hgs_startGame() ActiveX BoF || url,www.symantec.com/enterprise/security_response/weblog/2008/02/zeroday_exploit_for_lianzong_g.html || cve,CVE-2008-0647 || bugtraq,27626 || url,www.milw0rm.com/exploits/5153
2007941 || ET MALWARE Invalid HTTP GET Request - Often Malware Related || url,doc.emergingthreats.net/2007941
More information about the Emerging-sigs
mailing list