[Emerging-Sigs] Emerging Threats Daily Signature Changes

emerging@emergingthreats.net emerging at emergingthreats.net
Thu Mar 13 16:00:07 EST 2008 

[***] Results from Oinkmaster started Thu Mar 13 17:00:07 2008 [***]

[+++]          Added rules:          [+++]

 2007988 - ET TROJAN Banker Trojan (General) HTTP Checkin (bleeding-virus.rules)
 2007989 - ET TROJAN Vundo HTTP Pre-Install Checkin (bleeding-virus.rules)
 2007990 - ET TROJAN Vundo HTTP Post-Install Checkin (bleeding-virus.rules)
 2007991 - ET MALWARE Suspicious User Agent (Unknown) (bleeding-malware.rules)
 2007992 - ET TROJAN Shark Pass Stealer Email Report (bleeding-virus.rules)
 2007993 - ET MALWARE Suspicious User Agent (2 spaces) (bleeding-malware.rules)
 2007994 - ET MALWARE Suspicious User Agent (1 space) (bleeding-malware.rules)


[///]     Modified active rules:     [///]

 2007987 - ET TROJAN Dropper.Win32.VB.on Keylog/System Info Report via HTTP (bleeding-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (8):
        2007987 || ET TROJAN Dropper.Win32.VB.on Keylog/System Info Report via HTTP || url,doc.emergingthreats.net
        2007988 || ET TROJAN Banker Trojan (General) HTTP Checkin
        2007989 || ET TROJAN Vundo HTTP Pre-Install Checkin
        2007990 || ET TROJAN Vundo HTTP Post-Install Checkin
        2007991 || ET MALWARE Suspicious User Agent (Unknown)
        2007992 || ET TROJAN Shark Pass Stealer Email Report
        2007993 || ET MALWARE Suspicious User Agent (2 spaces)
        2007994 || ET MALWARE Suspicious User Agent (1 space)

     -> Added to bleeding-sid-msg.map.txt (8):
        2007987 || ET TROJAN Dropper.Win32.VB.on Keylog/System Info Report via HTTP || url,doc.emergingthreats.net
        2007988 || ET TROJAN Banker Trojan (General) HTTP Checkin
        2007989 || ET TROJAN Vundo HTTP Pre-Install Checkin
        2007990 || ET TROJAN Vundo HTTP Post-Install Checkin
        2007991 || ET MALWARE Suspicious User Agent (Unknown)
        2007992 || ET TROJAN Shark Pass Stealer Email Report
        2007993 || ET MALWARE Suspicious User Agent (2 spaces)
        2007994 || ET MALWARE Suspicious User Agent (1 space)

     -> Added to bleeding-virus.rules (3):
        #by victor julien
        # kaspersky calls is win32.shark.hz. This sig will catch the report email outbound
        #by victor julien

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (1):
        2007987 || ET TROJAN Dropper.Win32.VB.on Keylog/System Info Report via HTTP || url,doc.emergingthreats.net/ classtype:trojan-activity

     -> Removed from bleeding-sid-msg.map.txt (1):
        2007987 || ET TROJAN Dropper.Win32.VB.on Keylog/System Info Report via HTTP || url,doc.emergingthreats.net/ classtype:trojan-activity

More information about the Emerging-sigs mailing list