[Emerging-Sigs] Emerging Threats Daily Signature Changes
emerging@emergingthreats.net
emerging at emergingthreats.net
Sat Mar 15 16:00:08 EST 2008
[***] Results from Oinkmaster started Sat Mar 15 17:00:08 2008 [***]
[+++] Added rules: [+++]
2008000 - ET MALWARE Easydownloadsoft.com Fake Anti-Virus User Agent (IM Downloader) (bleeding-malware.rules)
2008001 - ET CURRENT_EVENTS 2117966.net/iframe exploit (infection) (bleeding.rules)
2008002 - ET CURRENT_EVENTS 2117966.net/iframe exploit (attempt) (bleeding.rules)
[///] Modified active rules: [///]
2007862 - ET TROJAN LDPinch Checkin (3) (bleeding-virus.rules)
2007983 - ET TROJAN LDPinch Checkin (4) (bleeding-virus.rules)
[+++] Added non-rule lines: [+++]
-> Added to bleeding-sid-msg.map (3):
2008000 || ET MALWARE Easydownloadsoft.com Fake Anti-Virus User Agent (IM Downloader)
2008001 || ET CURRENT_EVENTS 2117966.net/iframe exploit (infection) || url,isc.sans.org/diary.html?storyid=4139
2008002 || ET CURRENT_EVENTS 2117966.net/iframe exploit (attempt) || url,isc.sans.org/diary.html?storyid=4139
-> Added to bleeding-sid-msg.map.txt (3):
2008000 || ET MALWARE Easydownloadsoft.com Fake Anti-Virus User Agent (IM Downloader)
2008001 || ET CURRENT_EVENTS 2117966.net/iframe exploit (infection) || url,isc.sans.org/diary.html?storyid=4139
2008002 || ET CURRENT_EVENTS 2117966.net/iframe exploit (attempt) || url,isc.sans.org/diary.html?storyid=4139
-> Added to bleeding.rules (5):
# From SANS/Diary isc.sans.org/diary.html?storyid=4139
# Inspect your web proxy logs for visitors to 2117966.net. This will
# indicate who is potentially exposed. Check these systems to verify
# that their patches are up-to-date. Systems that are successfully
# compromised will begin sending traffic to 61.188.39.175
More information about the Emerging-sigs
mailing list