[Emerging-Sigs] Emerging Threats Daily Signature Changes
emerging@emergingthreats.net
emerging at emergingthreats.net
Wed Mar 26 16:00:09 EST 2008
[***] Results from Oinkmaster started Wed Mar 26 17:00:09 2008 [***]
[+++] Added rules: [+++]
2008052 - ET MALWARE Suspicious User Agent (Internet Explorer) (bleeding-malware.rules)
2008053 - ET MALWARE InternetSpeedMonitor Related Spyware User-Agent (parchmnt loader v1.8) (bleeding-malware.rules)
2008054 - ET POLICY Nginx Server in use - Often Hostile Traffic (bleeding-policy.rules)
2008055 - ET TROJAN Win32.Inject.ajq Initial Checkin to CnC (bleeding-virus.rules)
2008056 - ET TROJAN Win32.Inject.ajq Initial Checkin to CnC packet 2 (bleeding-virus.rules)
2008057 - ET TROJAN Win32.Inject.ajq Initial Checkin to CnC Response (bleeding-virus.rules)
[///] Modified active rules: [///]
2002030 - ET TROJAN BOT - potential scan/exploit command (bleeding-virus.rules)
[+++] Added non-rule lines: [+++]
-> Added to bleeding-policy.rules (3):
#by matt jonkman
#nginx is an open http server. It's quite good, but seems an extremely high number of it's
# installs are malicious. Storm, rbn, etc. Use this rule if you are interested
-> Added to bleeding-sid-msg.map (6):
2008052 || ET MALWARE Suspicious User Agent (Internet Explorer)
2008053 || ET MALWARE InternetSpeedMonitor Related Spyware User-Agent (parchmnt loader v1.8)
2008054 || ET POLICY Nginx Server in use - Often Hostile Traffic
2008055 || ET TROJAN Win32.Inject.ajq Initial Checkin to CnC
2008056 || ET TROJAN Win32.Inject.ajq Initial Checkin to CnC packet 2
2008057 || ET TROJAN Win32.Inject.ajq Initial Checkin to CnC Response
-> Added to bleeding-sid-msg.map.txt (6):
2008052 || ET MALWARE Suspicious User Agent (Internet Explorer)
2008053 || ET MALWARE InternetSpeedMonitor Related Spyware User-Agent (parchmnt loader v1.8)
2008054 || ET POLICY Nginx Server in use - Often Hostile Traffic
2008055 || ET TROJAN Win32.Inject.ajq Initial Checkin to CnC
2008056 || ET TROJAN Win32.Inject.ajq Initial Checkin to CnC packet 2
2008057 || ET TROJAN Win32.Inject.ajq Initial Checkin to CnC Response
-> Added to bleeding-virus.rules (2):
#re Trojan.Win32.Inject.ajq, by matt jonkman
# 5bb2b20d012cfe541f1173881be28729
More information about the Emerging-sigs
mailing list