[Emerging-Sigs] Emerging Threats Daily Signature Changes

[emerging@emergingthreats.net]

[***] Results from Oinkmaster started Mon May  5 17:00:08 2008 [***]

[+++]          Added rules:          [+++]

 2008182 - ET TROJAN Common Downloader Install Report URL (emerging-virus.rules)
 2008183 - ET TROJAN Common Downloader Install Report URL (pid - mac) (emerging-virus.rules)
 2008184 - ET MALWARE Suspicious User-Agent (Installer) (emerging-malware.rules)
 2008185 - ET TROJAN Win32 Cloaker Related Post Infection Checkin (emerging-virus.rules)
 2008186 - ET SCAN DirBuster Web App Scan in Progress (emerging-scan.rules)
 2008187 - ET SCAN Paros Proxy Scanner Detected (emerging-scan.rules)
 2008188 - ET CURRENT_EVENTS Possible Srizbi Trojan EXE Request (My_foto.exe) (emerging.rules)


[///]     Modified active rules:     [///]

 2008077 - ET CURRENT_EVENTS Possible Storm Worm EXE Request (load.exe) (emerging.rules)


[---]         Removed rules:         [---]

 2008078 - ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE Request (funny.exe) (emerging.rules)
 2008079 - ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE Request (kickme.exe) (emerging.rules)
 2008101 - ET CURRENT_EVENTS Possible Storm Worm EXE Request (withlove.exe) (emerging.rules)
 2008102 - ET CURRENT_EVENTS Possible Storm Worm EXE Request (love.exe) (emerging.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to emerging-scan.rules (3):
        #by Adam Pointon at Sentinel Data Security
        #not a malicious too,l, a testing tool
        #sig by Adam Pointon of Sentinelsecurity.com.au

     -> Added to emerging-sid-msg.map (8):
        2008077 || ET CURRENT_EVENTS Possible Storm Worm EXE Request (load.exe) || url,www.sudosecure.net/archives/61
        2008182 || ET TROJAN Common Downloader Install Report URL
        2008183 || ET TROJAN Common Downloader Install Report URL (pid - mac)
        2008184 || ET MALWARE Suspicious User-Agent (Installer)
        2008185 || ET TROJAN Win32 Cloaker Related Post Infection Checkin
        2008186 || ET SCAN DirBuster Web App Scan in Progress || url,owasp.org
        2008187 || ET SCAN Paros Proxy Scanner Detected || url,www.parosproxy.org
        2008188 || ET CURRENT_EVENTS Possible Srizbi Trojan EXE Request (My_foto.exe)

     -> Added to emerging-sid-msg.map.txt (8):
        2008077 || ET CURRENT_EVENTS Possible Storm Worm EXE Request (load.exe) || url,www.sudosecure.net/archives/61
        2008182 || ET TROJAN Common Downloader Install Report URL
        2008183 || ET TROJAN Common Downloader Install Report URL (pid - mac)
        2008184 || ET MALWARE Suspicious User-Agent (Installer)
        2008185 || ET TROJAN Win32 Cloaker Related Post Infection Checkin
        2008186 || ET SCAN DirBuster Web App Scan in Progress || url,owasp.org
        2008187 || ET SCAN Paros Proxy Scanner Detected || url,www.parosproxy.org
        2008188 || ET CURRENT_EVENTS Possible Srizbi Trojan EXE Request (My_foto.exe)

     -> Added to emerging-virus.rules (1):
        #by matt jonkman, re 31fc628bf3c76e9b446d2eac18046b87, www.kjfbk07814.com/log/proc.php?key=RC4S25FOsd2

     -> Added to emerging.rules (1):
        #more by Jeremy at sudosecure

[---]     Removed non-rule lines:    [---]

     -> Removed from emerging-attack_response.rules (1):
        # $Id: bleeding-attack_response.rules $

     -> Removed from emerging-dos.rules (1):
        # $Id: bleeding-dos.rules $

     -> Removed from emerging-exploit.rules (1):
        # $Id: bleeding-exploit.rules $

     -> Removed from emerging-game.rules (1):
        # $Id: bleeding-game.rules $

     -> Removed from emerging-inappropriate.rules (1):
        # $Id: bleeding-inappropriate.rules $

     -> Removed from emerging-malware.rules (1):
        # $Id: bleeding-malware.rules $

     -> Removed from emerging-p2p.rules (1):
        # $Id: bleeding-p2p.rules $

     -> Removed from emerging-policy.rules (1):
        # $Id: bleeding-policy.rules $

     -> Removed from emerging-scan.rules (1):
        # $Id: bleeding-scan.rules $

     -> Removed from emerging-sid-msg.map (5):
        2008077 || ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE Request (foolsday.exe)
        2008078 || ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE Request (funny.exe)
        2008079 || ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE Request (kickme.exe)
        2008101 || ET CURRENT_EVENTS Possible Storm Worm EXE Request (withlove.exe)
        2008102 || ET CURRENT_EVENTS Possible Storm Worm EXE Request (love.exe)

     -> Removed from emerging-sid-msg.map.txt (5):
        2008077 || ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE Request (foolsday.exe)
        2008078 || ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE Request (funny.exe)
        2008079 || ET CURRENT_EVENTS Possible Storm Worm April Fools Day EXE Request (kickme.exe)
        2008101 || ET CURRENT_EVENTS Possible Storm Worm EXE Request (withlove.exe)
        2008102 || ET CURRENT_EVENTS Possible Storm Worm EXE Request (love.exe)

     -> Removed from emerging-virus.rules (1):
        # $Id: bleeding-virus.rules $

     -> Removed from emerging-voip.rules (1):
        # $Id: bleeding-voip.rules $

     -> Removed from emerging-web.rules (1):
        # $Id: bleeding-web.rules $

     -> Removed from emerging-web_sql_injection.rules (1):
        # $Id: bleeding-web_sql_injection.rules $

     -> Removed from emerging.rules (2):
        # $Id: bleeding.rules $
        #temporary for the current storm wave