[Emerging-Sigs] Emerging Threats Daily Signature Changes

[emerging@emergingthreats.net]

[***] Results from Oinkmaster started Wed May  7 17:00:07 2008 [***]

[+++]          Added rules:          [+++]

 2008189 - ET TROJAN SpamTool.Win32.Agent.gy Or Similar HTTP Checkin (emerging-virus.rules)
 2008190 - ET MALWARE WinButler User-Agent (WinButler) (emerging-malware.rules)
 2008192 - ET WORM Korgo.P Reporting (emerging-virus.rules)
 2008193 - ET CURRENT_EVENTS Possible Storm Worm EXE Request (Trojan Downloader User Agent) (emerging.rules)
 2008194 - ET TROJAN Common Downloader Install Report URL (wmid - ucid) (emerging-virus.rules)


[///]     Modified active rules:     [///]

 2008183 - ET TROJAN Common Downloader Install Report URL (pid - mac) (emerging-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to emerging-attack_response.rules (1):
        # $Id: bleeding-attack_response.rules $

     -> Added to emerging-dos.rules (1):
        # $Id: bleeding-dos.rules $

     -> Added to emerging-exploit.rules (1):
        # $Id: bleeding-exploit.rules $

     -> Added to emerging-game.rules (1):
        # $Id: bleeding-game.rules $

     -> Added to emerging-inappropriate.rules (1):
        # $Id: bleeding-inappropriate.rules $

     -> Added to emerging-malware.rules (1):
        # $Id: bleeding-malware.rules $

     -> Added to emerging-p2p.rules (1):
        # $Id: bleeding-p2p.rules $

     -> Added to emerging-policy.rules (1):
        # $Id: bleeding-policy.rules $

     -> Added to emerging-scan.rules (1):
        # $Id: bleeding-scan.rules $

     -> Added to emerging-sid-msg.map (5):
        2008189 || ET TROJAN SpamTool.Win32.Agent.gy Or Similar HTTP Checkin
        2008190 || ET MALWARE WinButler User-Agent (WinButler) || url,www.prevx.com/filenames/239975745155427649-0/WINBUTLER.EXE.html || url,www.winbutler.com
        2008192 || ET WORM Korgo.P Reporting || url,www.f-secure.com/v-descs/korgo_p.shtml
        2008193 || ET CURRENT_EVENTS Possible Storm Worm EXE Request (Trojan Downloader User Agent) || url,www.sudosecure.net/archives/67
        2008194 || ET TROJAN Common Downloader Install Report URL (wmid - ucid)

     -> Added to emerging-sid-msg.map.txt (5):
        2008189 || ET TROJAN SpamTool.Win32.Agent.gy Or Similar HTTP Checkin
        2008190 || ET MALWARE WinButler User-Agent (WinButler) || url,www.prevx.com/filenames/239975745155427649-0/WINBUTLER.EXE.html || url,www.winbutler.com
        2008192 || ET WORM Korgo.P Reporting || url,www.f-secure.com/v-descs/korgo_p.shtml
        2008193 || ET CURRENT_EVENTS Possible Storm Worm EXE Request (Trojan Downloader User Agent) || url,www.sudosecure.net/archives/67
        2008194 || ET TROJAN Common Downloader Install Report URL (wmid - ucid)

     -> Added to emerging-virus.rules (3):
        # $Id: bleeding-virus.rules $
        #matt Jonkman
        #Matt Jonkman, variant using ? rather than &'s

     -> Added to emerging-voip.rules (1):
        # $Id: bleeding-voip.rules $

     -> Added to emerging-web.rules (1):
        # $Id: bleeding-web.rules $

     -> Added to emerging-web_sql_injection.rules (1):
        # $Id: bleeding-web_sql_injection.rules $

     -> Added to emerging.rules (2):
        # $Id: bleeding.rules $
        #by jeremy at sudosecure