[Emerging-Sigs] Emerging Threats Daily Signature Changes

emerging@emergingthreats.net emerging at emergingthreats.net
Sat May 10 17:00:09 EDT 2008 

[***] Results from Oinkmaster started Sat May 10 17:00:09 2008 [***]

[+++]          Added rules:          [+++]

 2008197 - ET MALWARE Winxdefender.com Fake AV Package Post Install Checkin (emerging-malware.rules)
 2008198 - ET MALWARE Pcclear.co.kr/Pcclear.com Fake AV User-Agent (PCClearPlus) (emerging-malware.rules)
 2008199 - ET MALWARE Suspicious User-Agent (QQ) (emerging-malware.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to emerging-malware.rules (1):
        #matt jonkman, www.winxdefender.com fake AV package

     -> Added to emerging-sid-msg.map (3):
        2008197 || ET MALWARE Winxdefender.com Fake AV Package Post Install Checkin
        2008198 || ET MALWARE Pcclear.co.kr/Pcclear.com Fake AV User-Agent (PCClearPlus) || url,www.pcclear.co.kr || url,www.pcclear.com
        2008199 || ET MALWARE Suspicious User-Agent (QQ)

     -> Added to emerging-sid-msg.map.txt (3):
        2008197 || ET MALWARE Winxdefender.com Fake AV Package Post Install Checkin
        2008198 || ET MALWARE Pcclear.co.kr/Pcclear.com Fake AV User-Agent (PCClearPlus) || url,www.pcclear.co.kr || url,www.pcclear.com
        2008199 || ET MALWARE Suspicious User-Agent (QQ)

[---]     Removed non-rule lines:    [---]

     -> Removed from emerging-attack_response.rules (1):
        # $Id: bleeding-attack_response.rules $

     -> Removed from emerging-dos.rules (1):
        # $Id: bleeding-dos.rules $

     -> Removed from emerging-exploit.rules (1):
        # $Id: bleeding-exploit.rules $

     -> Removed from emerging-game.rules (1):
        # $Id: bleeding-game.rules $

     -> Removed from emerging-inappropriate.rules (1):
        # $Id: bleeding-inappropriate.rules $

     -> Removed from emerging-malware.rules (1):
        # $Id: bleeding-malware.rules $

     -> Removed from emerging-p2p.rules (1):
        # $Id: bleeding-p2p.rules $

     -> Removed from emerging-policy.rules (1):
        # $Id: bleeding-policy.rules $

     -> Removed from emerging-scan.rules (1):
        # $Id: bleeding-scan.rules $

     -> Removed from emerging-virus.rules (1):
        # $Id: bleeding-virus.rules $

     -> Removed from emerging-voip.rules (1):
        # $Id: bleeding-voip.rules $

     -> Removed from emerging-web.rules (1):
        # $Id: bleeding-web.rules $

     -> Removed from emerging-web_sql_injection.rules (1):
        # $Id: bleeding-web_sql_injection.rules $

     -> Removed from emerging.rules (1):
        # $Id: bleeding.rules $

More information about the Emerging-sigs mailing list