[Emerging-Sigs] Emerging Threats Daily Signature Changes

emerging@emergingthreats.net emerging at emergingthreats.net
Mon May 12 17:00:08 EDT 2008 

[***] Results from Oinkmaster started Mon May 12 17:00:08 2008 [***]

[+++]          Added rules:          [+++]

 2008202 - ET MALWARE UbrenQuatroRusDldr Downloader User Agent (UbrenQuatroRusDldr 096044) (emerging-malware.rules)
 2008203 - ET MALWARE BndVeano4GetDownldr Downloader User Agent (BndVeano4GetDownldr) (emerging-malware.rules)
 2008204 - ET MALWARE yeps.co.kr Related User Agent (ISecu) (emerging-malware.rules)
 2008205 - ET MALWARE yeps.co.kr Related User Agent (ISUpd) (emerging-malware.rules)
 2008206 - ET CURRENT_EVENTS Client Visiting Possibly Compromised Site (HaCKeD By BeLa & BodyguarD) (emerging.rules)
 2008207 - ET CURRENT_EVENTS Possible File Injection Compromise (HaCKeD By BeLa & BodyguarD) (emerging.rules)
 2008208 - ET MALWARE Suspicious User-Agent (TestAgent) (emerging-malware.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to emerging-sid-msg.map (7):
        2008202 || ET MALWARE UbrenQuatroRusDldr Downloader User Agent (UbrenQuatroRusDldr 096044)
        2008203 || ET MALWARE BndVeano4GetDownldr Downloader User Agent (BndVeano4GetDownldr)
        2008204 || ET MALWARE yeps.co.kr Related User Agent (ISecu)
        2008205 || ET MALWARE yeps.co.kr Related User Agent (ISUpd)
        2008206 || ET CURRENT_EVENTS Client Visiting Possibly Compromised Site (HaCKeD By BeLa & BodyguarD) || url,www.incidents.org/diary.html?storyid=4405
        2008207 || ET CURRENT_EVENTS Possible File Injection Compromise (HaCKeD By BeLa & BodyguarD) || url,www.incidents.org/diary.html?storyid=4405
        2008208 || ET MALWARE Suspicious User-Agent (TestAgent)

     -> Added to emerging-sid-msg.map.txt (7):
        2008202 || ET MALWARE UbrenQuatroRusDldr Downloader User Agent (UbrenQuatroRusDldr 096044)
        2008203 || ET MALWARE BndVeano4GetDownldr Downloader User Agent (BndVeano4GetDownldr)
        2008204 || ET MALWARE yeps.co.kr Related User Agent (ISecu)
        2008205 || ET MALWARE yeps.co.kr Related User Agent (ISUpd)
        2008206 || ET CURRENT_EVENTS Client Visiting Possibly Compromised Site (HaCKeD By BeLa & BodyguarD) || url,www.incidents.org/diary.html?storyid=4405
        2008207 || ET CURRENT_EVENTS Possible File Injection Compromise (HaCKeD By BeLa & BodyguarD) || url,www.incidents.org/diary.html?storyid=4405
        2008208 || ET MALWARE Suspicious User-Agent (TestAgent)

     -> Added to emerging.rules (2):
        #by matt jonkman, re http://www.incidents.org/diary.html?storyid=4405
        #  Mass File Injection attacks

More information about the Emerging-sigs mailing list