[Emerging-Sigs] Emerging Threats Daily Signature Changes
emerging@emergingthreats.net
emerging at emergingthreats.net
Wed May 14 17:00:08 EDT 2008
[***] Results from Oinkmaster started Wed May 14 17:00:08 2008 [***]
[+++] Added rules: [+++]
2008214 - ET MALWARE Suspicious User-Agent (sickness29a/0.1) (emerging-malware.rules)
2008215 - ET MALWARE Suspicious User-Agent (up2dash updater) (emerging-malware.rules)
2008216 - ET MALWARE Suspicious User-Agent (NSIS_DOWNLOAD) (emerging-malware.rules)
2008217 - ET MALWARE Kingsoft.com Fake AV User-Agent (KAVTools) (emerging-malware.rules)
2008218 - ET TROJAN Optix Pro Trojan/Keylogger Reporting Installation via HTTP-Email Post (emerging-virus.rules)
2008219 - ET TROJAN Looked.P/Gamania/Delf #108/! Style CnC Checkin (emerging-virus.rules)
2008220 - ET TROJAN Looked.P/Gamania/Delf #109/! Style CnC Checkin Response from Server (emerging-virus.rules)
2008221 - ET TROJAN Asprox-style Message ID (emerging-virus.rules)
2008222 - ET TROJAN Asprox phishing email detected (emerging-virus.rules)
2008223 - ET TROJAN Vipdataend C&C Traffic - Checkin (FYWL) (emerging-virus.rules)
2008224 - ET TROJAN Vipdataend C&C Traffic - Checkin (XYLL) (emerging-virus.rules)
[///] Modified active rules: [///]
2001864 - ET MALWARE Fun Web Products Spyware User Agent (3) (emerging-malware.rules)
2007962 - ET TROJAN Vipdataend C&C Traffic - Checkin (emerging-virus.rules)
2007970 - ET TROJAN Vipdataend C&C Traffic - Checkin (XY) (emerging-virus.rules)
2008144 - ET TROJAN Proxy.Corpes.j Infection Report (emerging-virus.rules)
2008213 - ET TROJAN LDPinch Checkin (9) (emerging-virus.rules)
[+++] Added non-rule lines: [+++]
-> Added to emerging-malware.rules (1):
#re 125a70ff3c8f8a72c054380883de53dc
-> Added to emerging-sid-msg.map (11):
2008214 || ET MALWARE Suspicious User-Agent (sickness29a/0.1)
2008215 || ET MALWARE Suspicious User-Agent (up2dash updater)
2008216 || ET MALWARE Suspicious User-Agent (NSIS_DOWNLOAD)
2008217 || ET MALWARE Kingsoft.com Fake AV User-Agent (KAVTools)
2008218 || ET TROJAN Optix Pro Trojan/Keylogger Reporting Installation via HTTP-Email Post || url,en.wikipedia.org/wiki/Optix_Pro
2008219 || ET TROJAN Looked.P/Gamania/Delf #108/! Style CnC Checkin || url,doc.emergingthreats.net/bin/view/Main/Win32Looked
2008220 || ET TROJAN Looked.P/Gamania/Delf #109/! Style CnC Checkin Response from Server || url,doc.emergingthreats.net/bin/view/Main/Win32Looked
2008221 || ET TROJAN Asprox-style Message ID || url,www.secureworks.com/research/threats/danmecasprox
2008222 || ET TROJAN Asprox phishing email detected || url,www.secureworks.com/research/threats/danmecasprox
2008223 || ET TROJAN Vipdataend C&C Traffic - Checkin (FYWL)
2008224 || ET TROJAN Vipdataend C&C Traffic - Checkin (XYLL)
-> Added to emerging-sid-msg.map.txt (11):
2008214 || ET MALWARE Suspicious User-Agent (sickness29a/0.1)
2008215 || ET MALWARE Suspicious User-Agent (up2dash updater)
2008216 || ET MALWARE Suspicious User-Agent (NSIS_DOWNLOAD)
2008217 || ET MALWARE Kingsoft.com Fake AV User-Agent (KAVTools)
2008218 || ET TROJAN Optix Pro Trojan/Keylogger Reporting Installation via HTTP-Email Post || url,en.wikipedia.org/wiki/Optix_Pro
2008219 || ET TROJAN Looked.P/Gamania/Delf #108/! Style CnC Checkin || url,doc.emergingthreats.net/bin/view/Main/Win32Looked
2008220 || ET TROJAN Looked.P/Gamania/Delf #109/! Style CnC Checkin Response from Server || url,doc.emergingthreats.net/bin/view/Main/Win32Looked
2008221 || ET TROJAN Asprox-style Message ID || url,www.secureworks.com/research/threats/danmecasprox
2008222 || ET TROJAN Asprox phishing email detected || url,www.secureworks.com/research/threats/danmecasprox
2008223 || ET TROJAN Vipdataend C&C Traffic - Checkin (FYWL)
2008224 || ET TROJAN Vipdataend C&C Traffic - Checkin (XYLL)
-> Added to emerging-virus.rules (4):
#by Joe Stewart of Secureworks
#New delf cnc. Also being called Trojan.PWS.Gamania.origin, Trojan-PSW.Win32.OnLineGames.aenl,
# Trojan-PSW.Win32.OnLineGames.aenl, Win32.Looked.P(v)
# re 7bbec6c1d7d727e70854184b1c1c5088
More information about the Emerging-sigs
mailing list