[Emerging-Sigs] [Snort-sigs] Emerging Threats Weekly Signature Changes
emerging@emergingthreats.net
emerging at emergingthreats.net
Sat May 17 19:00:07 EDT 2008
[***] Results from Oinkmaster started Sat May 17 19:00:07 2008 [***]
[+++] Added rules: [+++]
2008200 - ET MALWARE vaccine-program.co.kr Related Spyware User Agent (vaccine) (emerging-malware.rules)
2008201 - ET MALWARE Sidebar Related Spyware User Agent (Sidebar Client) (emerging-malware.rules)
2008202 - ET MALWARE UbrenQuatroRusDldr Downloader User Agent (UbrenQuatroRusDldr 096044) (emerging-malware.rules)
2008203 - ET MALWARE BndVeano4GetDownldr Downloader User Agent (BndVeano4GetDownldr) (emerging-malware.rules)
2008204 - ET MALWARE yeps.co.kr Related User Agent (ISecu) (emerging-malware.rules)
2008205 - ET MALWARE yeps.co.kr Related User Agent (ISUpd) (emerging-malware.rules)
2008206 - ET CURRENT_EVENTS Client Visiting Possibly Compromised Site (HaCKeD By BeLa & BodyguarD) (emerging.rules)
2008207 - ET CURRENT_EVENTS Possible File Injection Compromise (HaCKeD By BeLa & BodyguarD) (emerging.rules)
2008208 - ET MALWARE Suspicious User-Agent (TestAgent) (emerging-malware.rules)
2008209 - ET MALWARE Suspicious User-Agent (SERVER2_03) (emerging-malware.rules)
2008210 - ET MALWARE Suspicious Misspelled Mozilla User-Agent (Mozila) (emerging-malware.rules)
2008211 - ET MALWARE Suspicious User-Agent (WinProxy) (emerging-malware.rules)
2008212 - ET TROJAN Optix Pro Trojan/Keylogger Reporting Installation via Email (emerging-virus.rules)
2008213 - ET TROJAN LDPinch Checkin (9) (emerging-virus.rules)
2008214 - ET MALWARE Suspicious User-Agent (sickness29a/0.1) (emerging-malware.rules)
2008215 - ET MALWARE Suspicious User-Agent (up2dash updater) (emerging-malware.rules)
2008216 - ET MALWARE Suspicious User-Agent (NSIS_DOWNLOAD) (emerging-malware.rules)
2008217 - ET MALWARE Kingsoft.com Fake AV User-Agent (KAVTools) (emerging-malware.rules)
2008218 - ET TROJAN Optix Pro Trojan/Keylogger Reporting Installation via HTTP-Email Post (emerging-virus.rules)
2008219 - ET TROJAN Looked.P/Gamania/Delf #108/! Style CnC Checkin (emerging-virus.rules)
2008220 - ET TROJAN Looked.P/Gamania/Delf #109/! Style CnC Checkin Response from Server (emerging-virus.rules)
2008221 - ET TROJAN Asprox-style Message ID (emerging-virus.rules)
2008222 - ET TROJAN Asprox phishing email detected (emerging-virus.rules)
2008223 - ET TROJAN Vipdataend C&C Traffic - Checkin (FYWL) (emerging-virus.rules)
2008224 - ET TROJAN Vipdataend C&C Traffic - Checkin (XYLL) (emerging-virus.rules)
[///] Modified active rules: [///]
2001864 - ET MALWARE Fun Web Products Spyware User Agent (3) (emerging-malware.rules)
2007962 - ET TROJAN Vipdataend C&C Traffic - Checkin (emerging-virus.rules)
2007970 - ET TROJAN Vipdataend C&C Traffic - Checkin (XY) (emerging-virus.rules)
2008144 - ET TROJAN Proxy.Corpes.j Infection Report (emerging-virus.rules)
2008187 - ET SCAN Paros Proxy Scanner Detected (emerging-scan.rules)
[+++] Added non-rule lines: [+++]
-> Added to emerging-malware.rules (1):
#re 125a70ff3c8f8a72c054380883de53dc
-> Added to emerging-sid-msg.map (25):
2008200 || ET MALWARE vaccine-program.co.kr Related Spyware User Agent (vaccine)
2008201 || ET MALWARE Sidebar Related Spyware User Agent (Sidebar Client)
2008202 || ET MALWARE UbrenQuatroRusDldr Downloader User Agent (UbrenQuatroRusDldr 096044)
2008203 || ET MALWARE BndVeano4GetDownldr Downloader User Agent (BndVeano4GetDownldr)
2008204 || ET MALWARE yeps.co.kr Related User Agent (ISecu)
2008205 || ET MALWARE yeps.co.kr Related User Agent (ISUpd)
2008206 || ET CURRENT_EVENTS Client Visiting Possibly Compromised Site (HaCKeD By BeLa & BodyguarD) || url,www.incidents.org/diary.html?storyid=4405
2008207 || ET CURRENT_EVENTS Possible File Injection Compromise (HaCKeD By BeLa & BodyguarD) || url,www.incidents.org/diary.html?storyid=4405
2008208 || ET MALWARE Suspicious User-Agent (TestAgent)
2008209 || ET MALWARE Suspicious User-Agent (SERVER2_03)
2008210 || ET MALWARE Suspicious Misspelled Mozilla User-Agent (Mozila)
2008211 || ET MALWARE Suspicious User-Agent (WinProxy)
2008212 || ET TROJAN Optix Pro Trojan/Keylogger Reporting Installation via Email || url,en.wikipedia.org/wiki/Optix_Pro
2008213 || ET TROJAN LDPinch Checkin (9)
2008214 || ET MALWARE Suspicious User-Agent (sickness29a/0.1)
2008215 || ET MALWARE Suspicious User-Agent (up2dash updater)
2008216 || ET MALWARE Suspicious User-Agent (NSIS_DOWNLOAD)
2008217 || ET MALWARE Kingsoft.com Fake AV User-Agent (KAVTools)
2008218 || ET TROJAN Optix Pro Trojan/Keylogger Reporting Installation via HTTP-Email Post || url,en.wikipedia.org/wiki/Optix_Pro
2008219 || ET TROJAN Looked.P/Gamania/Delf #108/! Style CnC Checkin || url,doc.emergingthreats.net/bin/view/Main/Win32Looked
2008220 || ET TROJAN Looked.P/Gamania/Delf #109/! Style CnC Checkin Response from Server || url,doc.emergingthreats.net/bin/view/Main/Win32Looked
2008221 || ET TROJAN Asprox-style Message ID || url,www.secureworks.com/research/threats/danmecasprox
2008222 || ET TROJAN Asprox phishing email detected || url,www.secureworks.com/research/threats/danmecasprox
2008223 || ET TROJAN Vipdataend C&C Traffic - Checkin (FYWL)
2008224 || ET TROJAN Vipdataend C&C Traffic - Checkin (XYLL)
-> Added to emerging-sid-msg.map.txt (25):
2008200 || ET MALWARE vaccine-program.co.kr Related Spyware User Agent (vaccine)
2008201 || ET MALWARE Sidebar Related Spyware User Agent (Sidebar Client)
2008202 || ET MALWARE UbrenQuatroRusDldr Downloader User Agent (UbrenQuatroRusDldr 096044)
2008203 || ET MALWARE BndVeano4GetDownldr Downloader User Agent (BndVeano4GetDownldr)
2008204 || ET MALWARE yeps.co.kr Related User Agent (ISecu)
2008205 || ET MALWARE yeps.co.kr Related User Agent (ISUpd)
2008206 || ET CURRENT_EVENTS Client Visiting Possibly Compromised Site (HaCKeD By BeLa & BodyguarD) || url,www.incidents.org/diary.html?storyid=4405
2008207 || ET CURRENT_EVENTS Possible File Injection Compromise (HaCKeD By BeLa & BodyguarD) || url,www.incidents.org/diary.html?storyid=4405
2008208 || ET MALWARE Suspicious User-Agent (TestAgent)
2008209 || ET MALWARE Suspicious User-Agent (SERVER2_03)
2008210 || ET MALWARE Suspicious Misspelled Mozilla User-Agent (Mozila)
2008211 || ET MALWARE Suspicious User-Agent (WinProxy)
2008212 || ET TROJAN Optix Pro Trojan/Keylogger Reporting Installation via Email || url,en.wikipedia.org/wiki/Optix_Pro
2008213 || ET TROJAN LDPinch Checkin (9)
2008214 || ET MALWARE Suspicious User-Agent (sickness29a/0.1)
2008215 || ET MALWARE Suspicious User-Agent (up2dash updater)
2008216 || ET MALWARE Suspicious User-Agent (NSIS_DOWNLOAD)
2008217 || ET MALWARE Kingsoft.com Fake AV User-Agent (KAVTools)
2008218 || ET TROJAN Optix Pro Trojan/Keylogger Reporting Installation via HTTP-Email Post || url,en.wikipedia.org/wiki/Optix_Pro
2008219 || ET TROJAN Looked.P/Gamania/Delf #108/! Style CnC Checkin || url,doc.emergingthreats.net/bin/view/Main/Win32Looked
2008220 || ET TROJAN Looked.P/Gamania/Delf #109/! Style CnC Checkin Response from Server || url,doc.emergingthreats.net/bin/view/Main/Win32Looked
2008221 || ET TROJAN Asprox-style Message ID || url,www.secureworks.com/research/threats/danmecasprox
2008222 || ET TROJAN Asprox phishing email detected || url,www.secureworks.com/research/threats/danmecasprox
2008223 || ET TROJAN Vipdataend C&C Traffic - Checkin (FYWL)
2008224 || ET TROJAN Vipdataend C&C Traffic - Checkin (XYLL)
-> Added to emerging-virus.rules (5):
#by Joe Stewart of Secureworks
#New delf cnc. Also being called Trojan.PWS.Gamania.origin, Trojan-PSW.Win32.OnLineGames.aenl,
# Trojan-PSW.Win32.OnLineGames.aenl, Win32.Looked.P(v)
# re 7bbec6c1d7d727e70854184b1c1c5088
#matt jonkman, re 9fcea128aeff455ff8f6c9558dd150fd
-> Added to emerging.rules (2):
#by matt jonkman, re http://www.incidents.org/diary.html?storyid=4405
# Mass File Injection attacks
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
More information about the Emerging-sigs
mailing list