[Emerging-Sigs] Emerging Threats Daily Signature Changes

emerging@emergingthreats.net emerging at emergingthreats.net
Tue May 20 17:00:09 EDT 2008 

[***] Results from Oinkmaster started Tue May 20 17:00:09 2008 [***]

[+++]          Added rules:          [+++]

 2008236 - ET TROJAN Fake.Googlebar or Softcash.org Related Post-Infection Checkin (emerging-virus.rules)
 2008237 - ET TROJAN Pass Stealer FTP Upload (emerging-virus.rules)
 2008238 - ET POLICY Hotmail Inbox Access (emerging-policy.rules)
 2008239 - ET POLICY Hotmail Message Access (emerging-policy.rules)
 2008240 - ET POLICY Hotmail Compose Message Access (emerging-policy.rules)
 2008241 - ET POLICY Hotmail Compose Message Submit (emerging-policy.rules)
 2008242 - ET POLICY Hotmail Access Full Mode (emerging-policy.rules)


[///]     Modified active rules:     [///]

 2003657 - ET MALWARE Ibankis.org related Spyware User-Agent (MSIE) (emerging-malware.rules)


[---]         Disabled rules:        [---]

 2000035 - ET POLICY Hotmail Inbox Access (emerging-policy.rules)
 2000036 - ET POLICY Hotmail Message Access (emerging-policy.rules)
 2000037 - ET POLICY Hotmail Compose Message Access (emerging-policy.rules)
 2000038 - ET POLICY Hotmail Compose Message Submit (emerging-policy.rules)
 2000039 - ET POLICY Hotmail Compose Message Submit Data (emerging-policy.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to emerging-policy.rules (5):
        # hotmail has changed, obsoleting these
        # to be deleted
        #by Rouke de Jong
        # In full mode induvidual inbox, compose message etc rules cannot be
        # aplied :

     -> Added to emerging-sid-msg.map (8):
        2003657 || ET MALWARE Ibankis.org related Spyware User-Agent (MSIE)
        2008236 || ET TROJAN Fake.Googlebar or Softcash.org Related Post-Infection Checkin
        2008237 || ET TROJAN Pass Stealer FTP Upload
        2008238 || ET POLICY Hotmail Inbox Access
        2008239 || ET POLICY Hotmail Message Access
        2008240 || ET POLICY Hotmail Compose Message Access
        2008241 || ET POLICY Hotmail Compose Message Submit
        2008242 || ET POLICY Hotmail Access Full Mode

     -> Added to emerging-sid-msg.map.txt (8):
        2003657 || ET MALWARE Ibankis.org related Spyware User-Agent (MSIE)
        2008236 || ET TROJAN Fake.Googlebar or Softcash.org Related Post-Infection Checkin
        2008237 || ET TROJAN Pass Stealer FTP Upload
        2008238 || ET POLICY Hotmail Inbox Access
        2008239 || ET POLICY Hotmail Message Access
        2008240 || ET POLICY Hotmail Compose Message Access
        2008241 || ET POLICY Hotmail Compose Message Submit
        2008242 || ET POLICY Hotmail Access Full Mode

     -> Added to emerging-virus.rules (2):
        #matt jonkman, used by many uploaders
        #by matt jonkman. Softcash.org fake.googlebar related checkin

[---]     Removed non-rule lines:    [---]

     -> Removed from emerging-sid-msg.map (1):
        2003657 || ET MALWARE Ibankis.org related Spyware User-Agent (MSIE 5.3 (xpsp2-xxx))

     -> Removed from emerging-sid-msg.map.txt (1):
        2003657 || ET MALWARE Ibankis.org related Spyware User-Agent (MSIE 5.3 (xpsp2-xxx))

More information about the Emerging-sigs mailing list