[Emerging-Sigs] Emerging Threats Daily Signature Changes
emerging@emergingthreats.net
emerging at emergingthreats.net
Fri May 23 17:00:08 EDT 2008
[***] Results from Oinkmaster started Fri May 23 17:00:08 2008 [***]
[+++] Added rules: [+++]
2008248 - ET TROJAN Cashout Proxy Bot reg_DST (emerging-virus.rules)
2008249 - ET TROJAN Knockbot Proxy Checkin (emerging-virus.rules)
2008250 - ET TROJAN Winspywareprotect.com Fake AV/Anti-Spyware Install Checkin (emerging-virus.rules)
2008251 - ET TROJAN Winspywareprotect.com Fake AV/Anti-Spyware Secondary Checkin (emerging-virus.rules)
2008252 - ET MALWARE Suspicious User-Agent (max loader) (emerging-malware.rules)
2008253 - ET MALWARE Suspicious User-Agent (chek) (emerging-malware.rules)
2008254 - ET TROJAN Vipdataend/Ceckno C&C Traffic - Checkin (emerging-virus.rules)
2008255 - ET MALWARE Suspicious User-Agent (IE) (emerging-malware.rules)
2008256 - ET TROJAN Banload HTTP Checkin Detected (envia.php) (emerging-virus.rules)
2008257 - ET MALWARE Suspicious User-Agent (Nimo Software HTTP Retriever 1.0) (emerging-malware.rules)
2008258 - ET TROJAN Hupigon CnC Communication (variant bysj) (emerging-virus.rules)
2008259 - ET MALWARE Suspicious User-Agent (AutoHotkey) (emerging-malware.rules)
[///] Modified active rules: [///]
2001684 - ET MALWARE Windows executable sent when remote host claims to send image, Win32 (emerging-malware.rules)
2001685 - ET MALWARE Possible Windows executable sent when remote host claims to send an image (emerging-malware.rules)
2002790 - ET TROJAN Haxdoor Reporting User Activity (emerging-virus.rules)
2003657 - ET MALWARE Suspicious User-Agent (MSIE) (emerging-malware.rules)
2007828 - ET TROJAN LDPinch Checkin (2) (emerging-virus.rules)
2007845 - ET MALWARE Errclean.com Related Spyware User Agent (Locus NetInstaller) (emerging-malware.rules)
2008221 - ET TROJAN Asprox-style Message ID (emerging-virus.rules)
2008222 - ET TROJAN Asprox phishing email detected (emerging-virus.rules)
[+++] Added non-rule lines: [+++]
-> Added to emerging-sid-msg.map (13):
2003657 || ET MALWARE Suspicious User-Agent (MSIE)
2008248 || ET TROJAN Cashout Proxy Bot reg_DST
2008249 || ET TROJAN Knockbot Proxy Checkin
2008250 || ET TROJAN Winspywareprotect.com Fake AV/Anti-Spyware Install Checkin
2008251 || ET TROJAN Winspywareprotect.com Fake AV/Anti-Spyware Secondary Checkin
2008252 || ET MALWARE Suspicious User-Agent (max loader)
2008253 || ET MALWARE Suspicious User-Agent (chek)
2008254 || ET TROJAN Vipdataend/Ceckno C&C Traffic - Checkin
2008255 || ET MALWARE Suspicious User-Agent (IE)
2008256 || ET TROJAN Banload HTTP Checkin Detected (envia.php)
2008257 || ET MALWARE Suspicious User-Agent (Nimo Software HTTP Retriever 1.0)
2008258 || ET TROJAN Hupigon CnC Communication (variant bysj)
2008259 || ET MALWARE Suspicious User-Agent (AutoHotkey)
-> Added to emerging-sid-msg.map.txt (13):
2003657 || ET MALWARE Suspicious User-Agent (MSIE)
2008248 || ET TROJAN Cashout Proxy Bot reg_DST
2008249 || ET TROJAN Knockbot Proxy Checkin
2008250 || ET TROJAN Winspywareprotect.com Fake AV/Anti-Spyware Install Checkin
2008251 || ET TROJAN Winspywareprotect.com Fake AV/Anti-Spyware Secondary Checkin
2008252 || ET MALWARE Suspicious User-Agent (max loader)
2008253 || ET MALWARE Suspicious User-Agent (chek)
2008254 || ET TROJAN Vipdataend/Ceckno C&C Traffic - Checkin
2008255 || ET MALWARE Suspicious User-Agent (IE)
2008256 || ET TROJAN Banload HTTP Checkin Detected (envia.php)
2008257 || ET MALWARE Suspicious User-Agent (Nimo Software HTTP Retriever 1.0)
2008258 || ET TROJAN Hupigon CnC Communication (variant bysj)
2008259 || ET MALWARE Suspicious User-Agent (AutoHotkey)
-> Added to emerging-virus.rules (4):
#by William Salusky of AOL, modified to use httpinspect
#new hupigon variant cnc, at least thats what some of the AVs call it. 1801d4ffb772174c655a5b223fb4d781
#by William Salusky at AOL
#new variation, also called Ceckno now
[---] Removed non-rule lines: [---]
-> Removed from emerging-sid-msg.map (1):
2003657 || ET MALWARE Ibankis.org related Spyware User-Agent (MSIE)
-> Removed from emerging-sid-msg.map.txt (1):
2003657 || ET MALWARE Ibankis.org related Spyware User-Agent (MSIE)
More information about the Emerging-sigs
mailing list