[Emerging-Sigs] Emerging Threats Daily Signature Changes

emerging@emergingthreats.net emerging at emergingthreats.net
Fri May 30 17:00:08 EDT 2008 

[***] Results from Oinkmaster started Fri May 30 17:00:08 2008 [***]

[+++]          Added rules:          [+++]

 2008269 - ET TROJAN Emogen Infection Checkin Initial Packet (emerging-virus.rules)
 2008270 - ET TROJAN Emogen Infection Checkin CnC Keepalive (emerging-virus.rules)
 2008271 - ET TROJAN DMSpammer HTTP Post Checkin (1) (emerging-virus.rules)
 2008272 - ET TROJAN DMSpammer HTTP Post Checkin (2) (emerging-virus.rules)
 2008273 - ET TROJAN Bifrose Connect to Controller (emerging-virus.rules)
 2008274 - ET TROJAN Bifrose Response from Controller (emerging-virus.rules)
 2008275 - ET TROJAN Hitpop Checkin (emerging-virus.rules)
 2008276 - ET MALWARE Suspicious User-Agent (contains loader) (emerging-malware.rules)


[///]     Modified active rules:     [///]

 2008085 - ET MALWARE Alexa Search Toolbar User-Agent 2 (Alexa Toolbar) (emerging-malware.rules)
 2008263 - ET TROJAN DNS Changer HTTP Post Checkin (emerging-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to emerging-sid-msg.map (8):
        2008269 || ET TROJAN Emogen Infection Checkin Initial Packet
        2008270 || ET TROJAN Emogen Infection Checkin CnC Keepalive
        2008271 || ET TROJAN DMSpammer HTTP Post Checkin (1)
        2008272 || ET TROJAN DMSpammer HTTP Post Checkin (2)
        2008273 || ET TROJAN Bifrose Connect to Controller
        2008274 || ET TROJAN Bifrose Response from Controller
        2008275 || ET TROJAN Hitpop Checkin
        2008276 || ET MALWARE Suspicious User-Agent (contains loader)

     -> Added to emerging-sid-msg.map.txt (8):
        2008269 || ET TROJAN Emogen Infection Checkin Initial Packet
        2008270 || ET TROJAN Emogen Infection Checkin CnC Keepalive
        2008271 || ET TROJAN DMSpammer HTTP Post Checkin (1)
        2008272 || ET TROJAN DMSpammer HTTP Post Checkin (2)
        2008273 || ET TROJAN Bifrose Connect to Controller
        2008274 || ET TROJAN Bifrose Response from Controller
        2008275 || ET TROJAN Hitpop Checkin
        2008276 || ET MALWARE Suspicious User-Agent (contains loader)

     -> Added to emerging-virus.rules (2):
        #by deapesh misra
        #another one. Fortinet calls it emogen, others call it a dropper

More information about the Emerging-sigs mailing list