[Emerging-Sigs] Emerging Threats Daily Signature Changes

emerging@emergingthreats.net emerging at emergingthreats.net
Thu Jan 1 16:00:09 EST 2009


[***] Results from Oinkmaster started Thu Jan  1 16:00:09 2009 [***]

[///]     Modified active rules:     [///]

 2008802 - ET CURRENT_EVENTS Possible Downadup/Conficker-A Worm Activity (emerging.rules)
 2008803 - ET CURRENT_EVENTS Possible Downadup/Conficker-A Infection Checking Geographical Location (emerging.rules)
 2008804 - ET CURRENT_EVENTS Downadup/Conficker-A Worm Download Attempt From Dates 25/11-01/12 2008 (emerging.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to emerging-sid-msg.map (7):
        2008802 || ET CURRENT_EVENTS Possible Downadup/Conficker-A Worm Activity || url,www.f-secure.com/v-descs/worm_w32_downadup_a.shtml || url,www.microsoft.com/security/portal/Entry.aspx?Name=Worm%3aWin32%2fConficker.A
        2008803 || ET CURRENT_EVENTS Possible Downadup/Conficker-A Infection Checking Geographical Location || url,www.f-secure.com/v-descs/worm_w32_downadup_a.shtml || url,www.microsoft.com/security/portal/Entry.aspx?Name=Worm%3aWin32%2fConficker.A
        2008804 || ET CURRENT_EVENTS Downadup/Conficker-A Worm Download Attempt From Dates 25/11-01/12 2008 || url,www.f-secure.com/v-descs/worm_w32_downadup_a.shtml || url,www.microsoft.com/security/portal/Entry.aspx?Name=Worm%3aWin32%2fConficker.A
        2500061 || ET COMPROMISED Known Compromised or Hostile Host Traffic (62) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500062 || ET COMPROMISED Known Compromised or Hostile Host Traffic (63) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510061 || ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (62) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510062 || ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (63) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts

     -> Added to emerging-sid-msg.map.txt (7):
        2008802 || ET CURRENT_EVENTS Possible Downadup/Conficker-A Worm Activity || url,www.f-secure.com/v-descs/worm_w32_downadup_a.shtml || url,www.microsoft.com/security/portal/Entry.aspx?Name=Worm%3aWin32%2fConficker.A
        2008803 || ET CURRENT_EVENTS Possible Downadup/Conficker-A Infection Checking Geographical Location || url,www.f-secure.com/v-descs/worm_w32_downadup_a.shtml || url,www.microsoft.com/security/portal/Entry.aspx?Name=Worm%3aWin32%2fConficker.A
        2008804 || ET CURRENT_EVENTS Downadup/Conficker-A Worm Download Attempt From Dates 25/11-01/12 2008 || url,www.f-secure.com/v-descs/worm_w32_downadup_a.shtml || url,www.microsoft.com/security/portal/Entry.aspx?Name=Worm%3aWin32%2fConficker.A
        2500061 || ET COMPROMISED Known Compromised or Hostile Host Traffic (62) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500062 || ET COMPROMISED Known Compromised or Hostile Host Traffic (63) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510061 || ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (62) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510062 || ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (63) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts

[---]     Removed non-rule lines:    [---]

     -> Removed from emerging-sid-msg.map (3):
        2008802 || ET CURRENT_EVENTS Possible Downaup/Conficker-A Worm Activity || url,www.f-secure.com/v-descs/worm_w32_downadup_a.shtml || url,www.microsoft.com/security/portal/Entry.aspx?Name=Worm%3aWin32%2fConficker.A
        2008803 || ET CURRENT_EVENTS Possible Downaup/Conficker-A Infection Checking Geographical Location || url,www.f-secure.com/v-descs/worm_w32_downadup_a.shtml || url,www.microsoft.com/security/portal/Entry.aspx?Name=Worm%3aWin32%2fConficker.A
        2008804 || ET CURRENT_EVENTS Downaup/Conficker-A Worm Download Attempt From Dates 25/11-01/12 2008 || url,www.f-secure.com/v-descs/worm_w32_downadup_a.shtml || url,www.microsoft.com/security/portal/Entry.aspx?Name=Worm%3aWin32%2fConficker.A

     -> Removed from emerging-sid-msg.map.txt (3):
        2008802 || ET CURRENT_EVENTS Possible Downaup/Conficker-A Worm Activity || url,www.f-secure.com/v-descs/worm_w32_downadup_a.shtml || url,www.microsoft.com/security/portal/Entry.aspx?Name=Worm%3aWin32%2fConficker.A
        2008803 || ET CURRENT_EVENTS Possible Downaup/Conficker-A Infection Checking Geographical Location || url,www.f-secure.com/v-descs/worm_w32_downadup_a.shtml || url,www.microsoft.com/security/portal/Entry.aspx?Name=Worm%3aWin32%2fConficker.A
        2008804 || ET CURRENT_EVENTS Downaup/Conficker-A Worm Download Attempt From Dates 25/11-01/12 2008 || url,www.f-secure.com/v-descs/worm_w32_downadup_a.shtml || url,www.microsoft.com/security/portal/Entry.aspx?Name=Worm%3aWin32%2fConficker.A



More information about the Emerging-sigs mailing list