[Emerging-Sigs] Emerging Threats Daily Signature Changes

emerging@emergingthreats.net emerging at emergingthreats.net
Sun Jan 4 16:00:09 EST 2009


[***] Results from Oinkmaster started Sun Jan  4 16:00:09 2009 [***]

[+++]          Added rules:          [+++]

 2008962 - ET WEB_SPECIFIC PHPmyGallery confdir parameter Remote File Inclusion (emerging-web_sql_injection.rules)
 2008972 - ET TROJAN Pointfree.co.kr Trojan/Spyware Infection Checkin (emerging-virus.rules)
 2008973 - ET MALWARE onmuz.com Infection Activity (emerging-virus.rules)
 2008974 - ET MALWARE Suspicious User Agent (User-Agent\: Mozilla/4.0 (compatible)) (emerging-malware.rules)
 2008975 - ET TROJAN HTTP Post with Double Accept header - Likely Trojan Activity (emerging-virus.rules)


[---]         Removed rules:         [---]

 2008982 - ET WEB_SPECIFIC PHPmyGallery confdir parameter Remote File Inclusion (emerging-web_sql_injection.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to emerging-sid-msg.map (33):
        2008962 || ET WEB_SPECIFIC PHPmyGallery confdir parameter Remote File Inclusion || bugtraq,32705 || url,milw0rm.com/exploits/7392
        2008972 || ET TROJAN Pointfree.co.kr Trojan/Spyware Infection Checkin
        2008973 || ET MALWARE onmuz.com Infection Activity
        2008974 || ET MALWARE Suspicious User Agent (User-Agent\: Mozilla/4.0 (compatible))
        2008975 || ET TROJAN HTTP Post with Double Accept header - Likely Trojan Activity
        2404006 || ET DROP Known Bot C&C Server Traffic (group 7)  || url,www.shadowserver.org
        2404007 || ET DROP Known Bot C&C Server Traffic (group 8)  || url,www.shadowserver.org
        2404008 || ET DROP Known Bot C&C Server Traffic (group 9)  || url,www.shadowserver.org
        2404009 || ET DROP Known Bot C&C Server Traffic (group 10)  || url,www.shadowserver.org
        2404010 || ET DROP Known Bot C&C Server Traffic (group 11)  || url,www.shadowserver.org
        2404011 || ET DROP Known Bot C&C Server Traffic (group 12)  || url,www.shadowserver.org
        2404012 || ET DROP Known Bot C&C Server Traffic (group 13)  || url,www.shadowserver.org
        2404013 || ET DROP Known Bot C&C Server Traffic (group 14)  || url,www.shadowserver.org
        2404014 || ET DROP Known Bot C&C Server Traffic (group 15)  || url,www.shadowserver.org
        2404015 || ET DROP Known Bot C&C Server Traffic (group 16)  || url,www.shadowserver.org
        2404016 || ET DROP Known Bot C&C Server Traffic (group 17)  || url,www.shadowserver.org
        2404017 || ET DROP Known Bot C&C Server Traffic (group 18)  || url,www.shadowserver.org
        2405006 || ET DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE || url,www.shadowserver.org
        2405007 || ET DROP Known Bot C&C Traffic (group 8) - BLOCKING SOURCE || url,www.shadowserver.org
        2405008 || ET DROP Known Bot C&C Traffic (group 9) - BLOCKING SOURCE || url,www.shadowserver.org
        2405009 || ET DROP Known Bot C&C Traffic (group 10) - BLOCKING SOURCE || url,www.shadowserver.org
        2405010 || ET DROP Known Bot C&C Traffic (group 11) - BLOCKING SOURCE || url,www.shadowserver.org
        2405011 || ET DROP Known Bot C&C Traffic (group 12) - BLOCKING SOURCE || url,www.shadowserver.org
        2405012 || ET DROP Known Bot C&C Traffic (group 13) - BLOCKING SOURCE || url,www.shadowserver.org
        2405013 || ET DROP Known Bot C&C Traffic (group 14) - BLOCKING SOURCE || url,www.shadowserver.org
        2405014 || ET DROP Known Bot C&C Traffic (group 15) - BLOCKING SOURCE || url,www.shadowserver.org
        2405015 || ET DROP Known Bot C&C Traffic (group 16) - BLOCKING SOURCE || url,www.shadowserver.org
        2405016 || ET DROP Known Bot C&C Traffic (group 17) - BLOCKING SOURCE || url,www.shadowserver.org
        2405017 || ET DROP Known Bot C&C Traffic (group 18) - BLOCKING SOURCE || url,www.shadowserver.org
        2500065 || ET COMPROMISED Known Compromised or Hostile Host Traffic (66) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500066 || ET COMPROMISED Known Compromised or Hostile Host Traffic (67) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510065 || ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (66) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510066 || ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (67) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts

     -> Added to emerging-sid-msg.map.txt (33):
        2008962 || ET WEB_SPECIFIC PHPmyGallery confdir parameter Remote File Inclusion || bugtraq,32705 || url,milw0rm.com/exploits/7392
        2008972 || ET TROJAN Pointfree.co.kr Trojan/Spyware Infection Checkin
        2008973 || ET MALWARE onmuz.com Infection Activity
        2008974 || ET MALWARE Suspicious User Agent (User-Agent\: Mozilla/4.0 (compatible))
        2008975 || ET TROJAN HTTP Post with Double Accept header - Likely Trojan Activity
        2404006 || ET DROP Known Bot C&C Server Traffic (group 7)  || url,www.shadowserver.org
        2404007 || ET DROP Known Bot C&C Server Traffic (group 8)  || url,www.shadowserver.org
        2404008 || ET DROP Known Bot C&C Server Traffic (group 9)  || url,www.shadowserver.org
        2404009 || ET DROP Known Bot C&C Server Traffic (group 10)  || url,www.shadowserver.org
        2404010 || ET DROP Known Bot C&C Server Traffic (group 11)  || url,www.shadowserver.org
        2404011 || ET DROP Known Bot C&C Server Traffic (group 12)  || url,www.shadowserver.org
        2404012 || ET DROP Known Bot C&C Server Traffic (group 13)  || url,www.shadowserver.org
        2404013 || ET DROP Known Bot C&C Server Traffic (group 14)  || url,www.shadowserver.org
        2404014 || ET DROP Known Bot C&C Server Traffic (group 15)  || url,www.shadowserver.org
        2404015 || ET DROP Known Bot C&C Server Traffic (group 16)  || url,www.shadowserver.org
        2404016 || ET DROP Known Bot C&C Server Traffic (group 17)  || url,www.shadowserver.org
        2404017 || ET DROP Known Bot C&C Server Traffic (group 18)  || url,www.shadowserver.org
        2405006 || ET DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE || url,www.shadowserver.org
        2405007 || ET DROP Known Bot C&C Traffic (group 8) - BLOCKING SOURCE || url,www.shadowserver.org
        2405008 || ET DROP Known Bot C&C Traffic (group 9) - BLOCKING SOURCE || url,www.shadowserver.org
        2405009 || ET DROP Known Bot C&C Traffic (group 10) - BLOCKING SOURCE || url,www.shadowserver.org
        2405010 || ET DROP Known Bot C&C Traffic (group 11) - BLOCKING SOURCE || url,www.shadowserver.org
        2405011 || ET DROP Known Bot C&C Traffic (group 12) - BLOCKING SOURCE || url,www.shadowserver.org
        2405012 || ET DROP Known Bot C&C Traffic (group 13) - BLOCKING SOURCE || url,www.shadowserver.org
        2405013 || ET DROP Known Bot C&C Traffic (group 14) - BLOCKING SOURCE || url,www.shadowserver.org
        2405014 || ET DROP Known Bot C&C Traffic (group 15) - BLOCKING SOURCE || url,www.shadowserver.org
        2405015 || ET DROP Known Bot C&C Traffic (group 16) - BLOCKING SOURCE || url,www.shadowserver.org
        2405016 || ET DROP Known Bot C&C Traffic (group 17) - BLOCKING SOURCE || url,www.shadowserver.org
        2405017 || ET DROP Known Bot C&C Traffic (group 18) - BLOCKING SOURCE || url,www.shadowserver.org
        2500065 || ET COMPROMISED Known Compromised or Hostile Host Traffic (66) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500066 || ET COMPROMISED Known Compromised or Hostile Host Traffic (67) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510065 || ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (66) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510066 || ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (67) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts

     -> Added to emerging-virus.rules (1):
        #by victort julien

[---]     Removed non-rule lines:    [---]

     -> Removed from emerging-sid-msg.map (1):
        2008982 || ET WEB_SPECIFIC PHPmyGallery confdir parameter Remote File Inclusion || bugtraq,32705 || url,milw0rm.com/exploits/7392

     -> Removed from emerging-sid-msg.map.txt (1):
        2008982 || ET WEB_SPECIFIC PHPmyGallery confdir parameter Remote File Inclusion || bugtraq,32705 || url,milw0rm.com/exploits/7392



More information about the Emerging-sigs mailing list