[Emerging-Sigs] Emerging Threats Daily Signature Changes

emerging@emergingthreats.net emerging at emergingthreats.net
Fri Jan 9 16:00:09 EST 2009


[***] Results from Oinkmaster started Fri Jan  9 16:00:09 2009 [***]

[+++]          Added rules:          [+++]

 2009002 - ET WEB_ACTIVEX Phoenician Casino FlashAX ActiveX Control Remote Buffer Overflow (emerging-web.rules)
 2009003 - ET TROJAN Win32/Korklic.A (emerging-virus.rules)
 2009004 - ET POLICY Login Credentials Possibly Passed in POST Data (emerging-policy.rules)


[///]     Modified active rules:     [///]

 2008975 - ET TROJAN Malformed Double Accept header - Likely Trojan-PWS.Win32.QQPass (emerging-virus.rules)
 2008998 - ET WEB_SPECIFIC EvimGibi Pro Resim Galerisi kat_id parameter SQL Injection (emerging-web_sql_injection.rules)
 2009001 - ET POLICY Login Credentials Possibly Passed in URI (emerging-policy.rules)


[---]         Removed rules:         [---]

  200900 - ET WEB_ACTIVEX Phoenician Casino FlashAX ActiveX Control Remote Buffer Overflow (emerging-web.rules)
 2008844 - ET TROJAN Mydoom.O at mm HTTP Checkin (emerging-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to emerging-policy.rules (1):
        #disabled by default for possiblity of false positives. Use only if needed

     -> Added to emerging-sid-msg.map (7):
        2008975 || ET TROJAN Malformed Double Accept header - Likely Trojan-PWS.Win32.QQPass
        2008998 || ET WEB_SPECIFIC EvimGibi Pro Resim Galerisi kat_id parameter SQL Injection || url,packetstorm.linuxsecurity.com/0812-exploits/evimgibi-sql.txt || url,secunia.com/advisories/33199/
        2009002 || ET WEB_ACTIVEX Phoenician Casino FlashAX ActiveX Control Remote Buffer Overflow || url,www.milw0rm.com/exploits/7505 || bugtraq,32901
        2009003 || ET TROJAN Win32/Korklic.A
        2009004 || ET POLICY Login Credentials Possibly Passed in POST Data
        2500074 || ET COMPROMISED Known Compromised or Hostile Host Traffic (75) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510074 || ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (75) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts

     -> Added to emerging-sid-msg.map.txt (7):
        2008975 || ET TROJAN Malformed Double Accept header - Likely Trojan-PWS.Win32.QQPass
        2008998 || ET WEB_SPECIFIC EvimGibi Pro Resim Galerisi kat_id parameter SQL Injection || url,packetstorm.linuxsecurity.com/0812-exploits/evimgibi-sql.txt || url,secunia.com/advisories/33199/
        2009002 || ET WEB_ACTIVEX Phoenician Casino FlashAX ActiveX Control Remote Buffer Overflow || url,www.milw0rm.com/exploits/7505 || bugtraq,32901
        2009003 || ET TROJAN Win32/Korklic.A
        2009004 || ET POLICY Login Credentials Possibly Passed in POST Data
        2500074 || ET COMPROMISED Known Compromised or Hostile Host Traffic (75) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510074 || ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (75) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts

     -> Added to emerging-virus.rules (1):
        #by pedro Marinho

[---]     Removed non-rule lines:    [---]

     -> Removed from emerging-sid-msg.map (4):
        200900 || ET WEB_ACTIVEX Phoenician Casino FlashAX ActiveX Control Remote Buffer Overflow || url,www.milw0rm.com/exploits/7505 || bugtraq,32901
        2008844 || ET TROJAN Mydoom.O at mm HTTP Checkin
        2008975 || ET TROJAN HTTP Post with Double Accept header - Likely Trojan Activity
        2008998 || ET WEB_SPECIFIC  EvimGibi Pro Resim Galerisi kat_id parameter SQL Injection || url,packetstorm.linuxsecurity.com/0812-exploits/evimgibi-sql.txt || url,secunia.com/advisories/33199/

     -> Removed from emerging-sid-msg.map.txt (4):
        200900 || ET WEB_ACTIVEX Phoenician Casino FlashAX ActiveX Control Remote Buffer Overflow || url,www.milw0rm.com/exploits/7505 || bugtraq,32901
        2008844 || ET TROJAN Mydoom.O at mm HTTP Checkin
        2008975 || ET TROJAN HTTP Post with Double Accept header - Likely Trojan Activity
        2008998 || ET WEB_SPECIFIC  EvimGibi Pro Resim Galerisi kat_id parameter SQL Injection || url,packetstorm.linuxsecurity.com/0812-exploits/evimgibi-sql.txt || url,secunia.com/advisories/33199/



More information about the Emerging-sigs mailing list