[Emerging-Sigs] Emerging Threats Daily Signature Changes

emerging@emergingthreats.net emerging at emergingthreats.net
Mon Jan 12 16:00:09 EST 2009


[***] Results from Oinkmaster started Mon Jan 12 16:00:09 2009 [***]

[+++]          Added rules:          [+++]

 2009005 - ET TROJAN Simbar Spyware/Trojan User-Agent Detected (emerging-virus.rules)
 2009006 - ET CURRENT_EVENTS Unknown Roundcube Vulnerability Exploit Attempt 1 (emerging.rules)
 2009007 - ET CURRENT_EVENTS Unknown Roundcube Vulnerability Exploit Attempt 2 (emerging.rules)
 2009008 - ET CURRENT_EVENTS Unknown Roundcube Vulnerability Exploit Attempt 3 (emerging.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to emerging-sid-msg.map (8):
        2009005 || ET TROJAN Simbar Spyware/Trojan User-Agent Detected || url,vil.nai.com/vil/content/v_131206.htm || url,research.sunbelt-software.com/threatdisplay.aspx?name=AdWare.Win32.Simbar.a&threatid=427805
        2009006 || ET CURRENT_EVENTS Unknown Roundcube Vulnerability Exploit Attempt 1 || url,isc.sans.org/diary.html?storyid=5599
        2009007 || ET CURRENT_EVENTS Unknown Roundcube Vulnerability Exploit Attempt 2 || url,isc.sans.org/diary.html?storyid=5599
        2009008 || ET CURRENT_EVENTS Unknown Roundcube Vulnerability Exploit Attempt 3 || url,isc.sans.org/diary.html?storyid=5599
        2404017 || ET DROP Known Bot C&C Server Traffic (group 18)  || url,www.shadowserver.org
        2404018 || ET DROP Known Bot C&C Server Traffic (group 19)  || url,www.shadowserver.org
        2405017 || ET DROP Known Bot C&C Traffic (group 18) - BLOCKING SOURCE || url,www.shadowserver.org
        2405018 || ET DROP Known Bot C&C Traffic (group 19) - BLOCKING SOURCE || url,www.shadowserver.org

     -> Added to emerging-sid-msg.map.txt (8):
        2009005 || ET TROJAN Simbar Spyware/Trojan User-Agent Detected || url,vil.nai.com/vil/content/v_131206.htm || url,research.sunbelt-software.com/threatdisplay.aspx?name=AdWare.Win32.Simbar.a&threatid=427805
        2009006 || ET CURRENT_EVENTS Unknown Roundcube Vulnerability Exploit Attempt 1 || url,isc.sans.org/diary.html?storyid=5599
        2009007 || ET CURRENT_EVENTS Unknown Roundcube Vulnerability Exploit Attempt 2 || url,isc.sans.org/diary.html?storyid=5599
        2009008 || ET CURRENT_EVENTS Unknown Roundcube Vulnerability Exploit Attempt 3 || url,isc.sans.org/diary.html?storyid=5599
        2404017 || ET DROP Known Bot C&C Server Traffic (group 18)  || url,www.shadowserver.org
        2404018 || ET DROP Known Bot C&C Server Traffic (group 19)  || url,www.shadowserver.org
        2405017 || ET DROP Known Bot C&C Traffic (group 18) - BLOCKING SOURCE || url,www.shadowserver.org
        2405018 || ET DROP Known Bot C&C Traffic (group 19) - BLOCKING SOURCE || url,www.shadowserver.org

     -> Added to emerging-virus.rules (1):
        #by RPG



More information about the Emerging-sigs mailing list