[Emerging-Sigs] Emerging Threats Daily Signature Changes

emerging@emergingthreats.net emerging at emergingthreats.net
Thu Jan 15 16:00:08 EST 2009


[***] Results from Oinkmaster started Thu Jan 15 16:00:08 2009 [***]

[+++]          Added rules:          [+++]

 2009009 - ET WEB_SPECIFIC ClaSS export.php ftype parameter Information Disclosure (emerging-web_sql_injection.rules)
 2009010 - ET WEB_SPECIFIC Wordpress Plugin Page Flip Image Gallery getConfig.php book_id parameter Remote File Disclosure (emerging-web_sql_injection.rules)
 2009011 - ET WEB_SPECIFIC Rematic CMS referenzdetail.php id parameter SQL Injection (emerging-web_sql_injection.rules)
 2009012 - ET WEB_SPECIFIC Rematic CMS produkte.php id parameter SQL Injection (emerging-web_sql_injection.rules)
 2009013 - ET WEB_SPECIFIC WebPhotoPro art.php idm Parameter SQL Injection (emerging-web_sql_injection.rules)
 2009014 - ET WEB_SPECIFIC WebPhotoPro rub.php idr Parameter SQL Injection (emerging-web_sql_injection.rules)
 2009015 - ET WEB_SPECIFIC WebPhotoPro galeri_info.php ida Parameter SQL Injection (emerging-web_sql_injection.rules)
 2009016 - ET WEB_SPECIFIC WebPhotoPro galeri_info.php lang Parameter SQL Injection (emerging-web_sql_injection.rules)
 2009017 - ET WEB_SPECIFIC WebPhotoPro rubrika.php idr Parameter SQL Injection (emerging-web_sql_injection.rules)
 2009018 - ET WEB_SPECIFIC Text Lines Rearrange Script filename parameter File Disclosure (emerging-web_sql_injection.rules)
 2009019 - ET TROJAN VMProtect Demo version Packed Binary - Likely Hostile (emerging-virus.rules)
 2009020 - ET POLICY Internal Host Retrieving External IP via ipchicken.com - Possible Infection (emerging-policy.rules)
 2009021 - ET MALWARE Suspicious User Agent (IE_6.0) (emerging-malware.rules)


[///]     Modified active rules:     [///]

 2008940 - ET TROJAN DNSChanger.AT or related Infection Checkin Post (emerging-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to emerging-sid-msg.map (13):
        2009009 || ET WEB_SPECIFIC ClaSS export.php ftype parameter Information Disclosure || bugtraq,32929 || url,secunia.com/advisories/33222
        2009010 || ET WEB_SPECIFIC Wordpress Plugin Page Flip Image Gallery getConfig.php book_id parameter Remote File Disclosure || bugtraq,32966 || url,www.milw0rm.com/exploits/7543
        2009011 || ET WEB_SPECIFIC Rematic CMS referenzdetail.php id parameter SQL Injection || url,milw0rm.com/exploits/7502 || url,secunia.com/advisories/33208/
        2009012 || ET WEB_SPECIFIC Rematic CMS produkte.php id parameter SQL Injection || url,milw0rm.com/exploits/7502 || url,secunia.com/advisories/33208/
        2009013 || ET WEB_SPECIFIC WebPhotoPro art.php idm Parameter SQL Injection || url,packetstormsecurity.org/0808-exploits/webphotopro-sql.txt || bugtraq,32829
        2009014 || ET WEB_SPECIFIC WebPhotoPro rub.php idr Parameter SQL Injection || url,packetstormsecurity.org/0808-exploits/webphotopro-sql.txt || bugtraq,32829
        2009015 || ET WEB_SPECIFIC WebPhotoPro galeri_info.php ida Parameter SQL Injection || url,packetstormsecurity.org/0808-exploits/webphotopro-sql.txt || bugtraq,32829
        2009016 || ET WEB_SPECIFIC WebPhotoPro galeri_info.php lang Parameter SQL Injection || url,packetstormsecurity.org/0808-exploits/webphotopro-sql.txt || bugtraq,32829
        2009017 || ET WEB_SPECIFIC WebPhotoPro rubrika.php idr Parameter SQL Injection || url,packetstormsecurity.org/0808-exploits/webphotopro-sql.txt || bugtraq,32829
        2009018 || ET WEB_SPECIFIC Text Lines Rearrange Script filename parameter File Disclosure || url,milw0rm.com/exploits/7542 || url,securityfocus.com/bid/32968
        2009019 || ET TROJAN VMProtect Demo version Packed Binary - Likely Hostile || url,www.packetninjas.net || url,www.vmprotect.ru
        2009020 || ET POLICY Internal Host Retrieving External IP via ipchicken.com - Possible Infection
        2009021 || ET MALWARE Suspicious User Agent (IE_6.0) || url,www.bitdefender.com/VIRUS-1000328-en--Trojan.Pws.Wow.NCY.html

     -> Added to emerging-sid-msg.map.txt (13):
        2009009 || ET WEB_SPECIFIC ClaSS export.php ftype parameter Information Disclosure || bugtraq,32929 || url,secunia.com/advisories/33222
        2009010 || ET WEB_SPECIFIC Wordpress Plugin Page Flip Image Gallery getConfig.php book_id parameter Remote File Disclosure || bugtraq,32966 || url,www.milw0rm.com/exploits/7543
        2009011 || ET WEB_SPECIFIC Rematic CMS referenzdetail.php id parameter SQL Injection || url,milw0rm.com/exploits/7502 || url,secunia.com/advisories/33208/
        2009012 || ET WEB_SPECIFIC Rematic CMS produkte.php id parameter SQL Injection || url,milw0rm.com/exploits/7502 || url,secunia.com/advisories/33208/
        2009013 || ET WEB_SPECIFIC WebPhotoPro art.php idm Parameter SQL Injection || url,packetstormsecurity.org/0808-exploits/webphotopro-sql.txt || bugtraq,32829
        2009014 || ET WEB_SPECIFIC WebPhotoPro rub.php idr Parameter SQL Injection || url,packetstormsecurity.org/0808-exploits/webphotopro-sql.txt || bugtraq,32829
        2009015 || ET WEB_SPECIFIC WebPhotoPro galeri_info.php ida Parameter SQL Injection || url,packetstormsecurity.org/0808-exploits/webphotopro-sql.txt || bugtraq,32829
        2009016 || ET WEB_SPECIFIC WebPhotoPro galeri_info.php lang Parameter SQL Injection || url,packetstormsecurity.org/0808-exploits/webphotopro-sql.txt || bugtraq,32829
        2009017 || ET WEB_SPECIFIC WebPhotoPro rubrika.php idr Parameter SQL Injection || url,packetstormsecurity.org/0808-exploits/webphotopro-sql.txt || bugtraq,32829
        2009018 || ET WEB_SPECIFIC Text Lines Rearrange Script filename parameter File Disclosure || url,milw0rm.com/exploits/7542 || url,securityfocus.com/bid/32968
        2009019 || ET TROJAN VMProtect Demo version Packed Binary - Likely Hostile || url,www.packetninjas.net || url,www.vmprotect.ru
        2009020 || ET POLICY Internal Host Retrieving External IP via ipchicken.com - Possible Infection
        2009021 || ET MALWARE Suspicious User Agent (IE_6.0) || url,www.bitdefender.com/VIRUS-1000328-en--Trojan.Pws.Wow.NCY.html

     -> Added to emerging-web_sql_injection.rules (1):
        # From StillSecure

[---]     Removed non-rule lines:    [---]

     -> Removed from emerging-sid-msg.map (2):
        2404018 || ET DROP Known Bot C&C Server Traffic (group 19)  || url,www.shadowserver.org
        2405018 || ET DROP Known Bot C&C Traffic (group 19) - BLOCKING SOURCE || url,www.shadowserver.org

     -> Removed from emerging-sid-msg.map.txt (2):
        2404018 || ET DROP Known Bot C&C Server Traffic (group 19)  || url,www.shadowserver.org
        2405018 || ET DROP Known Bot C&C Traffic (group 19) - BLOCKING SOURCE || url,www.shadowserver.org



More information about the Emerging-sigs mailing list