[Emerging-Sigs] Emerging Threats Daily Signature Changes

emerging@emergingthreats.net emerging at emergingthreats.net
Fri Jan 16 16:00:09 EST 2009


[***] Results from Oinkmaster started Fri Jan 16 16:00:09 2009 [***]

[+++]          Added rules:          [+++]

 2009005 - ET MALWARE Simbar Spyware User-Agent Detected (emerging-malware.rules)


[---]         Removed rules:         [---]

 2009005 - ET TROJAN Simbar Spyware/Trojan User-Agent Detected (emerging-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to emerging-malware.rules (1):
        #by RPG

     -> Added to emerging-sid-msg.map (3):
        2009005 || ET MALWARE Simbar Spyware User-Agent Detected || url,vil.nai.com/vil/content/v_131206.htm || url,research.sunbelt-software.com/threatdisplay.aspx?name=AdWare.Win32.Simbar.a&threatid=427805
        2404018 || ET DROP Known Bot C&C Server Traffic (group 19)  || url,www.shadowserver.org
        2405018 || ET DROP Known Bot C&C Traffic (group 19) - BLOCKING SOURCE || url,www.shadowserver.org

     -> Added to emerging-sid-msg.map.txt (3):
        2009005 || ET MALWARE Simbar Spyware User-Agent Detected || url,vil.nai.com/vil/content/v_131206.htm || url,research.sunbelt-software.com/threatdisplay.aspx?name=AdWare.Win32.Simbar.a&threatid=427805
        2404018 || ET DROP Known Bot C&C Server Traffic (group 19)  || url,www.shadowserver.org
        2405018 || ET DROP Known Bot C&C Traffic (group 19) - BLOCKING SOURCE || url,www.shadowserver.org

[---]     Removed non-rule lines:    [---]

     -> Removed from emerging-sid-msg.map (1):
        2009005 || ET TROJAN Simbar Spyware/Trojan User-Agent Detected || url,vil.nai.com/vil/content/v_131206.htm || url,research.sunbelt-software.com/threatdisplay.aspx?name=AdWare.Win32.Simbar.a&threatid=427805

     -> Removed from emerging-sid-msg.map.txt (1):
        2009005 || ET TROJAN Simbar Spyware/Trojan User-Agent Detected || url,vil.nai.com/vil/content/v_131206.htm || url,research.sunbelt-software.com/threatdisplay.aspx?name=AdWare.Win32.Simbar.a&threatid=427805

     -> Removed from emerging-virus.rules (1):
        #by RPG



More information about the Emerging-sigs mailing list