[Emerging-Sigs] Emerging Threats Daily Signature Changes

emerging@emergingthreats.net emerging at emergingthreats.net
Sat Jan 24 16:00:09 EST 2009


[***] Results from Oinkmaster started Sat Jan 24 16:00:09 2009 [***]

[+++]          Added rules:          [+++]

 2009038 - ET SCAN SQLNinja MSSQL Version Scan (emerging-scan.rules)
 2009039 - ET SCAN SQLNinja MSSQL XPCmdShell Scan (emerging-scan.rules)
 2009040 - ET SCAN SQLNinja MSSQL User Scan (emerging-scan.rules)
 2009041 - ET SCAN SQLNinja MSSQL Database User Rights Scan (emerging-scan.rules)
 2009042 - ET SCAN SQLNinja MSSQL Authentication Mode Scan (emerging-scan.rules)
 2009043 - ET SCAN SQLNinja Attempt To Recreate xp_cmdshell Using sp_configure (emerging-scan.rules)
 2009044 - ET SCAN SQLNinja Attempt To Create xp_cmdshell Session (emerging-scan.rules)


[///]     Modified active rules:     [///]

 2002887 - ET EXPLOIT SYS get_domain_index_tables Access (emerging-exploit.rules)
 2003937 - ET TROJAN Bandook iwebho/BBB-phish trojan leaking user data (emerging-virus.rules)
 2008665 - ET TROJAN Zbot/Zeus or Related Infection Checkin (emerging-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to emerging-scan.rules (1):
        #by kevin ross

     -> Added to emerging-sid-msg.map (10):
        2008665 || ET TROJAN Zbot/Zeus or Related Infection Checkin
        2009038 || ET SCAN SQLNinja MSSQL Version Scan || url,sqlninja.sourceforge.net/index.html
        2009039 || ET SCAN SQLNinja MSSQL XPCmdShell Scan || url,sqlninja.sourceforge.net/index.html
        2009040 || ET SCAN SQLNinja MSSQL User Scan || url,sqlninja.sourceforge.net/index.html
        2009041 || ET SCAN SQLNinja MSSQL Database User Rights Scan || url,sqlninja.sourceforge.net/index.html
        2009042 || ET SCAN SQLNinja MSSQL Authentication Mode Scan || url,sqlninja.sourceforge.net/index.html
        2009043 || ET SCAN SQLNinja Attempt To Recreate xp_cmdshell Using sp_configure || url,sqlninja.sourceforge.net/index.html
        2009044 || ET SCAN SQLNinja Attempt To Create xp_cmdshell Session || url,sqlninja.sourceforge.net/index.html
        2404019 || ET DROP Known Bot C&C Server Traffic (group 20)  || url,www.shadowserver.org
        2405019 || ET DROP Known Bot C&C Traffic (group 20) - BLOCKING SOURCE || url,www.shadowserver.org

     -> Added to emerging-sid-msg.map.txt (10):
        2008665 || ET TROJAN Zbot/Zeus or Related Infection Checkin
        2009038 || ET SCAN SQLNinja MSSQL Version Scan || url,sqlninja.sourceforge.net/index.html
        2009039 || ET SCAN SQLNinja MSSQL XPCmdShell Scan || url,sqlninja.sourceforge.net/index.html
        2009040 || ET SCAN SQLNinja MSSQL User Scan || url,sqlninja.sourceforge.net/index.html
        2009041 || ET SCAN SQLNinja MSSQL Database User Rights Scan || url,sqlninja.sourceforge.net/index.html
        2009042 || ET SCAN SQLNinja MSSQL Authentication Mode Scan || url,sqlninja.sourceforge.net/index.html
        2009043 || ET SCAN SQLNinja Attempt To Recreate xp_cmdshell Using sp_configure || url,sqlninja.sourceforge.net/index.html
        2009044 || ET SCAN SQLNinja Attempt To Create xp_cmdshell Session || url,sqlninja.sourceforge.net/index.html
        2404019 || ET DROP Known Bot C&C Server Traffic (group 20)  || url,www.shadowserver.org
        2405019 || ET DROP Known Bot C&C Traffic (group 20) - BLOCKING SOURCE || url,www.shadowserver.org

[---]     Removed non-rule lines:    [---]

     -> Removed from emerging-sid-msg.map (1):
        2008665 || ET TROJAN Obfiscator.vc or Related Infection Checkin

     -> Removed from emerging-sid-msg.map.txt (1):
        2008665 || ET TROJAN Obfiscator.vc or Related Infection Checkin



More information about the Emerging-sigs mailing list