[Emerging-Sigs] Emerging Threats Weekly Signature Changes
emerging@emergingthreats.net
emerging at emergingthreats.net
Sat Feb 6 18:00:14 EST 2010
[***] Results from Oinkmaster started Sat Feb 6 18:00:14 2010 [***]
[+++] Added rules: [+++]
2010745 - ET WEB_SPECIFIC_APPS SoftArtisans XFile FileManager ActiveX stack overfow Function call Attempt (emerging-web_specific_apps.rules)
2010746 - ET WEB_SPECIFIC_APPS SoftArtisans XFile FileManager ActiveX Buildpath method stack overflow Attempt (emerging-web_specific_apps.rules)
2010747 - ET WEB_SPECIFIC_APPS SoftArtisans XFile FileManager ActiveX GetDriveName method stack overflow Attempt (emerging-web_specific_apps.rules)
2010748 - ET WEB_SPECIFIC_APPS SoftArtisans XFile FileManager ActiveX DriveExists method stack overflow Attempt (emerging-web_specific_apps.rules)
2010749 - ET WEB_SPECIFIC_APPS SoftArtisans XFile FileManager ActiveX DeleteFile method stack overflow Attempt (emerging-web_specific_apps.rules)
2010750 - ET WEB_SPECIFIC_APPS Joomla com_musicgallery Component Id Parameter SELECT FROM SQL Injection Attempt (emerging-web_specific_apps.rules)
2010751 - ET WEB_SPECIFIC_APPS Joomla com_musicgallery Component Id Parameter DELETE FROM SQL Injection Attempt (emerging-web_specific_apps.rules)
2010752 - ET WEB_SPECIFIC_APPS Joomla com_musicgallery Component Id Parameter UNION SELECT SQL Injection Attempt (emerging-web_specific_apps.rules)
2010753 - ET WEB_SPECIFIC_APPS Joomla com_musicgallery Component Id Parameter INSERT INTO SQL Injection Attempt (emerging-web_specific_apps.rules)
2010754 - ET WEB_SPECIFIC_APPS Joomla com_musicgallery Component Id Parameter UPDATE SET SQL Injection Attempt (emerging-web_specific_apps.rules)
2010755 - ET DOS IBM DB2 kuddb2 Remote Denial of Service Attempt (emerging-dos.rules)
2010756 - ET TROJAN Sasfis Botnet Client Reporting Back to Controller After Command Execution (emerging-virus.rules)
2010757 - ET WEB_CLIENT VLC Media Player Aegisub Advanced SubStation (.ass) File Request flowbit set (emerging-web_client.rules)
2010758 - ET WEB_CLIENT VLC Media Player .ass File Buffer Overflow Attempt (emerging-web_client.rules)
2010759 - ET EXPLOIT Xerox WorkCentre PJL Daemon Buffer Overflow Attempt (emerging-exploit.rules)
2010760 - ET WEB_CLIENT Possible Gracenote CDDBControl ActiveX Control ViewProfile Method Heap Buffer Overflow Attempt (emerging-web_client.rules)
2010761 - ET WEB_SPECIFIC_APPS Possible Zenoss Cross Site Request Forgery Attempt (emerging-web_specific_apps.rules)
2010762 - ET WEB_SPECIFIC_APPS Possible Zenoss Cross Site Request Forgery UserCommand Attempt (emerging-web_specific_apps.rules)
2010763 - ET WEB_SPECIFIC_APPS Possible Zenoss Cross Site Request Forgery Ping UserCommand Attempt (emerging-web_specific_apps.rules)
2010764 - ET TROJAN Oficla Checkin (2) (emerging-virus.rules)
2010765 - ET TROJAN Zalupko/Koceg/Mandaph HTTP Checkin (2) (emerging-virus.rules)
2010766 - ET POLICY Proxy TRACE Request - inbound (emerging-policy.rules)
2010767 - ET POLICY TRACE Request - outbound (emerging-policy.rules)
2010768 - WEB_SERVER Open-Proxy ScannerBot (webcollage-UA) (emerging-user_agents.rules)
2010769 - ET CURRENT_EVENTS Possible Microsoft Internet Explorer Dynamic Object Tag Information Disclosure Attempt (emerging-current_events.rules)
2010770 - ET WEB_SPECIFIC_APPS HP System Management Homepage Input Validation Cross Site Scripting Attempt (emerging-web_specific_apps.rules)
2400008 - ET DROP Spamhaus DROP Listed Traffic Inbound (emerging-drop.rules)
2401008 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (emerging-drop-BLOCK.rules)
2404056 - ET DROP Known Bot C&C Server Traffic TCP (group 29) (emerging-botcc.rules)
2404057 - ET DROP Known Bot C&C Server Traffic UDP (group 29) (emerging-botcc.rules)
2405056 - ET DROP Known Bot C&C Traffic TCP (group 29) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405057 - ET DROP Known Bot C&C Traffic UDP (group 29) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
[///] Modified active rules: [///]
2001996 - ET USER_AGENTS UCMore Spyware Activity User Agent String (emerging-user_agents.rules)
2008324 - ET TROJAN Zalupko/Koceg/Mandaph manda.php Checkin (emerging-virus.rules)
2008325 - ET TROJAN Zalupko/Koceg/Mandaph HTTP Checkin (emerging-virus.rules)
2009295 - ET USER_AGENTS Suspicious Mozilla User-Agent - Likely Fake (Mozilla/5.0) (emerging-user_agents.rules)
2010071 - ET TROJAN Hiloti/Mufanom Infection Checkin (emerging-virus.rules)
2010148 - ET CURRENT_EVENTS DHL Spam Inbound (emerging-current_events.rules)
2010381 - ET TROJAN Syrutrk/Gibon/Bredolab Checkin (emerging-virus.rules)
2010458 - ET TROJAN Dropper Checkin - Likely Yahlover Worm (emerging-virus.rules)
2010743 - ET TROJAN Oficla Checkin (1) (emerging-virus.rules)
2400000 - ET DROP Spamhaus DROP Listed Traffic Inbound (emerging-drop.rules)
2400001 - ET DROP Spamhaus DROP Listed Traffic Inbound (emerging-drop.rules)
2400002 - ET DROP Spamhaus DROP Listed Traffic Inbound (emerging-drop.rules)
2400003 - ET DROP Spamhaus DROP Listed Traffic Inbound (emerging-drop.rules)
2400004 - ET DROP Spamhaus DROP Listed Traffic Inbound (emerging-drop.rules)
2400005 - ET DROP Spamhaus DROP Listed Traffic Inbound (emerging-drop.rules)
2400006 - ET DROP Spamhaus DROP Listed Traffic Inbound (emerging-drop.rules)
2400007 - ET DROP Spamhaus DROP Listed Traffic Inbound (emerging-drop.rules)
2401000 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (emerging-drop-BLOCK.rules)
2401001 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (emerging-drop-BLOCK.rules)
2401002 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (emerging-drop-BLOCK.rules)
2401003 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (emerging-drop-BLOCK.rules)
2401004 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (emerging-drop-BLOCK.rules)
2401005 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (emerging-drop-BLOCK.rules)
2401006 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (emerging-drop-BLOCK.rules)
2401007 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (emerging-drop-BLOCK.rules)
2402000 - ET DROP Dshield Block Listed Source (emerging-dshield.rules)
2402001 - ET DROP Dshield Block Listed Source (emerging-dshield.rules)
2403000 - ET DROP Dshield Block Listed Source - BLOCKING (emerging-dshield-BLOCK.rules)
2403001 - ET DROP Dshield Block Listed Source - BLOCKING (emerging-dshield-BLOCK.rules)
2404000 - ET DROP Known Bot C&C Server Traffic TCP (group 1) (emerging-botcc.rules)
2404001 - ET DROP Known Bot C&C Server Traffic UDP (group 1) (emerging-botcc.rules)
2404002 - ET DROP Known Bot C&C Server Traffic TCP (group 2) (emerging-botcc.rules)
2404003 - ET DROP Known Bot C&C Server Traffic UDP (group 2) (emerging-botcc.rules)
2404004 - ET DROP Known Bot C&C Server Traffic TCP (group 3) (emerging-botcc.rules)
2404005 - ET DROP Known Bot C&C Server Traffic UDP (group 3) (emerging-botcc.rules)
2404006 - ET DROP Known Bot C&C Server Traffic TCP (group 4) (emerging-botcc.rules)
2404007 - ET DROP Known Bot C&C Server Traffic UDP (group 4) (emerging-botcc.rules)
2404008 - ET DROP Known Bot C&C Server Traffic TCP (group 5) (emerging-botcc.rules)
2404009 - ET DROP Known Bot C&C Server Traffic UDP (group 5) (emerging-botcc.rules)
2404010 - ET DROP Known Bot C&C Server Traffic TCP (group 6) (emerging-botcc.rules)
2404011 - ET DROP Known Bot C&C Server Traffic UDP (group 6) (emerging-botcc.rules)
2404012 - ET DROP Known Bot C&C Server Traffic TCP (group 7) (emerging-botcc.rules)
2404013 - ET DROP Known Bot C&C Server Traffic UDP (group 7) (emerging-botcc.rules)
2404014 - ET DROP Known Bot C&C Server Traffic TCP (group 8) (emerging-botcc.rules)
2404015 - ET DROP Known Bot C&C Server Traffic UDP (group 8) (emerging-botcc.rules)
2404016 - ET DROP Known Bot C&C Server Traffic TCP (group 9) (emerging-botcc.rules)
2404017 - ET DROP Known Bot C&C Server Traffic UDP (group 9) (emerging-botcc.rules)
2404018 - ET DROP Known Bot C&C Server Traffic TCP (group 10) (emerging-botcc.rules)
2404019 - ET DROP Known Bot C&C Server Traffic UDP (group 10) (emerging-botcc.rules)
2404020 - ET DROP Known Bot C&C Server Traffic TCP (group 11) (emerging-botcc.rules)
2404021 - ET DROP Known Bot C&C Server Traffic UDP (group 11) (emerging-botcc.rules)
2404022 - ET DROP Known Bot C&C Server Traffic TCP (group 12) (emerging-botcc.rules)
2404023 - ET DROP Known Bot C&C Server Traffic UDP (group 12) (emerging-botcc.rules)
2404024 - ET DROP Known Bot C&C Server Traffic TCP (group 13) (emerging-botcc.rules)
2404025 - ET DROP Known Bot C&C Server Traffic UDP (group 13) (emerging-botcc.rules)
2404026 - ET DROP Known Bot C&C Server Traffic TCP (group 14) (emerging-botcc.rules)
2404027 - ET DROP Known Bot C&C Server Traffic UDP (group 14) (emerging-botcc.rules)
2404028 - ET DROP Known Bot C&C Server Traffic TCP (group 15) (emerging-botcc.rules)
2404029 - ET DROP Known Bot C&C Server Traffic UDP (group 15) (emerging-botcc.rules)
2404030 - ET DROP Known Bot C&C Server Traffic TCP (group 16) (emerging-botcc.rules)
2404031 - ET DROP Known Bot C&C Server Traffic UDP (group 16) (emerging-botcc.rules)
2404032 - ET DROP Known Bot C&C Server Traffic TCP (group 17) (emerging-botcc.rules)
2404033 - ET DROP Known Bot C&C Server Traffic UDP (group 17) (emerging-botcc.rules)
2404034 - ET DROP Known Bot C&C Server Traffic TCP (group 18) (emerging-botcc.rules)
2404035 - ET DROP Known Bot C&C Server Traffic UDP (group 18) (emerging-botcc.rules)
2404036 - ET DROP Known Bot C&C Server Traffic TCP (group 19) (emerging-botcc.rules)
2404037 - ET DROP Known Bot C&C Server Traffic UDP (group 19) (emerging-botcc.rules)
2404038 - ET DROP Known Bot C&C Server Traffic TCP (group 20) (emerging-botcc.rules)
2404039 - ET DROP Known Bot C&C Server Traffic UDP (group 20) (emerging-botcc.rules)
2404040 - ET DROP Known Bot C&C Server Traffic TCP (group 21) (emerging-botcc.rules)
2404041 - ET DROP Known Bot C&C Server Traffic UDP (group 21) (emerging-botcc.rules)
2404042 - ET DROP Known Bot C&C Server Traffic TCP (group 22) (emerging-botcc.rules)
2404043 - ET DROP Known Bot C&C Server Traffic UDP (group 22) (emerging-botcc.rules)
2404044 - ET DROP Known Bot C&C Server Traffic TCP (group 23) (emerging-botcc.rules)
2404045 - ET DROP Known Bot C&C Server Traffic UDP (group 23) (emerging-botcc.rules)
2404046 - ET DROP Known Bot C&C Server Traffic TCP (group 24) (emerging-botcc.rules)
2404047 - ET DROP Known Bot C&C Server Traffic UDP (group 24) (emerging-botcc.rules)
2404048 - ET DROP Known Bot C&C Server Traffic TCP (group 25) (emerging-botcc.rules)
2404049 - ET DROP Known Bot C&C Server Traffic UDP (group 25) (emerging-botcc.rules)
2404050 - ET DROP Known Bot C&C Server Traffic TCP (group 26) (emerging-botcc.rules)
2404051 - ET DROP Known Bot C&C Server Traffic UDP (group 26) (emerging-botcc.rules)
2404052 - ET DROP Known Bot C&C Server Traffic TCP (group 27) (emerging-botcc.rules)
2404053 - ET DROP Known Bot C&C Server Traffic UDP (group 27) (emerging-botcc.rules)
2404054 - ET DROP Known Bot C&C Server Traffic TCP (group 28) (emerging-botcc.rules)
2404055 - ET DROP Known Bot C&C Server Traffic UDP (group 28) (emerging-botcc.rules)
2405000 - ET DROP Known Bot C&C Traffic TCP (group 1) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405001 - ET DROP Known Bot C&C Traffic UDP (group 1) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405002 - ET DROP Known Bot C&C Traffic TCP (group 2) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405003 - ET DROP Known Bot C&C Traffic UDP (group 2) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405004 - ET DROP Known Bot C&C Traffic TCP (group 3) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405005 - ET DROP Known Bot C&C Traffic UDP (group 3) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405006 - ET DROP Known Bot C&C Traffic TCP (group 4) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405007 - ET DROP Known Bot C&C Traffic UDP (group 4) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405008 - ET DROP Known Bot C&C Traffic TCP (group 5) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405009 - ET DROP Known Bot C&C Traffic UDP (group 5) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405010 - ET DROP Known Bot C&C Traffic TCP (group 6) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405011 - ET DROP Known Bot C&C Traffic UDP (group 6) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405012 - ET DROP Known Bot C&C Traffic TCP (group 7) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405013 - ET DROP Known Bot C&C Traffic UDP (group 7) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405014 - ET DROP Known Bot C&C Traffic TCP (group 8) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405015 - ET DROP Known Bot C&C Traffic UDP (group 8) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405016 - ET DROP Known Bot C&C Traffic TCP (group 9) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405017 - ET DROP Known Bot C&C Traffic UDP (group 9) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405018 - ET DROP Known Bot C&C Traffic TCP (group 10) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405019 - ET DROP Known Bot C&C Traffic UDP (group 10) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405020 - ET DROP Known Bot C&C Traffic TCP (group 11) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405021 - ET DROP Known Bot C&C Traffic UDP (group 11) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405022 - ET DROP Known Bot C&C Traffic TCP (group 12) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405023 - ET DROP Known Bot C&C Traffic UDP (group 12) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405024 - ET DROP Known Bot C&C Traffic TCP (group 13) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405025 - ET DROP Known Bot C&C Traffic UDP (group 13) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405026 - ET DROP Known Bot C&C Traffic TCP (group 14) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405027 - ET DROP Known Bot C&C Traffic UDP (group 14) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405028 - ET DROP Known Bot C&C Traffic TCP (group 15) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405029 - ET DROP Known Bot C&C Traffic UDP (group 15) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405030 - ET DROP Known Bot C&C Traffic TCP (group 16) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405031 - ET DROP Known Bot C&C Traffic UDP (group 16) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405032 - ET DROP Known Bot C&C Traffic TCP (group 17) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405033 - ET DROP Known Bot C&C Traffic UDP (group 17) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405034 - ET DROP Known Bot C&C Traffic TCP (group 18) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405035 - ET DROP Known Bot C&C Traffic UDP (group 18) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405036 - ET DROP Known Bot C&C Traffic TCP (group 19) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405037 - ET DROP Known Bot C&C Traffic UDP (group 19) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405038 - ET DROP Known Bot C&C Traffic TCP (group 20) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405039 - ET DROP Known Bot C&C Traffic UDP (group 20) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405040 - ET DROP Known Bot C&C Traffic TCP (group 21) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405041 - ET DROP Known Bot C&C Traffic UDP (group 21) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405042 - ET DROP Known Bot C&C Traffic TCP (group 22) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405043 - ET DROP Known Bot C&C Traffic UDP (group 22) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405044 - ET DROP Known Bot C&C Traffic TCP (group 23) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405045 - ET DROP Known Bot C&C Traffic UDP (group 23) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405046 - ET DROP Known Bot C&C Traffic TCP (group 24) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405047 - ET DROP Known Bot C&C Traffic UDP (group 24) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405048 - ET DROP Known Bot C&C Traffic TCP (group 25) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405049 - ET DROP Known Bot C&C Traffic UDP (group 25) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405050 - ET DROP Known Bot C&C Traffic TCP (group 26) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405051 - ET DROP Known Bot C&C Traffic UDP (group 26) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405052 - ET DROP Known Bot C&C Traffic TCP (group 27) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405053 - ET DROP Known Bot C&C Traffic UDP (group 27) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405054 - ET DROP Known Bot C&C Traffic TCP (group 28) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405055 - ET DROP Known Bot C&C Traffic UDP (group 28) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
[---] Removed rules: [---]
2008337 - ET TROJAN Win32.Small.dvs or Related DDOS Checkin (emerging-virus.rules)
2009707 - WEB_SPECIFIC Possible XOOPS Viewpmesg.php Cross Site Scripting Attack (emerging-web_specific_apps.rules)
2009708 - WEB_SPECIFIC Possible XOOPS User.php Cross Site Scripting Attack (emerging-web_specific_apps.rules)
2009763 - ET WEB_CLIENT ACTIVEX EDraw PDF Viewer ActiveX Control Remote code execution (emerging-web_client.rules)
2009786 - ET WEB_SPECIFIC_APPS Bitweaver boards_rss.php version Parameter Directory Traversal (emerging-web_specific_apps.rules)
2010671 - ET WEB_SPECIFIC_APPS Possible Zenoss Network Monitoring Application DELETE FROM SQL Injection Attempt (emerging-web_specific_apps.rules)
[+++] Added non-rule lines: [+++]
-> Added to emerging-current_events.rules (1):
#we should remove this in a month or so, april 2010 or so
-> Added to emerging-drop-BLOCK.rules (2):
# VERSION 1807
# Generated 2010-02-06 00:03:02 EDT
-> Added to emerging-drop.rules (2):
# VERSION 1807
# Generated 2010-02-06 00:03:02 EDT
-> Added to emerging-exploit.rules (1):
#by kevin ross
-> Added to emerging-policy.rules (2):
#by Markus Manzke
# HTTP-TRACE Request
-> Added to emerging-sid-msg.map (42):
2008324 || ET TROJAN Zalupko/Koceg/Mandaph manda.php Checkin || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Socks || url,doc.emergingthreats.net/2008324 || url,www.threatexpert.com/report.aspx?md5=b2aad8e259cbfdd2ba1fcbf22bcee2e9 || url,www.symantec.com/security_response/writeup.jsp?docid=2008-042816-0445-99&tabid=2 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Backdoor%3aWin32%2fKoceg.gen!B
2008325 || ET TROJAN Zalupko/Koceg/Mandaph HTTP Checkin || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Socks || url,doc.emergingthreats.net/2008325 || url,www.threatexpert.com/report.aspx?md5=b2aad8e259cbfdd2ba1fcbf22bcee2e9 || url,www.symantec.com/security_response/writeup.jsp?docid=2008-042816-0445-99&tabid=2 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Backdoor%3aWin32%2fKoceg.gen!B
2010071 || ET TROJAN Hiloti/Mufanom Infection Checkin || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Bredolab || url,doc.emergingthreats.net/2010071 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fHiloti.gen!A
2010381 || ET TROJAN Syrutrk/Gibon/Bredolab Checkin || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Bredolab || url,doc.emergingthreats.net/2010381 || url,www.threatexpert.com/report.aspx?md5=011d403b345672adc29846074e717865 || url,www.threatexpert.com/report.aspx?md5=a5f94577d00d0306e4ef64bad30e5d37 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3aWin32%2fSyrutrk.A
2010458 || ET TROJAN Dropper Checkin - Likely Yahlover Worm || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Dialers || url,doc.emergingthreats.net/2010458
2010743 || ET TROJAN Oficla Checkin (1) || url,www.threatexpert.com/report.aspx?md5=f71d48a86776f8c0da4d7a46257ff97c
2010745 || ET WEB_SPECIFIC_APPS SoftArtisans XFile FileManager ActiveX stack overfow Function call Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Softartisans || url,doc.emergingthreats.net/2010745 || url,osvdb.org/47794 || url,/www.packetstormsecurity.nl/0911-exploits/softartisans_getdrivename.rb.txt || url,www.kb.cert.org/vuls/id/914785
2010746 || ET WEB_SPECIFIC_APPS SoftArtisans XFile FileManager ActiveX Buildpath method stack overflow Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Softartisans || url,doc.emergingthreats.net/2010746 || url,osvdb.org/47794 || url,/www.packetstormsecurity.nl/0911-exploits/softartisans_getdrivename.rb.txt || url,www.kb.cert.org/vuls/id/914785
2010747 || ET WEB_SPECIFIC_APPS SoftArtisans XFile FileManager ActiveX GetDriveName method stack overflow Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Softartisans || url,doc.emergingthreats.net/2010747 || url,osvdb.org/47794 || url,/www.packetstormsecurity.nl/0911-exploits/softartisans_getdrivename.rb.txt || url,www.kb.cert.org/vuls/id/914785
2010748 || ET WEB_SPECIFIC_APPS SoftArtisans XFile FileManager ActiveX DriveExists method stack overflow Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Softartisans || url,doc.emergingthreats.net/2010748 || url,osvdb.org/47794 || url,/www.packetstormsecurity.nl/0911-exploits/softartisans_getdrivename.rb.txt || url,www.kb.cert.org/vuls/id/914785
2010749 || ET WEB_SPECIFIC_APPS SoftArtisans XFile FileManager ActiveX DeleteFile method stack overflow Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Softartisans || url,doc.emergingthreats.net/2010749 || url,osvdb.org/47794 || url,/www.packetstormsecurity.nl/0911-exploits/softartisans_getdrivename.rb.txt || url,www.kb.cert.org/vuls/id/914785
2010750 || ET WEB_SPECIFIC_APPS Joomla com_musicgallery Component Id Parameter SELECT FROM SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla || url,doc.emergingthreats.net/2010750 || url,www.packetstormsecurity.nl/0911-exploits/joomlamg-sql.txt || bugtraq,37146
2010751 || ET WEB_SPECIFIC_APPS Joomla com_musicgallery Component Id Parameter DELETE FROM SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla || url,doc.emergingthreats.net/2010751 || url,www.packetstormsecurity.nl/0911-exploits/joomlamg-sql.txt || bugtraq,37146
2010752 || ET WEB_SPECIFIC_APPS Joomla com_musicgallery Component Id Parameter UNION SELECT SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla || url,doc.emergingthreats.net/2010752 || url,www.packetstormsecurity.nl/0911-exploits/joomlamg-sql.txt || bugtraq,37146
2010753 || ET WEB_SPECIFIC_APPS Joomla com_musicgallery Component Id Parameter INSERT INTO SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla || url,doc.emergingthreats.net/2010753 || url,www.packetstormsecurity.nl/0911-exploits/joomlamg-sql.txt || bugtraq,37146
2010754 || ET WEB_SPECIFIC_APPS Joomla com_musicgallery Component Id Parameter UPDATE SET SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla || url,doc.emergingthreats.net/2010754 || url,www.packetstormsecurity.nl/0911-exploits/joomlamg-sql.txt || bugtraq,37146
2010755 || ET DOS IBM DB2 kuddb2 Remote Denial of Service Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/DOS/DOS_DB2 || url,doc.emergingthreats.net/2010755 || url,intevydis.blogspot.com/2010/01/ibm-db2-97-kuddb2-dos.html || url,www.securityfocus.com/bid/38018
2010756 || ET TROJAN Sasfis Botnet Client Reporting Back to Controller After Command Execution || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Sasfis || url,doc.emergingthreats.net/2010756 || url,www.fortiguard.com/analysis/sasfisanalysis.html
2010757 || ET WEB_CLIENT VLC Media Player Aegisub Advanced SubStation (.ass) File Request flowbit set || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_VLC || url,doc.emergingthreats.net/2010757
2010758 || ET WEB_CLIENT VLC Media Player .ass File Buffer Overflow Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_VLC || url,doc.emergingthreats.net/2010758 || url,www.securityfocus.com/bid/37832/info
2010759 || ET EXPLOIT Xerox WorkCentre PJL Daemon Buffer Overflow Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_Xerox || url,doc.emergingthreats.net/2010759 || url,www.securityfocus.com/bid/38010
2010760 || ET WEB_CLIENT Possible Gracenote CDDBControl ActiveX Control ViewProfile Method Heap Buffer Overflow Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_Gracenote || url,doc.emergingthreats.net/2010760 || url,www.securityfocus.com/bid/37834
2010761 || ET WEB_SPECIFIC_APPS Possible Zenoss Cross Site Request Forgery Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Zenoss || url,doc.emergingthreats.net/2010761 || url,www.securityfocus.com/bid/37843
2010762 || ET WEB_SPECIFIC_APPS Possible Zenoss Cross Site Request Forgery UserCommand Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Zenoss || url,doc.emergingthreats.net/2010762 || url,www.securityfocus.com/bid/37843
2010763 || ET WEB_SPECIFIC_APPS Possible Zenoss Cross Site Request Forgery Ping UserCommand Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Zenoss || url,doc.emergingthreats.net/2010763 || url,www.securityfocus.com/bid/37843
2010764 || ET TROJAN Oficla Checkin (2) || url,www.threatexpert.com/report.aspx?md5=f71d48a86776f8c0da4d7a46257ff97c
2010765 || ET TROJAN Zalupko/Koceg/Mandaph HTTP Checkin (2) || url,www.threatexpert.com/report.aspx?md5=b2aad8e259cbfdd2ba1fcbf22bcee2e9 || url,www.symantec.com/security_response/writeup.jsp?docid=2008-042816-0445-99&tabid=2 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Backdoor%3aWin32%2fKoceg.gen!B
2010766 || ET POLICY Proxy TRACE Request - inbound || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Proxy
2010767 || ET POLICY TRACE Request - outbound || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Proxy
2010768 || WEB_SERVER Open-Proxy ScannerBot (webcollage-UA) || url,www.botsvsbrowsers.com/details/214715/index.html || url, stateofsecurity.com/?p=526
2010769 || ET CURRENT_EVENTS Possible Microsoft Internet Explorer Dynamic Object Tag Information Disclosure Attempt || cve,2010-0255 || url,tools.cisco.com/security/center/viewAlert.x?alertId=19873 || url,www.coresecurity.com/content/internet-explorer-dynamic-object-tag
2010770 || ET WEB_SPECIFIC_APPS HP System Management Homepage Input Validation Cross Site Scripting Attempt || cve,2009-4185 || url,h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02000727
2400008 || ET DROP Spamhaus DROP Listed Traffic Inbound || url,www.spamhaus.org/drop/drop.lasso
2401008 || ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE || url,www.spamhaus.org/drop/drop.lasso
2404056 || ET DROP Known Bot C&C Server Traffic TCP (group 29) || url,www.shadowserver.org
2404057 || ET DROP Known Bot C&C Server Traffic UDP (group 29) || url,www.shadowserver.org
2405056 || ET DROP Known Bot C&C Traffic TCP (group 29) - BLOCKING SOURCE || url,www.shadowserver.org
2405057 || ET DROP Known Bot C&C Traffic UDP (group 29) - BLOCKING SOURCE || url,www.shadowserver.org
2500844 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (423) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500845 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (423) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510844 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (423) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510845 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (423) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
-> Added to emerging-sid-msg.map.txt (42):
2008324 || ET TROJAN Zalupko/Koceg/Mandaph manda.php Checkin || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Socks || url,doc.emergingthreats.net/2008324 || url,www.threatexpert.com/report.aspx?md5=b2aad8e259cbfdd2ba1fcbf22bcee2e9 || url,www.symantec.com/security_response/writeup.jsp?docid=2008-042816-0445-99&tabid=2 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Backdoor%3aWin32%2fKoceg.gen!B
2008325 || ET TROJAN Zalupko/Koceg/Mandaph HTTP Checkin || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Socks || url,doc.emergingthreats.net/2008325 || url,www.threatexpert.com/report.aspx?md5=b2aad8e259cbfdd2ba1fcbf22bcee2e9 || url,www.symantec.com/security_response/writeup.jsp?docid=2008-042816-0445-99&tabid=2 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Backdoor%3aWin32%2fKoceg.gen!B
2010071 || ET TROJAN Hiloti/Mufanom Infection Checkin || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Bredolab || url,doc.emergingthreats.net/2010071 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fHiloti.gen!A
2010381 || ET TROJAN Syrutrk/Gibon/Bredolab Checkin || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Bredolab || url,doc.emergingthreats.net/2010381 || url,www.threatexpert.com/report.aspx?md5=011d403b345672adc29846074e717865 || url,www.threatexpert.com/report.aspx?md5=a5f94577d00d0306e4ef64bad30e5d37 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3aWin32%2fSyrutrk.A
2010458 || ET TROJAN Dropper Checkin - Likely Yahlover Worm || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Dialers || url,doc.emergingthreats.net/2010458
2010743 || ET TROJAN Oficla Checkin (1) || url,www.threatexpert.com/report.aspx?md5=f71d48a86776f8c0da4d7a46257ff97c
2010745 || ET WEB_SPECIFIC_APPS SoftArtisans XFile FileManager ActiveX stack overfow Function call Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Softartisans || url,doc.emergingthreats.net/2010745 || url,osvdb.org/47794 || url,/www.packetstormsecurity.nl/0911-exploits/softartisans_getdrivename.rb.txt || url,www.kb.cert.org/vuls/id/914785
2010746 || ET WEB_SPECIFIC_APPS SoftArtisans XFile FileManager ActiveX Buildpath method stack overflow Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Softartisans || url,doc.emergingthreats.net/2010746 || url,osvdb.org/47794 || url,/www.packetstormsecurity.nl/0911-exploits/softartisans_getdrivename.rb.txt || url,www.kb.cert.org/vuls/id/914785
2010747 || ET WEB_SPECIFIC_APPS SoftArtisans XFile FileManager ActiveX GetDriveName method stack overflow Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Softartisans || url,doc.emergingthreats.net/2010747 || url,osvdb.org/47794 || url,/www.packetstormsecurity.nl/0911-exploits/softartisans_getdrivename.rb.txt || url,www.kb.cert.org/vuls/id/914785
2010748 || ET WEB_SPECIFIC_APPS SoftArtisans XFile FileManager ActiveX DriveExists method stack overflow Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Softartisans || url,doc.emergingthreats.net/2010748 || url,osvdb.org/47794 || url,/www.packetstormsecurity.nl/0911-exploits/softartisans_getdrivename.rb.txt || url,www.kb.cert.org/vuls/id/914785
2010749 || ET WEB_SPECIFIC_APPS SoftArtisans XFile FileManager ActiveX DeleteFile method stack overflow Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Softartisans || url,doc.emergingthreats.net/2010749 || url,osvdb.org/47794 || url,/www.packetstormsecurity.nl/0911-exploits/softartisans_getdrivename.rb.txt || url,www.kb.cert.org/vuls/id/914785
2010750 || ET WEB_SPECIFIC_APPS Joomla com_musicgallery Component Id Parameter SELECT FROM SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla || url,doc.emergingthreats.net/2010750 || url,www.packetstormsecurity.nl/0911-exploits/joomlamg-sql.txt || bugtraq,37146
2010751 || ET WEB_SPECIFIC_APPS Joomla com_musicgallery Component Id Parameter DELETE FROM SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla || url,doc.emergingthreats.net/2010751 || url,www.packetstormsecurity.nl/0911-exploits/joomlamg-sql.txt || bugtraq,37146
2010752 || ET WEB_SPECIFIC_APPS Joomla com_musicgallery Component Id Parameter UNION SELECT SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla || url,doc.emergingthreats.net/2010752 || url,www.packetstormsecurity.nl/0911-exploits/joomlamg-sql.txt || bugtraq,37146
2010753 || ET WEB_SPECIFIC_APPS Joomla com_musicgallery Component Id Parameter INSERT INTO SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla || url,doc.emergingthreats.net/2010753 || url,www.packetstormsecurity.nl/0911-exploits/joomlamg-sql.txt || bugtraq,37146
2010754 || ET WEB_SPECIFIC_APPS Joomla com_musicgallery Component Id Parameter UPDATE SET SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla || url,doc.emergingthreats.net/2010754 || url,www.packetstormsecurity.nl/0911-exploits/joomlamg-sql.txt || bugtraq,37146
2010755 || ET DOS IBM DB2 kuddb2 Remote Denial of Service Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/DOS/DOS_DB2 || url,doc.emergingthreats.net/2010755 || url,intevydis.blogspot.com/2010/01/ibm-db2-97-kuddb2-dos.html || url,www.securityfocus.com/bid/38018
2010756 || ET TROJAN Sasfis Botnet Client Reporting Back to Controller After Command Execution || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Sasfis || url,doc.emergingthreats.net/2010756 || url,www.fortiguard.com/analysis/sasfisanalysis.html
2010757 || ET WEB_CLIENT VLC Media Player Aegisub Advanced SubStation (.ass) File Request flowbit set || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_VLC || url,doc.emergingthreats.net/2010757
2010758 || ET WEB_CLIENT VLC Media Player .ass File Buffer Overflow Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_VLC || url,doc.emergingthreats.net/2010758 || url,www.securityfocus.com/bid/37832/info
2010759 || ET EXPLOIT Xerox WorkCentre PJL Daemon Buffer Overflow Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_Xerox || url,doc.emergingthreats.net/2010759 || url,www.securityfocus.com/bid/38010
2010760 || ET WEB_CLIENT Possible Gracenote CDDBControl ActiveX Control ViewProfile Method Heap Buffer Overflow Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_Gracenote || url,doc.emergingthreats.net/2010760 || url,www.securityfocus.com/bid/37834
2010761 || ET WEB_SPECIFIC_APPS Possible Zenoss Cross Site Request Forgery Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Zenoss || url,doc.emergingthreats.net/2010761 || url,www.securityfocus.com/bid/37843
2010762 || ET WEB_SPECIFIC_APPS Possible Zenoss Cross Site Request Forgery UserCommand Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Zenoss || url,doc.emergingthreats.net/2010762 || url,www.securityfocus.com/bid/37843
2010763 || ET WEB_SPECIFIC_APPS Possible Zenoss Cross Site Request Forgery Ping UserCommand Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Zenoss || url,doc.emergingthreats.net/2010763 || url,www.securityfocus.com/bid/37843
2010764 || ET TROJAN Oficla Checkin (2) || url,www.threatexpert.com/report.aspx?md5=f71d48a86776f8c0da4d7a46257ff97c
2010765 || ET TROJAN Zalupko/Koceg/Mandaph HTTP Checkin (2) || url,www.threatexpert.com/report.aspx?md5=b2aad8e259cbfdd2ba1fcbf22bcee2e9 || url,www.symantec.com/security_response/writeup.jsp?docid=2008-042816-0445-99&tabid=2 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Backdoor%3aWin32%2fKoceg.gen!B
2010766 || ET POLICY Proxy TRACE Request - inbound || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Proxy
2010767 || ET POLICY TRACE Request - outbound || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_Proxy
2010768 || WEB_SERVER Open-Proxy ScannerBot (webcollage-UA) || url,www.botsvsbrowsers.com/details/214715/index.html || url, stateofsecurity.com/?p=526
2010769 || ET CURRENT_EVENTS Possible Microsoft Internet Explorer Dynamic Object Tag Information Disclosure Attempt || cve,2010-0255 || url,tools.cisco.com/security/center/viewAlert.x?alertId=19873 || url,www.coresecurity.com/content/internet-explorer-dynamic-object-tag
2010770 || ET WEB_SPECIFIC_APPS HP System Management Homepage Input Validation Cross Site Scripting Attempt || cve,2009-4185 || url,h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02000727
2400008 || ET DROP Spamhaus DROP Listed Traffic Inbound || url,www.spamhaus.org/drop/drop.lasso
2401008 || ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE || url,www.spamhaus.org/drop/drop.lasso
2404056 || ET DROP Known Bot C&C Server Traffic TCP (group 29) || url,www.shadowserver.org
2404057 || ET DROP Known Bot C&C Server Traffic UDP (group 29) || url,www.shadowserver.org
2405056 || ET DROP Known Bot C&C Traffic TCP (group 29) - BLOCKING SOURCE || url,www.shadowserver.org
2405057 || ET DROP Known Bot C&C Traffic UDP (group 29) - BLOCKING SOURCE || url,www.shadowserver.org
2500844 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (423) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500845 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (423) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510844 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (423) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510845 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (423) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
-> Added to emerging-user_agents.rules (2):
#by markus manzke
# Proxy-Scanner - 2
-> Added to emerging-virus.rules (2):
#by evilghost and darren spruell and mike cox and crew
#updates by darren spruell
[---] Removed non-rule lines: [---]
-> Removed from emerging-drop-BLOCK.rules (2):
# VERSION 1800
# Generated 2010-01-30 00:03:02 EDT
-> Removed from emerging-drop.rules (2):
# VERSION 1800
# Generated 2010-01-30 00:03:02 EDT
-> Removed from emerging-sid-msg.map (12):
2008324 || ET TROJAN Socks/Sality manda.php Checkin || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Socks || url,doc.emergingthreats.net/2008324
2008325 || ET TROJAN Socks/Sality HTTP Checkin || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Socks || url,doc.emergingthreats.net/2008325
2008337 || ET TROJAN Win32.Small.dvs or Related DDOS Checkin || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Win32.Small.dvs || url,doc.emergingthreats.net/2008337
2009707 || WEB_SPECIFIC Possible XOOPS Viewpmesg.php Cross Site Scripting Attack || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/XOOPS || url,doc.emergingthreats.net/2009707 || url,securitytracker.com/alerts/2009/Jul/1022641.html
2009708 || WEB_SPECIFIC Possible XOOPS User.php Cross Site Scripting Attack || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/XOOPS || url,doc.emergingthreats.net/2009708 || url,securitytracker.com/alerts/2009/Jul/1022641.html
2009763 || ET WEB_CLIENT ACTIVEX EDraw PDF Viewer ActiveX Control Remote code execution || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_EDraw || url,doc.emergingthreats.net/2009763 || url,archives.neohapsis.com/archives/fulldisclosure/2009-06/0198.html || url,secunia.com/advisories/35509/
2009786 || ET WEB_SPECIFIC_APPS Bitweaver boards_rss.php version Parameter Directory Traversal || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Bitweaver || url,doc.emergingthreats.net/2009786 || url,milw0rm.com/exploits/8659 || url,vupen.com/english/advisories/2009/1285 || url,secunia.com/advisories/35057/
2010071 || ET TROJAN Bredolab Infection - checkin || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Bredolab || url,doc.emergingthreats.net/2010071
2010381 || ET TROJAN Bredolab Checkin || url,doc.emergingthreats.net/2010381 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Bredolab || url,threatexpert.com/report.aspx?md5=a5f94577d00d0306e4ef64bad30e5d37
2010458 || ET TROJAN Dropper Checkin - Likely Yahlover Worm || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Droppers_General || url,doc.emergingthreats.net/2010458
2010671 || ET WEB_SPECIFIC_APPS Possible Zenoss Network Monitoring Application DELETE FROM SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Zenoss || url,doc.emergingthreats.net/2010671 || url,www.securityfocus.com/bid/37802/info
2010743 || ET TROJAN Oficla Checkin || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Oficla || url,doc.emergingthreats.net/2010743 || url,www.threatexpert.com/report.aspx?md5=f71d48a86776f8c0da4d7a46257ff97c
-> Removed from emerging-sid-msg.map.txt (12):
2008324 || ET TROJAN Socks/Sality manda.php Checkin || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Socks || url,doc.emergingthreats.net/2008324
2008325 || ET TROJAN Socks/Sality HTTP Checkin || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Socks || url,doc.emergingthreats.net/2008325
2008337 || ET TROJAN Win32.Small.dvs or Related DDOS Checkin || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Win32.Small.dvs || url,doc.emergingthreats.net/2008337
2009707 || WEB_SPECIFIC Possible XOOPS Viewpmesg.php Cross Site Scripting Attack || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/XOOPS || url,doc.emergingthreats.net/2009707 || url,securitytracker.com/alerts/2009/Jul/1022641.html
2009708 || WEB_SPECIFIC Possible XOOPS User.php Cross Site Scripting Attack || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/XOOPS || url,doc.emergingthreats.net/2009708 || url,securitytracker.com/alerts/2009/Jul/1022641.html
2009763 || ET WEB_CLIENT ACTIVEX EDraw PDF Viewer ActiveX Control Remote code execution || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_EDraw || url,doc.emergingthreats.net/2009763 || url,archives.neohapsis.com/archives/fulldisclosure/2009-06/0198.html || url,secunia.com/advisories/35509/
2009786 || ET WEB_SPECIFIC_APPS Bitweaver boards_rss.php version Parameter Directory Traversal || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Bitweaver || url,doc.emergingthreats.net/2009786 || url,milw0rm.com/exploits/8659 || url,vupen.com/english/advisories/2009/1285 || url,secunia.com/advisories/35057/
2010071 || ET TROJAN Bredolab Infection - checkin || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Bredolab || url,doc.emergingthreats.net/2010071
2010381 || ET TROJAN Bredolab Checkin || url,doc.emergingthreats.net/2010381 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Bredolab || url,threatexpert.com/report.aspx?md5=a5f94577d00d0306e4ef64bad30e5d37
2010458 || ET TROJAN Dropper Checkin - Likely Yahlover Worm || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Droppers_General || url,doc.emergingthreats.net/2010458
2010671 || ET WEB_SPECIFIC_APPS Possible Zenoss Network Monitoring Application DELETE FROM SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Zenoss || url,doc.emergingthreats.net/2010671 || url,www.securityfocus.com/bid/37802/info
2010743 || ET TROJAN Oficla Checkin || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Oficla || url,doc.emergingthreats.net/2010743 || url,www.threatexpert.com/report.aspx?md5=f71d48a86776f8c0da4d7a46257ff97c
-> Removed from emerging-virus.rules (1):
#by evilghost and darren spruell
More information about the Emerging-sigs
mailing list