[Emerging-Sigs] Emerging Threats Weekly Signature Changes
emerging@emergingthreats.net
emerging at emergingthreats.net
Sat Jan 30 18:00:13 EST 2010
[***] Results from Oinkmaster started Sat Jan 30 18:00:13 2010 [***]
[+++] Added rules: [+++]
2007851 - ET WEB_CLIENT Citrix Presentation Server Client WFICA.OCX ActiveX Component Heap Buffer Overflow Exploit (emerging-web_client.rules)
2010706 - ET USER_AGENTS Internet Explorer 6 in use - Significant Security Risk (emerging-policy.rules)
2010716 - ET CURRENT_EVENTS Malwareurl - wywg executable download Likely Malware (emerging-current_events.rules)
2010717 - ET USER_AGENTS Suspicious User-Agent (FaceCooker) (emerging-user_agents.rules)
2010718 - ET USER_AGENTS Suspicious User-Agent (Gootkit hldr) (emerging-user_agents.rules)
2010719 - ET WEB_SPECIFIC_APPS e107 CMS backdoor access, admin-access cookie and HTTP POST (emerging-web_specific_apps.rules)
2010720 - ET WEB_SERVER PHP Scan Precursor (emerging-web_server.rules)
2010721 - ET USER_AGENTS Suspicious Non-Escaping backslash in User-Agent Outbound (emerging-user_agents.rules)
2010722 - ET USER_AGENTS Suspicious Non-Escaping backslash in User-Agent Inbound (emerging-user_agents.rules)
2010723 - ET TROJAN Oficla Russian Malware Bundle C&C instruction response with runurl (emerging-virus.rules)
2010724 - ET TROJAN Oficla Russian Malware Bundle C&C instruction response (emerging-virus.rules)
2010725 - ET POLICY ApacheBenchmark[ab] Tool User-Agent Detected (emerging-policy.rules)
2010726 - ET WEB_SPECIFIC_APPS Adobe browser document ActiveX DoS Attempt (emerging-web_specific_apps.rules)
2010727 - ET USER_AGENTS Suspicious User-Agent (Live Enterprise Suite) (emerging-user_agents.rules)
2010728 - ET WEB_SPECIFIC_APPS WordPress wp-admin/admin.php Module Configuration Security Bypass Attempt (emerging-web_specific_apps.rules)
2010729 - ET CURRENT_EVENTS Zeus Bot / Zbot Checkin (/us01d/in.php) (emerging-current_events.rules)
2010730 - ET WEB_SERVER Possible Cisco ASA Appliance Clientless SSL VPN HTML Rewriting Security Bypass Attempt/Cross Site Scripting Attempt (emerging-web_server.rules)
2010731 - ET EXPLOIT FTP CWD command attempt without login (emerging-exploit.rules)
2010732 - ET EXPLOIT FTP SITE command attempt without login (emerging-exploit.rules)
2010733 - ET EXPLOIT FTP RMDIR command attempt without login (emerging-exploit.rules)
2010734 - ET EXPLOIT FTP MKDIR command attempt without login (emerging-exploit.rules)
2010735 - ET EXPLOIT FTP PWD command attempt without login (emerging-exploit.rules)
2010736 - ET EXPLOIT FTP RETR command attempt without login (emerging-exploit.rules)
2010737 - ET EXPLOIT FTP NLST command attempt without login (emerging-exploit.rules)
2010738 - ET EXPLOIT FTP RNTO command attempt without login (emerging-exploit.rules)
2010739 - ET EXPLOIT FTP RNFR command attempt without login (emerging-exploit.rules)
2010740 - ET EXPLOIT FTP STOR command attempt without login (emerging-exploit.rules)
2010741 - ET TROJAN Suspicious exe.exe request - possible downloader/Oficla (emerging-virus.rules)
2010742 - ET CURRENT_EVENTS Pinkslipbot Trojan Downloader (emerging-current_events.rules)
2010743 - ET TROJAN Oficla Checkin (emerging-virus.rules)
2010744 - ET TROJAN Oficla Russian Malware Bundle C&C instruction response (2) (emerging-virus.rules)
2402001 - ET DROP Dshield Block Listed Source (emerging-dshield.rules)
2403001 - ET DROP Dshield Block Listed Source - BLOCKING (emerging-dshield-BLOCK.rules)
[///] Modified active rules: [///]
2000033 - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) (emerging-exploit.rules)
2000046 - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (Win2k) (emerging-exploit.rules)
2001349 - ET INAPPROPRIATE free XXX (emerging-inappropriate.rules)
2001350 - ET INAPPROPRIATE hardcore anal (emerging-inappropriate.rules)
2001392 - ET INAPPROPRIATE Sextracker Tracking Code Detected (1) (emerging-inappropriate.rules)
2001393 - ET INAPPROPRIATE Sextracker Tracking Code Detected (2) (emerging-inappropriate.rules)
2002082 - ET POLICY Unusual User Agent (Client) (emerging-policy.rules)
2002101 - ET GAMES Battle.net Starcraft login (emerging-game.rules)
2002102 - ET GAMES Battle.net Brood War login (emerging-game.rules)
2002103 - ET GAMES Battle.net Diablo login (emerging-game.rules)
2002104 - ET GAMES Battle.net Diablo 2 login (emerging-game.rules)
2002105 - ET GAMES Battle.net Diablo 2 Lord of Destruction login (emerging-game.rules)
2002106 - ET GAMES Battle.net Warcraft 2 login (emerging-game.rules)
2002107 - ET GAMES Battle.net Warcraft 3 login (emerging-game.rules)
2002108 - ET GAMES Battle.net Warcraft 3\: The Frozen throne login (emerging-game.rules)
2002109 - ET GAMES Battle.net old game version (emerging-game.rules)
2002110 - ET GAMES Battle.net invalid version (emerging-game.rules)
2002111 - ET GAMES Battle.net invalid cdkey (emerging-game.rules)
2002112 - ET GAMES Battle.net cdkey in use (emerging-game.rules)
2002113 - ET GAMES Battle.net banned key (emerging-game.rules)
2002114 - ET GAMES Battle.net wrong product (emerging-game.rules)
2002115 - ET GAMES Battle.net failed account login (OLS)\: wrong password (emerging-game.rules)
2002116 - ET GAMES Battle.net failed account login (NLS)\: wrong password (emerging-game.rules)
2002117 - ET GAMES Battle.net connection reset (possible IP-Ban) (emerging-game.rules)
2002118 - ET GAMES Battle.net user in channel (emerging-game.rules)
2002119 - ET GAMES Battle.net outgoing chat message (emerging-game.rules)
2002138 - ET GAMES World of Warcraft connection (emerging-game.rules)
2002139 - ET GAMES World of Warcraft failed logon (emerging-game.rules)
2002140 - ET GAMES Battle.net user joined channel (emerging-game.rules)
2002141 - ET GAMES Battle.net user left channel (emerging-game.rules)
2002142 - ET GAMES Battle.net received whisper message (emerging-game.rules)
2002143 - ET GAMES Battle.net received server broadcast (emerging-game.rules)
2002144 - ET GAMES Battle.net joined channel (emerging-game.rules)
2002145 - ET GAMES Battle.net user had a flags update (emerging-game.rules)
2002146 - ET GAMES Battle.net sent a whisper (emerging-game.rules)
2002147 - ET GAMES Battle.net channel full (emerging-game.rules)
2002148 - ET GAMES Battle.net channel doesn't exist (emerging-game.rules)
2002149 - ET GAMES Battle.net channel is restricted (emerging-game.rules)
2002150 - ET GAMES Battle.net informational message (emerging-game.rules)
2002151 - ET GAMES Battle.net error message (emerging-game.rules)
2002152 - ET GAMES Battle.net 'emote' message (emerging-game.rules)
2002154 - ET GAMES Guild Wars connection (emerging-game.rules)
2002170 - ET GAMES Battle.net incoming chat message (emerging-game.rules)
2002850 - ET FTP USER login flowbit (emerging-exploit.rules)
2002851 - ET FTP HP-UX LIST command without login (emerging-exploit.rules)
2002997 - ET WEB_SERVER PHP Remote File Inclusion (monster list http) (emerging-web_server.rules)
2003329 - ET VOIP Centrality IP Phone (PA-168 Chipset) Session Hijacking (emerging-voip.rules)
2003410 - ET POLICY FTP Login Successful (non-anonymous) (emerging-policy.rules)
2003411 - ET EXPLOIT Solaris telnet USER environment vuln Attack inbound (emerging-exploit.rules)
2003412 - ET EXPLOIT Solaris telnet USER environment vuln Attack outbound (emerging-exploit.rules)
2008063 - ET EXPLOIT MDAEMON (Post Auth) Remote Root IMAP FETCH Command Universal Exploit (emerging-exploit.rules)
2008426 - ET EXPLOIT SecurityGateway 1.0.1 Remote Buffer Overflow (emerging-exploit.rules)
2008660 - ET TROJAN Torpig Infection Reporting (emerging-virus.rules)
2010438 - ET MALWARE Possible Malicious Applet Access (justexploit kit) (emerging-malware.rules)
2010546 - ET EXPLOIT HP Open View Data Protector Buffer Overflow Attempt (emerging-exploit.rules)
2010625 - ET TROJAN FakeAV Landing Page (aid,sid) (emerging-virus.rules)
2010626 - ET TROJAN Likely FakeAV/Fakeinit/FraudLoad Checkin (emerging-virus.rules)
2010627 - ET TROJAN Likely FakeAV/Fakeinit/FraudLoad Checkin (emerging-virus.rules)
2010628 - ET TROJAN Likely FakeAV/Fakeinit/FraudLoad Checkin (emerging-virus.rules)
2010701 - ET WEB_SPECIFIC_APPS VBulletin 4.0.1 SQL Injection Attempt (emerging-web_specific_apps.rules)
2400000 - ET DROP Spamhaus DROP Listed Traffic Inbound (emerging-drop.rules)
2400001 - ET DROP Spamhaus DROP Listed Traffic Inbound (emerging-drop.rules)
2400002 - ET DROP Spamhaus DROP Listed Traffic Inbound (emerging-drop.rules)
2400003 - ET DROP Spamhaus DROP Listed Traffic Inbound (emerging-drop.rules)
2400004 - ET DROP Spamhaus DROP Listed Traffic Inbound (emerging-drop.rules)
2400005 - ET DROP Spamhaus DROP Listed Traffic Inbound (emerging-drop.rules)
2400006 - ET DROP Spamhaus DROP Listed Traffic Inbound (emerging-drop.rules)
2400007 - ET DROP Spamhaus DROP Listed Traffic Inbound (emerging-drop.rules)
2401000 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (emerging-drop-BLOCK.rules)
2401001 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (emerging-drop-BLOCK.rules)
2401002 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (emerging-drop-BLOCK.rules)
2401003 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (emerging-drop-BLOCK.rules)
2401004 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (emerging-drop-BLOCK.rules)
2401005 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (emerging-drop-BLOCK.rules)
2401006 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (emerging-drop-BLOCK.rules)
2401007 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (emerging-drop-BLOCK.rules)
2402000 - ET DROP Dshield Block Listed Source (emerging-dshield.rules)
2403000 - ET DROP Dshield Block Listed Source - BLOCKING (emerging-dshield-BLOCK.rules)
2404000 - ET DROP Known Bot C&C Server Traffic TCP (group 1) (emerging-botcc.rules)
2404001 - ET DROP Known Bot C&C Server Traffic UDP (group 1) (emerging-botcc.rules)
2404002 - ET DROP Known Bot C&C Server Traffic TCP (group 2) (emerging-botcc.rules)
2404003 - ET DROP Known Bot C&C Server Traffic UDP (group 2) (emerging-botcc.rules)
2404004 - ET DROP Known Bot C&C Server Traffic TCP (group 3) (emerging-botcc.rules)
2404005 - ET DROP Known Bot C&C Server Traffic UDP (group 3) (emerging-botcc.rules)
2404006 - ET DROP Known Bot C&C Server Traffic TCP (group 4) (emerging-botcc.rules)
2404007 - ET DROP Known Bot C&C Server Traffic UDP (group 4) (emerging-botcc.rules)
2404008 - ET DROP Known Bot C&C Server Traffic TCP (group 5) (emerging-botcc.rules)
2404009 - ET DROP Known Bot C&C Server Traffic UDP (group 5) (emerging-botcc.rules)
2404010 - ET DROP Known Bot C&C Server Traffic TCP (group 6) (emerging-botcc.rules)
2404011 - ET DROP Known Bot C&C Server Traffic UDP (group 6) (emerging-botcc.rules)
2404012 - ET DROP Known Bot C&C Server Traffic TCP (group 7) (emerging-botcc.rules)
2404013 - ET DROP Known Bot C&C Server Traffic UDP (group 7) (emerging-botcc.rules)
2404014 - ET DROP Known Bot C&C Server Traffic TCP (group 8) (emerging-botcc.rules)
2404015 - ET DROP Known Bot C&C Server Traffic UDP (group 8) (emerging-botcc.rules)
2404016 - ET DROP Known Bot C&C Server Traffic TCP (group 9) (emerging-botcc.rules)
2404017 - ET DROP Known Bot C&C Server Traffic UDP (group 9) (emerging-botcc.rules)
2404018 - ET DROP Known Bot C&C Server Traffic TCP (group 10) (emerging-botcc.rules)
2404019 - ET DROP Known Bot C&C Server Traffic UDP (group 10) (emerging-botcc.rules)
2404020 - ET DROP Known Bot C&C Server Traffic TCP (group 11) (emerging-botcc.rules)
2404021 - ET DROP Known Bot C&C Server Traffic UDP (group 11) (emerging-botcc.rules)
2404022 - ET DROP Known Bot C&C Server Traffic TCP (group 12) (emerging-botcc.rules)
2404023 - ET DROP Known Bot C&C Server Traffic UDP (group 12) (emerging-botcc.rules)
2404024 - ET DROP Known Bot C&C Server Traffic TCP (group 13) (emerging-botcc.rules)
2404025 - ET DROP Known Bot C&C Server Traffic UDP (group 13) (emerging-botcc.rules)
2404026 - ET DROP Known Bot C&C Server Traffic TCP (group 14) (emerging-botcc.rules)
2404027 - ET DROP Known Bot C&C Server Traffic UDP (group 14) (emerging-botcc.rules)
2404028 - ET DROP Known Bot C&C Server Traffic TCP (group 15) (emerging-botcc.rules)
2404029 - ET DROP Known Bot C&C Server Traffic UDP (group 15) (emerging-botcc.rules)
2404030 - ET DROP Known Bot C&C Server Traffic TCP (group 16) (emerging-botcc.rules)
2404031 - ET DROP Known Bot C&C Server Traffic UDP (group 16) (emerging-botcc.rules)
2404032 - ET DROP Known Bot C&C Server Traffic TCP (group 17) (emerging-botcc.rules)
2404033 - ET DROP Known Bot C&C Server Traffic UDP (group 17) (emerging-botcc.rules)
2404034 - ET DROP Known Bot C&C Server Traffic TCP (group 18) (emerging-botcc.rules)
2404035 - ET DROP Known Bot C&C Server Traffic UDP (group 18) (emerging-botcc.rules)
2404036 - ET DROP Known Bot C&C Server Traffic TCP (group 19) (emerging-botcc.rules)
2404037 - ET DROP Known Bot C&C Server Traffic UDP (group 19) (emerging-botcc.rules)
2404038 - ET DROP Known Bot C&C Server Traffic TCP (group 20) (emerging-botcc.rules)
2404039 - ET DROP Known Bot C&C Server Traffic UDP (group 20) (emerging-botcc.rules)
2404040 - ET DROP Known Bot C&C Server Traffic TCP (group 21) (emerging-botcc.rules)
2404041 - ET DROP Known Bot C&C Server Traffic UDP (group 21) (emerging-botcc.rules)
2404042 - ET DROP Known Bot C&C Server Traffic TCP (group 22) (emerging-botcc.rules)
2404043 - ET DROP Known Bot C&C Server Traffic UDP (group 22) (emerging-botcc.rules)
2404044 - ET DROP Known Bot C&C Server Traffic TCP (group 23) (emerging-botcc.rules)
2404045 - ET DROP Known Bot C&C Server Traffic UDP (group 23) (emerging-botcc.rules)
2404046 - ET DROP Known Bot C&C Server Traffic TCP (group 24) (emerging-botcc.rules)
2404047 - ET DROP Known Bot C&C Server Traffic UDP (group 24) (emerging-botcc.rules)
2404048 - ET DROP Known Bot C&C Server Traffic TCP (group 25) (emerging-botcc.rules)
2404049 - ET DROP Known Bot C&C Server Traffic UDP (group 25) (emerging-botcc.rules)
2404050 - ET DROP Known Bot C&C Server Traffic TCP (group 26) (emerging-botcc.rules)
2404051 - ET DROP Known Bot C&C Server Traffic UDP (group 26) (emerging-botcc.rules)
2404052 - ET DROP Known Bot C&C Server Traffic TCP (group 27) (emerging-botcc.rules)
2404053 - ET DROP Known Bot C&C Server Traffic UDP (group 27) (emerging-botcc.rules)
2404054 - ET DROP Known Bot C&C Server Traffic TCP (group 28) (emerging-botcc.rules)
2404055 - ET DROP Known Bot C&C Server Traffic UDP (group 28) (emerging-botcc.rules)
2405000 - ET DROP Known Bot C&C Traffic TCP (group 1) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405001 - ET DROP Known Bot C&C Traffic UDP (group 1) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405002 - ET DROP Known Bot C&C Traffic TCP (group 2) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405003 - ET DROP Known Bot C&C Traffic UDP (group 2) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405004 - ET DROP Known Bot C&C Traffic TCP (group 3) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405005 - ET DROP Known Bot C&C Traffic UDP (group 3) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405006 - ET DROP Known Bot C&C Traffic TCP (group 4) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405007 - ET DROP Known Bot C&C Traffic UDP (group 4) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405008 - ET DROP Known Bot C&C Traffic TCP (group 5) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405009 - ET DROP Known Bot C&C Traffic UDP (group 5) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405010 - ET DROP Known Bot C&C Traffic TCP (group 6) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405011 - ET DROP Known Bot C&C Traffic UDP (group 6) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405012 - ET DROP Known Bot C&C Traffic TCP (group 7) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405013 - ET DROP Known Bot C&C Traffic UDP (group 7) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405014 - ET DROP Known Bot C&C Traffic TCP (group 8) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405015 - ET DROP Known Bot C&C Traffic UDP (group 8) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405016 - ET DROP Known Bot C&C Traffic TCP (group 9) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405017 - ET DROP Known Bot C&C Traffic UDP (group 9) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405018 - ET DROP Known Bot C&C Traffic TCP (group 10) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405019 - ET DROP Known Bot C&C Traffic UDP (group 10) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405020 - ET DROP Known Bot C&C Traffic TCP (group 11) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405021 - ET DROP Known Bot C&C Traffic UDP (group 11) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405022 - ET DROP Known Bot C&C Traffic TCP (group 12) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405023 - ET DROP Known Bot C&C Traffic UDP (group 12) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405024 - ET DROP Known Bot C&C Traffic TCP (group 13) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405025 - ET DROP Known Bot C&C Traffic UDP (group 13) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405026 - ET DROP Known Bot C&C Traffic TCP (group 14) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405027 - ET DROP Known Bot C&C Traffic UDP (group 14) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405028 - ET DROP Known Bot C&C Traffic TCP (group 15) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405029 - ET DROP Known Bot C&C Traffic UDP (group 15) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405030 - ET DROP Known Bot C&C Traffic TCP (group 16) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405031 - ET DROP Known Bot C&C Traffic UDP (group 16) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405032 - ET DROP Known Bot C&C Traffic TCP (group 17) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405033 - ET DROP Known Bot C&C Traffic UDP (group 17) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405034 - ET DROP Known Bot C&C Traffic TCP (group 18) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405035 - ET DROP Known Bot C&C Traffic UDP (group 18) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405036 - ET DROP Known Bot C&C Traffic TCP (group 19) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405037 - ET DROP Known Bot C&C Traffic UDP (group 19) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405038 - ET DROP Known Bot C&C Traffic TCP (group 20) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405039 - ET DROP Known Bot C&C Traffic UDP (group 20) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405040 - ET DROP Known Bot C&C Traffic TCP (group 21) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405041 - ET DROP Known Bot C&C Traffic UDP (group 21) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405042 - ET DROP Known Bot C&C Traffic TCP (group 22) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405043 - ET DROP Known Bot C&C Traffic UDP (group 22) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405044 - ET DROP Known Bot C&C Traffic TCP (group 23) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405045 - ET DROP Known Bot C&C Traffic UDP (group 23) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405046 - ET DROP Known Bot C&C Traffic TCP (group 24) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405047 - ET DROP Known Bot C&C Traffic UDP (group 24) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405048 - ET DROP Known Bot C&C Traffic TCP (group 25) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405049 - ET DROP Known Bot C&C Traffic UDP (group 25) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405050 - ET DROP Known Bot C&C Traffic TCP (group 26) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405051 - ET DROP Known Bot C&C Traffic UDP (group 26) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405052 - ET DROP Known Bot C&C Traffic TCP (group 27) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405053 - ET DROP Known Bot C&C Traffic UDP (group 27) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405054 - ET DROP Known Bot C&C Traffic TCP (group 28) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
2405055 - ET DROP Known Bot C&C Traffic UDP (group 28) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
[///] Modified inactive rules: [///]
2001351 - ET INAPPROPRIATE masturbation (emerging-inappropriate.rules)
2001352 - ET INAPPROPRIATE ejaculation (emerging-inappropriate.rules)
2001353 - ET INAPPROPRIATE BDSM (emerging-inappropriate.rules)
2001608 - ET INAPPROPRIATE Likely Porn (emerging-inappropriate.rules)
2009828 - ET EXPLOIT Possible IIS FTP Exploit attempt - Large SITE command (emerging-exploit.rules)
2009860 - ET Exploit IIS FTP Exploit - NLST Globbing Exploit (emerging-exploit.rules)
[---] Disabled rules: [---]
2009024 - ET TROJAN Downadup/Conficker A or B Worm reporting (emerging-virus.rules)
2010348 - ET TROJAN - Possible Zeus/Perkesh (.bin) configuration download (emerging-virus.rules)
2010697 - ET USER_AGENTS Suspicious User-Agent Beginning with digits - Likely spyware/trojan (emerging-user_agents.rules)
[---] Removed rules: [---]
2007851 - ET EXPLOIT Citrix Presentation Server Client WFICA.OCX ActiveX Component Heap Buffer Overflow Exploit (emerging-exploit.rules)
2010443 - ET CURRENT_EVENTS MALWARE Potential Malware Download, rogue antivirus downloader (installer.1.exe) (emerging-current_events.rules)
2010445 - ET CURRENT_EVENTS MALWARE Potential Malware Download, java exploit (emerging-current_events.rules)
2010533 - ET CURRENT_EVENTS Malwareurl.com - potential oficla downlaod (sdfg.jar) (emerging-current_events.rules)
2010706 - ET WEB_SPECIFIC_APPS Adobe browser document ActiveX DoS Attempt (emerging-web_specific_apps.rules)
[+++] Added non-rule lines: [+++]
-> Added to emerging-current_events.rules (2):
#by Nate Hausrath
#by spooker
-> Added to emerging-drop-BLOCK.rules (2):
# VERSION 1800
# Generated 2010-01-30 00:03:02 EDT
-> Added to emerging-drop.rules (2):
# VERSION 1800
# Generated 2010-01-30 00:03:02 EDT
-> Added to emerging-exploit.rules (1):
#disabling for falses...
-> Added to emerging-policy.rules (1):
#apachebench
-> Added to emerging-sid-msg.map (141):
2000033 || ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) || cve,2003-0533 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_LSASRV_DLL_RPC_Exploit_winXP || url,doc.emergingthreats.net/bin/view/Main/2000033
2000046 || ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (Win2k) || cve,2003-0533 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_LSASRV_DLL_RPC_Exploit_win2k || url,doc.emergingthreats.net/bin/view/Main/2000046
2002997 || ET WEB_SERVER PHP Remote File Inclusion (monster list http) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_RFI_Generic || url,doc.emergingthreats.net/2002997 || url,www.sans.org/top20/
2003329 || ET VOIP Centrality IP Phone (PA-168 Chipset) Session Hijacking || cve,2007-0528 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VOIP/VOIP_IP_Phone || url,doc.emergingthreats.net/bin/view/Main/2003329 || url,www.milw0rm.com/exploits/3189
2003411 || ET EXPLOIT Solaris telnet USER environment vuln Attack inbound || cve,2007-0882 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_Solaris_TelnetUserEnv || url,doc.emergingthreats.net/bin/view/Main/2003411 || url,isc.sans.org/diary.html?n&storyid=2220 || url,riosec.com/solaris-telnet-0-day
2003412 || ET EXPLOIT Solaris telnet USER environment vuln Attack outbound || cve,2007-0882 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_Solaris_TelnetUserEnv || url,doc.emergingthreats.net/bin/view/Main/2003412 || url,isc.sans.org/diary.html?n&storyid=2220 || url,riosec.com/solaris-telnet-0-day
2007851 || ET WEB_CLIENT Citrix Presentation Server Client WFICA.OCX ActiveX Component Heap Buffer Overflow Exploit || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_Citrix || url,doc.emergingthreats.net/bin/view/Main/2007851 || cve,CVE-2006-6334 || bugtraq,21458 || url,www.milw0rm.com/exploits/5106
2008063 || ET EXPLOIT MDAEMON (Post Auth) Remote Root IMAP FETCH Command Universal Exploit || cve,2008-1358 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_Mdaemon || url,doc.emergingthreats.net/bin/view/Main/2008063 || bugtraq,28245 || url,www.milw0rm.com/exploits/5248
2008426 || ET EXPLOIT SecurityGateway 1.0.1 Remote Buffer Overflow || cve,2008-4193 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_SecurityGateway || url,doc.emergingthreats.net/bin/view/Main/2008426 || url,milw0rm.com/exploits/5718 || url,frsirt.com/english/advisories/2008/1717
2008660 || ET TROJAN Torpig Infection Reporting || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Torpig || url,offensivecomputing.net/?q=node/909 || url,doc.emergingthreats.net/2008660 || url,www.cs.ucsb.edu/~seclab/projects/torpig/torpig.pdf || url,www2.gmer.net/mbr/
2009828 || ET EXPLOIT Possible IIS FTP Exploit attempt - Large SITE command || cve,2009-3023 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_IISFTP || url,doc.emergingthreats.net/2009828 || url,www.milw0rm.com/exploits/9541
2009860 || ET Exploit IIS FTP Exploit - NLST Globbing Exploit || cve,2009-3023 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_IISFTP || url,doc.emergingthreats.net/2009860 || url,www.milw0rm.com/exploits/9541
2010546 || ET EXPLOIT HP Open View Data Protector Buffer Overflow Attempt || cve,2007-2281 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_HP || url,doc.emergingthreats.net/2010546 || url,dvlabs.tippingpoint.com/advisory/TPTI-09-15
2010701 || ET WEB_SPECIFIC_APPS VBulletin 4.0.1 SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_vBulletin || url,doc.emergingthreats.net/2010701 || url,www.packetstormsecurity.org/1001-exploits/vbulletin401-sql.txt
2010716 || ET CURRENT_EVENTS Malwareurl - wywg executable download Likely Malware || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malwareurl_top_downloads || url,doc.emergingthreats.net/2010716 || url,malwareurl.com
2010717 || ET USER_AGENTS Suspicious User-Agent (FaceCooker) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_FaceCooker || url,doc.emergingthreats.net/2010717
2010718 || ET USER_AGENTS Suspicious User-Agent (Gootkit hldr) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_GootKit || url,doc.emergingthreats.net/2010718
2010719 || ET WEB_SPECIFIC_APPS e107 CMS backdoor access, admin-access cookie and HTTP POST || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_e107 || url,doc.emergingthreats.net/2010719 || url,www.e107.org/news.php || url,seclists.org/fulldisclosure/2010/Jan/480
2010720 || ET WEB_SERVER PHP Scan Precursor || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_nonexist || url,doc.emergingthreats.net/2010720
2010721 || ET USER_AGENTS Suspicious Non-Escaping backslash in User-Agent Outbound || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_Backslash || url,doc.emergingthreats.net/2010721 || url,mws.amazon.com/docs/devGuide/UserAgent.html || url,www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
2010722 || ET USER_AGENTS Suspicious Non-Escaping backslash in User-Agent Inbound || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_Backslash || url,doc.emergingthreats.net/2010722 || url,mws.amazon.com/docs/devGuide/UserAgent.html || url,www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
2010723 || ET TROJAN Oficla Russian Malware Bundle C&C instruction response with runurl || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Unknown || url,doc.emergingthreats.net/2010723 || url,malwarelab.org/2009/11/russian-malware-bundle/
2010724 || ET TROJAN Oficla Russian Malware Bundle C&C instruction response || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Unknown || url,doc.emergingthreats.net/2010724 || url,malwarelab.org/2009/11/russian-malware-bundle/
2010725 || ET POLICY ApacheBenchmark[ab] Tool User-Agent Detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_ApacheBenchmark || url,doc.emergingthreats.net/2010725 || url,httpd.apache.org/docs/2.0/programs/ab.html/
2010726 || ET WEB_SPECIFIC_APPS Adobe browser document ActiveX DoS Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Adobe || url,doc.emergingthreats.net/2010726 || url,www.packetstormsecurity.nl/0911-exploits/acropdf-dos.txt
2010727 || ET USER_AGENTS Suspicious User-Agent (Live Enterprise Suite) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_LiveAntivurusSuite || url,doc.emergingthreats.net/2010727
2010728 || ET WEB_SPECIFIC_APPS WordPress wp-admin/admin.php Module Configuration Security Bypass Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Wordpress || url,doc.emergingthreats.net/2010728 || cve,2009-2334 || url,www.securityfocus.com/bid/35584
2010729 || ET CURRENT_EVENTS Zeus Bot / Zbot Checkin (/us01d/in.php) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Zeus || url,doc.emergingthreats.net/2010729 || url,garwarner.blogspot.com/2010/01/american-bankers-association-version-of.html
2010730 || ET WEB_SERVER Possible Cisco ASA Appliance Clientless SSL VPN HTML Rewriting Security Bypass Attempt/Cross Site Scripting Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Cisco || url,doc.emergingthreats.net/2010730 || cve,2009-1202 || cve,2009-1201 || url,www.securityfocus.com/bid/35476 || url,www.securityfocus.com/archive/1/504516 || url,tools.cisco.com/security/center/viewAlert.x?alertId=18442
2010731 || ET EXPLOIT FTP CWD command attempt without login || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_FTP || url,doc.emergingthreats.net/2010731 || url,www.nsftools.com/tips/RawFTP.htm
2010732 || ET EXPLOIT FTP SITE command attempt without login || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_FTP || url,doc.emergingthreats.net/2010732 || url,www.nsftools.com/tips/RawFTP.htm
2010733 || ET EXPLOIT FTP RMDIR command attempt without login || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_FTP || url,doc.emergingthreats.net/2010733 || url,www.nsftools.com/tips/RawFTP.htm
2010734 || ET EXPLOIT FTP MKDIR command attempt without login || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_FTP || url,doc.emergingthreats.net/2010734 || url,www.nsftools.com/tips/RawFTP.htm
2010735 || ET EXPLOIT FTP PWD command attempt without login || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_FTP || url,doc.emergingthreats.net/2010735 || url,www.nsftools.com/tips/RawFTP.htm
2010736 || ET EXPLOIT FTP RETR command attempt without login || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_FTP || url,doc.emergingthreats.net/2010736 || url,www.nsftools.com/tips/RawFTP.htm
2010737 || ET EXPLOIT FTP NLST command attempt without login || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_FTP || url,doc.emergingthreats.net/2010737 || url,www.nsftools.com/tips/RawFTP.htm
2010738 || ET EXPLOIT FTP RNTO command attempt without login || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_FTP || url,doc.emergingthreats.net/2010738 || url,www.nsftools.com/tips/RawFTP.htm
2010739 || ET EXPLOIT FTP RNFR command attempt without login || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_FTP || url,doc.emergingthreats.net/2010739 || url,www.nsftools.com/tips/RawFTP.htm
2010740 || ET EXPLOIT FTP STOR command attempt without login || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_FTP || url,doc.emergingthreats.net/2010740 || url,www.nsftools.com/tips/RawFTP.htm
2010741 || ET TROJAN Suspicious exe.exe request - possible downloader/Oficla || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Unknown || url,doc.emergingthreats.net/2010741 || url,anubis.iseclab.org/?action=result&task_id=11873c8979f34c8d4fd0da512df635cac&format=txt
2010742 || ET CURRENT_EVENTS Pinkslipbot Trojan Downloader || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Pinkslipbot || url,doc.emergingthreats.net/2010742
2010743 || ET TROJAN Oficla Checkin || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Oficla || url,doc.emergingthreats.net/2010743 || url,www.threatexpert.com/report.aspx?md5=f71d48a86776f8c0da4d7a46257ff97c
2010744 || ET TROJAN Oficla Russian Malware Bundle C&C instruction response (2) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Unknown || url,doc.emergingthreats.net/2010724 || url,malwarelab.org/2009/11/russian-malware-bundle/
2402001 || ET DROP Dshield Block Listed Source || url,feeds.dshield.org/block.txt
2403001 || ET DROP Dshield Block Listed Source - BLOCKING || url,feeds.dshield.org/block.txt
2500796 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (399) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500797 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (399) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500798 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (400) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500799 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (400) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500800 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (401) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500801 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (401) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500802 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (402) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500803 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (402) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500804 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (403) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500805 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (403) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500806 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (404) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500807 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (404) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500808 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (405) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500809 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (405) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500810 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (406) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500811 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (406) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500812 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (407) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500813 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (407) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500814 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (408) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500815 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (408) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500816 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (409) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500817 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (409) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500818 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (410) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500819 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (410) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500820 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (411) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500821 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (411) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500822 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (412) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500823 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (412) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500824 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (413) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500825 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (413) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500826 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (414) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500827 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (414) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500828 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (415) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500829 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (415) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500830 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (416) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500831 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (416) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500832 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (417) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500833 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (417) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500834 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (418) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500835 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (418) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500836 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (419) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500837 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (419) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500838 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (420) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500839 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (420) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500840 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (421) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500841 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (421) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500842 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (422) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500843 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (422) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510796 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (399) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510797 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (399) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510798 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (400) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510799 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (400) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510800 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (401) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510801 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (401) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510802 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (402) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510803 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (402) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510804 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (403) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510805 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (403) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510806 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (404) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510807 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (404) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510808 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (405) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510809 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (405) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510810 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (406) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510811 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (406) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510812 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (407) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510813 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (407) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510814 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (408) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510815 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (408) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510816 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (409) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510817 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (409) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510818 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (410) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510819 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (410) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510820 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (411) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510821 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (411) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510822 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (412) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510823 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (412) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510824 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (413) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510825 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (413) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510826 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (414) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510827 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (414) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510828 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (415) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510829 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (415) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510830 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (416) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510831 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (416) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510832 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (417) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510833 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (417) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510834 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (418) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510835 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (418) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510836 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (419) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510837 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (419) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510838 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (420) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510839 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (420) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510840 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (421) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510841 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (421) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510842 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (422) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510843 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (422) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
-> Added to emerging-sid-msg.map.txt (141):
2000033 || ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) || cve,2003-0533 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_LSASRV_DLL_RPC_Exploit_winXP || url,doc.emergingthreats.net/bin/view/Main/2000033
2000046 || ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (Win2k) || cve,2003-0533 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_LSASRV_DLL_RPC_Exploit_win2k || url,doc.emergingthreats.net/bin/view/Main/2000046
2002997 || ET WEB_SERVER PHP Remote File Inclusion (monster list http) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_RFI_Generic || url,doc.emergingthreats.net/2002997 || url,www.sans.org/top20/
2003329 || ET VOIP Centrality IP Phone (PA-168 Chipset) Session Hijacking || cve,2007-0528 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VOIP/VOIP_IP_Phone || url,doc.emergingthreats.net/bin/view/Main/2003329 || url,www.milw0rm.com/exploits/3189
2003411 || ET EXPLOIT Solaris telnet USER environment vuln Attack inbound || cve,2007-0882 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_Solaris_TelnetUserEnv || url,doc.emergingthreats.net/bin/view/Main/2003411 || url,isc.sans.org/diary.html?n&storyid=2220 || url,riosec.com/solaris-telnet-0-day
2003412 || ET EXPLOIT Solaris telnet USER environment vuln Attack outbound || cve,2007-0882 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_Solaris_TelnetUserEnv || url,doc.emergingthreats.net/bin/view/Main/2003412 || url,isc.sans.org/diary.html?n&storyid=2220 || url,riosec.com/solaris-telnet-0-day
2007851 || ET WEB_CLIENT Citrix Presentation Server Client WFICA.OCX ActiveX Component Heap Buffer Overflow Exploit || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_Citrix || url,doc.emergingthreats.net/bin/view/Main/2007851 || cve,CVE-2006-6334 || bugtraq,21458 || url,www.milw0rm.com/exploits/5106
2008063 || ET EXPLOIT MDAEMON (Post Auth) Remote Root IMAP FETCH Command Universal Exploit || cve,2008-1358 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_Mdaemon || url,doc.emergingthreats.net/bin/view/Main/2008063 || bugtraq,28245 || url,www.milw0rm.com/exploits/5248
2008426 || ET EXPLOIT SecurityGateway 1.0.1 Remote Buffer Overflow || cve,2008-4193 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_SecurityGateway || url,doc.emergingthreats.net/bin/view/Main/2008426 || url,milw0rm.com/exploits/5718 || url,frsirt.com/english/advisories/2008/1717
2008660 || ET TROJAN Torpig Infection Reporting || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Torpig || url,offensivecomputing.net/?q=node/909 || url,doc.emergingthreats.net/2008660 || url,www.cs.ucsb.edu/~seclab/projects/torpig/torpig.pdf || url,www2.gmer.net/mbr/
2009828 || ET EXPLOIT Possible IIS FTP Exploit attempt - Large SITE command || cve,2009-3023 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_IISFTP || url,doc.emergingthreats.net/2009828 || url,www.milw0rm.com/exploits/9541
2009860 || ET Exploit IIS FTP Exploit - NLST Globbing Exploit || cve,2009-3023 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_IISFTP || url,doc.emergingthreats.net/2009860 || url,www.milw0rm.com/exploits/9541
2010546 || ET EXPLOIT HP Open View Data Protector Buffer Overflow Attempt || cve,2007-2281 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_HP || url,doc.emergingthreats.net/2010546 || url,dvlabs.tippingpoint.com/advisory/TPTI-09-15
2010701 || ET WEB_SPECIFIC_APPS VBulletin 4.0.1 SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_vBulletin || url,doc.emergingthreats.net/2010701 || url,www.packetstormsecurity.org/1001-exploits/vbulletin401-sql.txt
2010716 || ET CURRENT_EVENTS Malwareurl - wywg executable download Likely Malware || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malwareurl_top_downloads || url,doc.emergingthreats.net/2010716 || url,malwareurl.com
2010717 || ET USER_AGENTS Suspicious User-Agent (FaceCooker) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_FaceCooker || url,doc.emergingthreats.net/2010717
2010718 || ET USER_AGENTS Suspicious User-Agent (Gootkit hldr) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_GootKit || url,doc.emergingthreats.net/2010718
2010719 || ET WEB_SPECIFIC_APPS e107 CMS backdoor access, admin-access cookie and HTTP POST || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_e107 || url,doc.emergingthreats.net/2010719 || url,www.e107.org/news.php || url,seclists.org/fulldisclosure/2010/Jan/480
2010720 || ET WEB_SERVER PHP Scan Precursor || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_nonexist || url,doc.emergingthreats.net/2010720
2010721 || ET USER_AGENTS Suspicious Non-Escaping backslash in User-Agent Outbound || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_Backslash || url,doc.emergingthreats.net/2010721 || url,mws.amazon.com/docs/devGuide/UserAgent.html || url,www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
2010722 || ET USER_AGENTS Suspicious Non-Escaping backslash in User-Agent Inbound || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_Backslash || url,doc.emergingthreats.net/2010722 || url,mws.amazon.com/docs/devGuide/UserAgent.html || url,www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
2010723 || ET TROJAN Oficla Russian Malware Bundle C&C instruction response with runurl || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Unknown || url,doc.emergingthreats.net/2010723 || url,malwarelab.org/2009/11/russian-malware-bundle/
2010724 || ET TROJAN Oficla Russian Malware Bundle C&C instruction response || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Unknown || url,doc.emergingthreats.net/2010724 || url,malwarelab.org/2009/11/russian-malware-bundle/
2010725 || ET POLICY ApacheBenchmark[ab] Tool User-Agent Detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_ApacheBenchmark || url,doc.emergingthreats.net/2010725 || url,httpd.apache.org/docs/2.0/programs/ab.html/
2010726 || ET WEB_SPECIFIC_APPS Adobe browser document ActiveX DoS Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Adobe || url,doc.emergingthreats.net/2010726 || url,www.packetstormsecurity.nl/0911-exploits/acropdf-dos.txt
2010727 || ET USER_AGENTS Suspicious User-Agent (Live Enterprise Suite) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_LiveAntivurusSuite || url,doc.emergingthreats.net/2010727
2010728 || ET WEB_SPECIFIC_APPS WordPress wp-admin/admin.php Module Configuration Security Bypass Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Wordpress || url,doc.emergingthreats.net/2010728 || cve,2009-2334 || url,www.securityfocus.com/bid/35584
2010729 || ET CURRENT_EVENTS Zeus Bot / Zbot Checkin (/us01d/in.php) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Zeus || url,doc.emergingthreats.net/2010729 || url,garwarner.blogspot.com/2010/01/american-bankers-association-version-of.html
2010730 || ET WEB_SERVER Possible Cisco ASA Appliance Clientless SSL VPN HTML Rewriting Security Bypass Attempt/Cross Site Scripting Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Cisco || url,doc.emergingthreats.net/2010730 || cve,2009-1202 || cve,2009-1201 || url,www.securityfocus.com/bid/35476 || url,www.securityfocus.com/archive/1/504516 || url,tools.cisco.com/security/center/viewAlert.x?alertId=18442
2010731 || ET EXPLOIT FTP CWD command attempt without login || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_FTP || url,doc.emergingthreats.net/2010731 || url,www.nsftools.com/tips/RawFTP.htm
2010732 || ET EXPLOIT FTP SITE command attempt without login || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_FTP || url,doc.emergingthreats.net/2010732 || url,www.nsftools.com/tips/RawFTP.htm
2010733 || ET EXPLOIT FTP RMDIR command attempt without login || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_FTP || url,doc.emergingthreats.net/2010733 || url,www.nsftools.com/tips/RawFTP.htm
2010734 || ET EXPLOIT FTP MKDIR command attempt without login || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_FTP || url,doc.emergingthreats.net/2010734 || url,www.nsftools.com/tips/RawFTP.htm
2010735 || ET EXPLOIT FTP PWD command attempt without login || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_FTP || url,doc.emergingthreats.net/2010735 || url,www.nsftools.com/tips/RawFTP.htm
2010736 || ET EXPLOIT FTP RETR command attempt without login || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_FTP || url,doc.emergingthreats.net/2010736 || url,www.nsftools.com/tips/RawFTP.htm
2010737 || ET EXPLOIT FTP NLST command attempt without login || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_FTP || url,doc.emergingthreats.net/2010737 || url,www.nsftools.com/tips/RawFTP.htm
2010738 || ET EXPLOIT FTP RNTO command attempt without login || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_FTP || url,doc.emergingthreats.net/2010738 || url,www.nsftools.com/tips/RawFTP.htm
2010739 || ET EXPLOIT FTP RNFR command attempt without login || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_FTP || url,doc.emergingthreats.net/2010739 || url,www.nsftools.com/tips/RawFTP.htm
2010740 || ET EXPLOIT FTP STOR command attempt without login || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_FTP || url,doc.emergingthreats.net/2010740 || url,www.nsftools.com/tips/RawFTP.htm
2010741 || ET TROJAN Suspicious exe.exe request - possible downloader/Oficla || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Unknown || url,doc.emergingthreats.net/2010741 || url,anubis.iseclab.org/?action=result&task_id=11873c8979f34c8d4fd0da512df635cac&format=txt
2010742 || ET CURRENT_EVENTS Pinkslipbot Trojan Downloader || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Pinkslipbot || url,doc.emergingthreats.net/2010742
2010743 || ET TROJAN Oficla Checkin || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Oficla || url,doc.emergingthreats.net/2010743 || url,www.threatexpert.com/report.aspx?md5=f71d48a86776f8c0da4d7a46257ff97c
2010744 || ET TROJAN Oficla Russian Malware Bundle C&C instruction response (2) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Unknown || url,doc.emergingthreats.net/2010724 || url,malwarelab.org/2009/11/russian-malware-bundle/
2402001 || ET DROP Dshield Block Listed Source || url,feeds.dshield.org/block.txt
2403001 || ET DROP Dshield Block Listed Source - BLOCKING || url,feeds.dshield.org/block.txt
2500796 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (399) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500797 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (399) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500798 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (400) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500799 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (400) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500800 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (401) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500801 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (401) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500802 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (402) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500803 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (402) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500804 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (403) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500805 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (403) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500806 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (404) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500807 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (404) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500808 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (405) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500809 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (405) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500810 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (406) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500811 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (406) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500812 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (407) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500813 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (407) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500814 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (408) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500815 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (408) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500816 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (409) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500817 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (409) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500818 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (410) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500819 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (410) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500820 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (411) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500821 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (411) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500822 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (412) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500823 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (412) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500824 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (413) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500825 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (413) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500826 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (414) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500827 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (414) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500828 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (415) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500829 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (415) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500830 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (416) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500831 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (416) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500832 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (417) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500833 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (417) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500834 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (418) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500835 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (418) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500836 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (419) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500837 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (419) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500838 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (420) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500839 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (420) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500840 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (421) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500841 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (421) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500842 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (422) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2500843 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (422) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510796 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (399) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510797 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (399) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510798 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (400) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510799 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (400) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510800 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (401) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510801 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (401) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510802 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (402) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510803 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (402) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510804 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (403) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510805 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (403) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510806 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (404) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510807 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (404) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510808 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (405) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510809 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (405) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510810 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (406) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510811 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (406) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510812 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (407) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510813 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (407) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510814 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (408) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510815 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (408) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510816 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (409) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510817 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (409) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510818 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (410) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510819 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (410) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510820 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (411) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510821 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (411) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510822 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (412) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510823 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (412) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510824 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (413) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510825 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (413) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510826 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (414) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510827 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (414) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510828 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (415) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510829 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (415) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510830 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (416) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510831 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (416) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510832 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (417) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510833 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (417) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510834 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (418) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510835 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (418) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510836 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (419) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510837 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (419) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510838 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (420) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510839 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (420) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510840 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (421) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510841 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (421) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510842 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (422) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
2510843 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (422) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
-> Added to emerging-virus.rules (3):
##by darren spruell
#by evilghost and darren spruell
#disabled, starting to false too often
-> Added to emerging.rules (1):
# $Id: emerging.rules $
[---] Removed non-rule lines: [---]
-> Removed from emerging-drop-BLOCK.rules (2):
# VERSION 1792
# Generated 2010-01-23 00:03:01 EDT
-> Removed from emerging-drop.rules (2):
# VERSION 1792
# Generated 2010-01-23 00:03:01 EDT
-> Removed from emerging-sid-msg.map (17):
2000033 || ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_LSASRV_DLL_RPC_Exploit_winXP || url,doc.emergingthreats.net/bin/view/Main/2000033
2000046 || ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (Win2k) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_LSASRV_DLL_RPC_Exploit_win2k || url,doc.emergingthreats.net/bin/view/Main/2000046
2002997 || ET WEB_SERVER Remote File Inclusion (monster list http) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_PHP || url,doc.emergingthreats.net/2002997 || url,www.sans.org/top20/
2003329 || ET VOIP Centrality IP Phone (PA-168 Chipset) Session Hijacking || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VOIP/VOIP_IP_Phone || url,doc.emergingthreats.net/bin/view/Main/2003329 || url,www.milw0rm.com/exploits/3189
2003411 || ET EXPLOIT Solaris telnet USER environment vuln Attack inbound || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_Solaris_TelnetUserEnv || url,doc.emergingthreats.net/bin/view/Main/2003411 || url,isc.sans.org/diary.html?n&storyid=2220 || url,riosec.com/solaris-telnet-0-day
2003412 || ET EXPLOIT Solaris telnet USER environment vuln Attack outbound || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_Solaris_TelnetUserEnv || url,doc.emergingthreats.net/bin/view/Main/2003412 || url,isc.sans.org/diary.html?n&storyid=2220 || url,riosec.com/solaris-telnet-0-day
2007851 || ET EXPLOIT Citrix Presentation Server Client WFICA.OCX ActiveX Component Heap Buffer Overflow Exploit || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_Citrix || url,doc.emergingthreats.net/bin/view/Main/2007851 || cve,CVE-2006-6334 || bugtraq,21458 || url,www.milw0rm.com/exploits/5106
2008063 || ET EXPLOIT MDAEMON (Post Auth) Remote Root IMAP FETCH Command Universal Exploit || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_Mdaemon || url,doc.emergingthreats.net/bin/view/Main/2008063 || bugtraq,28245 || url,www.milw0rm.com/exploits/5248
2008426 || ET EXPLOIT SecurityGateway 1.0.1 Remote Buffer Overflow || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_SecurityGateway || url,doc.emergingthreats.net/bin/view/Main/2008426 || url,milw0rm.com/exploits/5718 || url,frsirt.com/english/advisories/2008/1717
2008660 || ET TROJAN Torpig Infection Reporting || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Torpig || url,doc.emergingthreats.net/2008660
2009828 || ET EXPLOIT Possible IIS FTP Exploit attempt - Large SITE command || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_IISFTP || url,doc.emergingthreats.net/2009828 || url,www.milw0rm.com/exploits/9541
2009860 || ET Exploit IIS FTP Exploit - NLST Globbing Exploit || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_IISFTP || url,doc.emergingthreats.net/2009860 || url,www.milw0rm.com/exploits/9541
2010443 || ET CURRENT_EVENTS MALWARE Potential Malware Download, rogue antivirus downloader (installer.1.exe) || url,doc.emergingthreats.net/2010443 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malwareurl_top_downloads || url,malwareurl.com
2010445 || ET CURRENT_EVENTS MALWARE Potential Malware Download, java exploit || url,doc.emergingthreats.net/2010445 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malwareurl_top_downloads || url,malwareurl.com
2010533 || ET CURRENT_EVENTS Malwareurl.com - potential oficla downlaod (sdfg.jar) || url,doc.emergingthreats.net/2010533 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malwareurl_top_downloads || url,www.malwareurl.com
2010546 || ET EXPLOIT HP Open View Data Protector Buffer Overflow Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_HP || url,doc.emergingthreats.net/2010546 || url,dvlabs.tippingpoint.com/advisory/TPTI-09-15
2010701 || ET WEB_SPECIFIC_APPS VBulletin 4.0.1 SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_vBulletin.bak || url,doc.emergingthreats.net/2010701 || url,www.packetstormsecurity.org/1001-exploits/vbulletin401-sql.txt
-> Removed from emerging-sid-msg.map.txt (17):
2000033 || ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_LSASRV_DLL_RPC_Exploit_winXP || url,doc.emergingthreats.net/bin/view/Main/2000033
2000046 || ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (Win2k) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_LSASRV_DLL_RPC_Exploit_win2k || url,doc.emergingthreats.net/bin/view/Main/2000046
2002997 || ET WEB_SERVER Remote File Inclusion (monster list http) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_PHP || url,doc.emergingthreats.net/2002997 || url,www.sans.org/top20/
2003329 || ET VOIP Centrality IP Phone (PA-168 Chipset) Session Hijacking || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VOIP/VOIP_IP_Phone || url,doc.emergingthreats.net/bin/view/Main/2003329 || url,www.milw0rm.com/exploits/3189
2003411 || ET EXPLOIT Solaris telnet USER environment vuln Attack inbound || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_Solaris_TelnetUserEnv || url,doc.emergingthreats.net/bin/view/Main/2003411 || url,isc.sans.org/diary.html?n&storyid=2220 || url,riosec.com/solaris-telnet-0-day
2003412 || ET EXPLOIT Solaris telnet USER environment vuln Attack outbound || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_Solaris_TelnetUserEnv || url,doc.emergingthreats.net/bin/view/Main/2003412 || url,isc.sans.org/diary.html?n&storyid=2220 || url,riosec.com/solaris-telnet-0-day
2007851 || ET EXPLOIT Citrix Presentation Server Client WFICA.OCX ActiveX Component Heap Buffer Overflow Exploit || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_Citrix || url,doc.emergingthreats.net/bin/view/Main/2007851 || cve,CVE-2006-6334 || bugtraq,21458 || url,www.milw0rm.com/exploits/5106
2008063 || ET EXPLOIT MDAEMON (Post Auth) Remote Root IMAP FETCH Command Universal Exploit || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_Mdaemon || url,doc.emergingthreats.net/bin/view/Main/2008063 || bugtraq,28245 || url,www.milw0rm.com/exploits/5248
2008426 || ET EXPLOIT SecurityGateway 1.0.1 Remote Buffer Overflow || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_SecurityGateway || url,doc.emergingthreats.net/bin/view/Main/2008426 || url,milw0rm.com/exploits/5718 || url,frsirt.com/english/advisories/2008/1717
2008660 || ET TROJAN Torpig Infection Reporting || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Torpig || url,doc.emergingthreats.net/2008660
2009828 || ET EXPLOIT Possible IIS FTP Exploit attempt - Large SITE command || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_IISFTP || url,doc.emergingthreats.net/2009828 || url,www.milw0rm.com/exploits/9541
2009860 || ET Exploit IIS FTP Exploit - NLST Globbing Exploit || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_IISFTP || url,doc.emergingthreats.net/2009860 || url,www.milw0rm.com/exploits/9541
2010443 || ET CURRENT_EVENTS MALWARE Potential Malware Download, rogue antivirus downloader (installer.1.exe) || url,doc.emergingthreats.net/2010443 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malwareurl_top_downloads || url,malwareurl.com
2010445 || ET CURRENT_EVENTS MALWARE Potential Malware Download, java exploit || url,doc.emergingthreats.net/2010445 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malwareurl_top_downloads || url,malwareurl.com
2010533 || ET CURRENT_EVENTS Malwareurl.com - potential oficla downlaod (sdfg.jar) || url,doc.emergingthreats.net/2010533 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malwareurl_top_downloads || url,www.malwareurl.com
2010546 || ET EXPLOIT HP Open View Data Protector Buffer Overflow Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_HP || url,doc.emergingthreats.net/2010546 || url,dvlabs.tippingpoint.com/advisory/TPTI-09-15
2010701 || ET WEB_SPECIFIC_APPS VBulletin 4.0.1 SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_vBulletin.bak || url,doc.emergingthreats.net/2010701 || url,www.packetstormsecurity.org/1001-exploits/vbulletin401-sql.txt
More information about the Emerging-sigs
mailing list