[Emerging-Sigs] Emerging Threats Daily Signature Changes

emerging@emergingthreats.net emerging at emergingthreats.net
Mon Oct 4 16:00:14 EDT 2010


[***] Results from Oinkmaster started Mon Oct  4 16:00:14 2010 [***]

[+++]          Added rules:          [+++]

 2010589 - ET POLICY Possible Reference to Al Qaeda Propaganda Theme (fardh ain) SMTP (emerging-policy.rules)
 2010590 - ET POLICY Possible Reference to Al Qaeda Propaganda Theme/Group (Takfir) SMTP (emerging-policy.rules)
 2011589 - ET ACTIVEX Microsoft DirectX 9 msvidctl.dll ActiveX Control Code Execution Attempt (emerging-web_client.rules)
 2011590 - ET ACTIVEX Microsoft DirectX 9 ActiveX Control Format String Function Call (emerging-web_client.rules)


[---]         Removed rules:         [---]

 2010589 - ET ACTIVEX Microsoft DirectX 9 msvidctl.dll ActiveX Control Code Execution Attempt (emerging-web_client.rules)
 2010590 - ET ACTIVEX Microsoft DirectX 9 ActiveX Control Format String Function Call (emerging-web_client.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to emerging-sid-msg.map (6):
        2011589 || ET ACTIVEX Microsoft DirectX 9 msvidctl.dll ActiveX Control Code Execution Attempt || url,packetstorm.linuxsecurity.com/1009-exploits/msvidctl-activex.txt
        2011590 || ET ACTIVEX Microsoft DirectX 9 ActiveX Control Format String Function Call || url,packetstorm.linuxsecurity.com/1009-exploits/msvidctl-activex.txt
        2500510 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (256) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500511 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (256) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510510 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (256) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510511 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (256) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts

     -> Added to emerging-sid-msg.map.txt (6):
        2011589 || ET ACTIVEX Microsoft DirectX 9 msvidctl.dll ActiveX Control Code Execution Attempt || url,packetstorm.linuxsecurity.com/1009-exploits/msvidctl-activex.txt
        2011590 || ET ACTIVEX Microsoft DirectX 9 ActiveX Control Format String Function Call || url,packetstorm.linuxsecurity.com/1009-exploits/msvidctl-activex.txt
        2500510 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (256) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500511 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (256) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510510 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (256) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510511 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (256) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts

[---]     Removed non-rule lines:    [---]

     -> Removed from emerging-attack_response.rules (1):
        # $Id: emerging-attack_response.rules $

     -> Removed from emerging-current_events.rules (1):
        # $Id: emerging-current_events.rules $

     -> Removed from emerging-dos.rules (1):
        # $Id: emerging-dos.rules $

     -> Removed from emerging-exploit.rules (1):
        # $Id: emerging-exploit.rules $

     -> Removed from emerging-game.rules (1):
        # $Id: emerging-game.rules $

     -> Removed from emerging-inappropriate.rules (1):
        # $Id: emerging-inappropriate.rules $

     -> Removed from emerging-malware.rules (1):
        # $Id: emerging-malware.rules $

     -> Removed from emerging-p2p.rules (1):
        # $Id: emerging-p2p.rules $

     -> Removed from emerging-policy.rules (1):
        # $Id: emerging-policy.rules $

     -> Removed from emerging-scan.rules (1):
        # $Id: emerging-scan.rules $

     -> Removed from emerging-sid-msg.map (8):
        2404308 || ET DROP Known Bot C&C Server Traffic TCP (group 155)  || url,www.shadowserver.org
        2404309 || ET DROP Known Bot C&C Server Traffic UDP (group 155)  || url,www.shadowserver.org
        2404310 || ET DROP Known Bot C&C Server Traffic TCP (group 156)  || url,www.shadowserver.org
        2404311 || ET DROP Known Bot C&C Server Traffic UDP (group 156)  || url,www.shadowserver.org
        2405308 || ET DROP Known Bot C&C Traffic TCP (group 155) - BLOCKING SOURCE || url,www.shadowserver.org
        2405309 || ET DROP Known Bot C&C Traffic UDP (group 155) - BLOCKING SOURCE || url,www.shadowserver.org
        2405310 || ET DROP Known Bot C&C Traffic TCP (group 156) - BLOCKING SOURCE || url,www.shadowserver.org
        2405311 || ET DROP Known Bot C&C Traffic UDP (group 156) - BLOCKING SOURCE || url,www.shadowserver.org

     -> Removed from emerging-sid-msg.map.txt (8):
        2404308 || ET DROP Known Bot C&C Server Traffic TCP (group 155)  || url,www.shadowserver.org
        2404309 || ET DROP Known Bot C&C Server Traffic UDP (group 155)  || url,www.shadowserver.org
        2404310 || ET DROP Known Bot C&C Server Traffic TCP (group 156)  || url,www.shadowserver.org
        2404311 || ET DROP Known Bot C&C Server Traffic UDP (group 156)  || url,www.shadowserver.org
        2405308 || ET DROP Known Bot C&C Traffic TCP (group 155) - BLOCKING SOURCE || url,www.shadowserver.org
        2405309 || ET DROP Known Bot C&C Traffic UDP (group 155) - BLOCKING SOURCE || url,www.shadowserver.org
        2405310 || ET DROP Known Bot C&C Traffic TCP (group 156) - BLOCKING SOURCE || url,www.shadowserver.org
        2405311 || ET DROP Known Bot C&C Traffic UDP (group 156) - BLOCKING SOURCE || url,www.shadowserver.org

     -> Removed from emerging-user_agents.rules (1):
        # $Id: emerging-user_agents.rules $

     -> Removed from emerging-virus.rules (1):
        # $Id: emerging-virus.rules $

     -> Removed from emerging-voip.rules (1):
        # $Id: emerging-voip.rules $

     -> Removed from emerging-web.rules (1):
        # $Id: emerging-web.rules $

     -> Removed from emerging-web_client.rules (1):
        # $Id: emerging-web_client.rules $

     -> Removed from emerging-web_server.rules (1):
        # $Id: emerging-web-server.rules $

     -> Removed from emerging-web_specific_apps.rules (1):
        # $Id: emerging-web_specific_apps.rules $

     -> Removed from emerging-web_sql_injection.rules (1):
        # $Id: emerging-web_sql_injection.rules $



More information about the Emerging-sigs mailing list