[Emerging-Sigs] Daily Ruleset Update Summary 10/5/2011

Matthew Jonkman jonkman at emergingthreatspro.com
Wed Oct 5 01:17:17 EDT 2011


35 new rules total. 13 in the Open ruleset and 20 in Pro.

Enjoy!

We have new SCADA,  Loads of good stuff today. [+++]          Added rules:          [+++]

 2013730 - ET SCADA PcVue Activex Control Insecure method (AddPage) (scada.rules)
 2013731 - ET SCADA PcVue Activex Control Insecure method (DeletePage) (scada.rules)
 2013732 - ET SCADA PcVue Activex Control Insecure method (SaveObject) (scada.rules)
 2013733 - ET SCADA PcVue Activex Control Insecure method (LoadObject) (scada.rules)
 2013734 - ET SCADA PcVue Activex Control Insecure method (GetExtendedColor) (scada.rules)
 2013735 - ET SCADA Sunway ForceControl Activex Control Vulnerability (scada.rules)
 2013736 - ET SCADA Sunway ForceControl Activex Control Remote Code Execution Vulnerability 2 (scada.rules)
 2013737 - ET TROJAN Suspicious User-Agent (GenericHttp/VER_STR_COMMA) (trojan.rules)
 2013738 - ET WEB_SPECIFIC_APPS Joomla RokQuickCart view Parameter Local File Inclusion Attempt (web_specific_apps.rules)
 2013740 - ET CURRENT_EVENTS Zeus Variant Post to CnC Server (current_events.rules)
 2013741 - ET TROJAN Trojan-Dropper.Win32.StartPage.dvm or Mebromi Bios Rootkit CnC Count Checkin (trojan.rules)
 2013742 - ET WEB_CLIENT Google Chrome Multiple Iframe PDF File Handling Memory Corruption Attempt (web_client.rules)
 2013743 - ET DNS Query for a Suspicious no-ip Dynamic DNS Domain (dns.rules)
 2013744 - ET TROJAN HTTP Request to no-ip Dynamic DNS Domain (trojan.rules)
 2013745 - ET TROJAN Double HTTP/1.1 Header Likely Hostile Traffic (trojan.rules)

Pro rules:

 2803791 - ETPRO TROJAN Win32/Plingky.A Checkin (trojan.rules)
 2803792 - ETPRO TROJAN Trojan.Generic.KDV.367757 Checkin (trojan.rules)
 2803793 - ETPRO TROJAN Virus.Win32.CrazyPrier.A Checkin (trojan.rules)
 2803794 - ETPRO TROJAN Trojan.Win32.OddJob.A Checkin 3 (trojan.rules)
 2803795 - ETPRO TROJAN Worm.Win32.Ackantta.B via SMTP flowbit set 1 (trojan.rules)
 2803796 - ETPRO TROJAN Worm.Win32.Ackantta.B via SMTP 1 (trojan.rules)
 2803797 - ETPRO TROJAN Worm.Win32.Ackantta.B via SMTP flowbit set 2 (trojan.rules)
 2803798 - ETPRO TROJAN Worm.Win32.Ackantta.B via SMTP 2 (trojan.rules)
 2803799 - ETPRO TROJAN Worm.Win32.Ackantta.B via SMTP flowbit set 3 (trojan.rules)
 2803800 - ETPRO TROJAN Worm.Win32.Ackantta.B via SMTP 3 (trojan.rules)
 2803801 - ETPRO ACTIVEX PIPI Player PIPIWebPlayer ActiveX Control Buffer Overflow (activex.rules)
 2803802 - ETPRO POLICY PIPIWebPlayer User-Agent (PIPIPlayer) (policy.rules)
 2803803 - ETPRO POLICY PIPIWebPlayer User-Agent (jfCacheMgr) (policy.rules)
 2803804 - ETPRO POLICY Games Site lava.cn User-Agent (DDVInstall) (policy.rules)
 2803805 - ETPRO TROJAN Win32/Hermes.B at mm User-Agent (Hermes) (trojan.rules)
 2803806 - ETPRO TROJAN Variant.Buzy.4001 Checkin (trojan.rules)
 2803807 - ETPRO TROJAN Win32/Sefnit.O Checkin (trojan.rules)
 2803808 - ETPRO TROJAN Worm.Win32/Chiviper.A Checkin (trojan.rules)
 2803809 - ETPRO MALWARE Win32/Adware.GabPath.BM User-Agent (Blammi) (malware.rules)
 2803810 - ETPRO TROJAN Win32/Unruy.R Checkin (trojan.rules)



[///]     Modified active rules:     [///]

 2008049 - ET TROJAN Yahoo550.com Related Downloader/Trojan Checkin (trojan.rules)
 2011996 - ET TROJAN Darkness DDoS Bot Checkin (trojan.rules)
 2013376 - ET TROJAN W32/Nolja Trojan User-Agent (FileNolja) (trojan.rules)

 2803364 - ETPRO TROJAN Win32/Sefnit.L Checkin (trojan.rules)


[---]         Removed rules:         [---]

Just renaming:
 2801670 - ETPRO TROJAN Backdoor.Win32.Dtd.A Checkin (trojan.rules)
 2803162 - ETPRO TROJAN Win32/Sefnit Checkin (trojan.rules)

----------------------------------------------------
Matt Jonkman
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 866-504-2523 x110
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4364 bytes
Desc: not available
Url : http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20111005/d230b301/smime-0001.bin


More information about the Emerging-sigs mailing list