[Emerging-Sigs] [Etpro-sigs] Daily Ruleset Update Summary 10/5/2011

Martin Holste mcholste at gmail.com
Wed Oct 5 09:33:37 EDT 2011


I thought you were posting my UDP rule, but I don't see it in here.

On Wed, Oct 5, 2011 at 12:17 AM, Matthew Jonkman
<jonkman at emergingthreatspro.com> wrote:
> 35 new rules total. 13 in the Open ruleset and 20 in Pro.
>
> Enjoy!
>
> We have new SCADA,  Loads of good stuff today. [+++]          Added rules:          [+++]
>
>  2013730 - ET SCADA PcVue Activex Control Insecure method (AddPage) (scada.rules)
>  2013731 - ET SCADA PcVue Activex Control Insecure method (DeletePage) (scada.rules)
>  2013732 - ET SCADA PcVue Activex Control Insecure method (SaveObject) (scada.rules)
>  2013733 - ET SCADA PcVue Activex Control Insecure method (LoadObject) (scada.rules)
>  2013734 - ET SCADA PcVue Activex Control Insecure method (GetExtendedColor) (scada.rules)
>  2013735 - ET SCADA Sunway ForceControl Activex Control Vulnerability (scada.rules)
>  2013736 - ET SCADA Sunway ForceControl Activex Control Remote Code Execution Vulnerability 2 (scada.rules)
>  2013737 - ET TROJAN Suspicious User-Agent (GenericHttp/VER_STR_COMMA) (trojan.rules)
>  2013738 - ET WEB_SPECIFIC_APPS Joomla RokQuickCart view Parameter Local File Inclusion Attempt (web_specific_apps.rules)
>  2013740 - ET CURRENT_EVENTS Zeus Variant Post to CnC Server (current_events.rules)
>  2013741 - ET TROJAN Trojan-Dropper.Win32.StartPage.dvm or Mebromi Bios Rootkit CnC Count Checkin (trojan.rules)
>  2013742 - ET WEB_CLIENT Google Chrome Multiple Iframe PDF File Handling Memory Corruption Attempt (web_client.rules)
>  2013743 - ET DNS Query for a Suspicious no-ip Dynamic DNS Domain (dns.rules)
>  2013744 - ET TROJAN HTTP Request to no-ip Dynamic DNS Domain (trojan.rules)
>  2013745 - ET TROJAN Double HTTP/1.1 Header Likely Hostile Traffic (trojan.rules)
>
> Pro rules:
>
>  2803791 - ETPRO TROJAN Win32/Plingky.A Checkin (trojan.rules)
>  2803792 - ETPRO TROJAN Trojan.Generic.KDV.367757 Checkin (trojan.rules)
>  2803793 - ETPRO TROJAN Virus.Win32.CrazyPrier.A Checkin (trojan.rules)
>  2803794 - ETPRO TROJAN Trojan.Win32.OddJob.A Checkin 3 (trojan.rules)
>  2803795 - ETPRO TROJAN Worm.Win32.Ackantta.B via SMTP flowbit set 1 (trojan.rules)
>  2803796 - ETPRO TROJAN Worm.Win32.Ackantta.B via SMTP 1 (trojan.rules)
>  2803797 - ETPRO TROJAN Worm.Win32.Ackantta.B via SMTP flowbit set 2 (trojan.rules)
>  2803798 - ETPRO TROJAN Worm.Win32.Ackantta.B via SMTP 2 (trojan.rules)
>  2803799 - ETPRO TROJAN Worm.Win32.Ackantta.B via SMTP flowbit set 3 (trojan.rules)
>  2803800 - ETPRO TROJAN Worm.Win32.Ackantta.B via SMTP 3 (trojan.rules)
>  2803801 - ETPRO ACTIVEX PIPI Player PIPIWebPlayer ActiveX Control Buffer Overflow (activex.rules)
>  2803802 - ETPRO POLICY PIPIWebPlayer User-Agent (PIPIPlayer) (policy.rules)
>  2803803 - ETPRO POLICY PIPIWebPlayer User-Agent (jfCacheMgr) (policy.rules)
>  2803804 - ETPRO POLICY Games Site lava.cn User-Agent (DDVInstall) (policy.rules)
>  2803805 - ETPRO TROJAN Win32/Hermes.B at mm User-Agent (Hermes) (trojan.rules)
>  2803806 - ETPRO TROJAN Variant.Buzy.4001 Checkin (trojan.rules)
>  2803807 - ETPRO TROJAN Win32/Sefnit.O Checkin (trojan.rules)
>  2803808 - ETPRO TROJAN Worm.Win32/Chiviper.A Checkin (trojan.rules)
>  2803809 - ETPRO MALWARE Win32/Adware.GabPath.BM User-Agent (Blammi) (malware.rules)
>  2803810 - ETPRO TROJAN Win32/Unruy.R Checkin (trojan.rules)
>
>
>
> [///]     Modified active rules:     [///]
>
>  2008049 - ET TROJAN Yahoo550.com Related Downloader/Trojan Checkin (trojan.rules)
>  2011996 - ET TROJAN Darkness DDoS Bot Checkin (trojan.rules)
>  2013376 - ET TROJAN W32/Nolja Trojan User-Agent (FileNolja) (trojan.rules)
>
>  2803364 - ETPRO TROJAN Win32/Sefnit.L Checkin (trojan.rules)
>
>
> [---]         Removed rules:         [---]
>
> Just renaming:
>  2801670 - ETPRO TROJAN Backdoor.Win32.Dtd.A Checkin (trojan.rules)
>  2803162 - ETPRO TROJAN Win32/Sefnit Checkin (trojan.rules)
>
> ----------------------------------------------------
> Matt Jonkman
> Emerging Threats Pro
> Open Information Security Foundation (OISF)
> Phone 866-504-2523 x110
> http://www.emergingthreatspro.com
> http://www.openinfosecfoundation.org
> ----------------------------------------------------
>
>
> _______________________________________________
> Etpro-sigs mailing list
> Etpro-sigs at emergingthreatspro.com
> http://lists.emergingthreatspro.com/mailman/listinfo/etpro-sigs
>
>


More information about the Emerging-sigs mailing list