[Emerging-Sigs] Daily Ruleset Update Summary 10/6/2011 SUPPLEMENTAL

Matthew Jonkman jonkman at emergingthreatspro.com
Thu Oct 6 11:45:35 EDT 2011

A supplemental update to modify the following rules for false positives. Please report any issues!

[///]     Modified active rules:     [///]

 2013739 - ET TROJAN Aeausuc or Unknown P2P Bot (trojan.rules)
 2803815 - ETPRO TROJAN Aldi Bot command StartHTTP from CnC server INBOUND (trojan.rules)
 2803817 - ETPRO TROJAN Aldi Bot command StopHTTPDDoS from CnC server INBOUND (trojan.rules)
 2803820 - ETPRO TROJAN Aldi Bot command DownloadEx from CnC server INBOUND (trojan.rules)

[---]         Removed rules:         [---]

A little overzealous. The checkin command gets these fine, and has no FPs.
 2803821 - ETPRO TROJAN Aldi Bot command CreateSocks from CnC server INBOUND (trojan.rules)
 2803823 - ETPRO TROJAN Aldi Bot command Update from CnC server INBOUND (trojan.rules)

Matt Jonkman
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 866-504-2523 x110

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4364 bytes
Desc: not available
Url : http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20111006/7a735559/smime.bin

More information about the Emerging-sigs mailing list