[Emerging-Sigs] Daily Ruleset Update Summary 10/20/2011

Matthew Jonkman jonkman at emergingthreatspro.com
Thu Oct 20 15:09:07 EDT 2011


14 new rules today and a few tweaks. 7 open and 7 pro subscriber rules. 

Enjoy!!


[+++]          Added rules:          [+++]

 2010824 - ET TROJAN Torpig Ping-Pong Keepalives Outbound (trojan.rules)
 2010825 - ET TROJAN Torpig Ping-Pong Keepalives Inbound (trojan.rules)
 2013784 - ET POLICY Windows Mobile 7.0 User-Agent detected (policy.rules)
 2013785 - ET TROJAN Zentom FakeAV Checkin (trojan.rules)
 2013786 - ET CURRENT_EVENTS Blackhole Acrobat 8/9.3 PDF exploit download request 2 (current_events.rules)
 2013787 - ET CURRENT_EVENTS Blackhole Acrobat 1-7 PDF exploit download request 2 (current_events.rules)
 2013788 - ET CURRENT_EVENTS Likely Blackhole Exploit Kit Driveby ?doit Download Secondary Request (current_events.rules)

 2803890 - ETPRO TROJAN Win32/Alureon.FL Checkin (trojan.rules)
 2803891 - ETPRO TROJAN TrojanSpy.Win32/Banker.AAX Checkin (trojan.rules)
 2803892 - ETPRO MALWARE AdWare.Win32.Eorezo Install (malware.rules)
 2803893 - ETPRO TROJAN Trojan-Downloader.Win32.Bagle.eds Checkin (trojan.rules)
 2803894 - ETPRO TROJAN Win32/Danginex Checkin (trojan.rules)
 2803895 - ETPRO TROJAN Trojan/Win32.AutoIt.gen Checkin (trojan.rules)
 2803896 - ETPRO TROJAN TrojanDownloader.Win32/Carberp.A Checkin (trojan.rules)


[///]     Modified active rules:     [///]

 2009125 - ET TROJAN Trojan.Win32.Inject.esi Outbound Communication (trojan.rules)
 2009486 - ET TROJAN Pingbed/Downbot User-Agent (Windows+NT+5.1) (trojan.rules)
 2013739 - ET TROJAN Zeus/Aeausuc or Unknown P2P Bot (trojan.rules)


[---]         Removed rules:         [---]

 2803371 - ETPRO TROJAN Qhost/Stegvob/Bredolab Checkin (trojan.rules)


----------------------------------------------------
Matt Jonkman
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 866-504-2523 x110
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------



More information about the Emerging-sigs mailing list