[Emerging-Sigs] Daily Ruleset Update Summary 12/03/2012

Will Metcalf wmetcalf at emergingthreatspro.com
Mon Dec 3 16:45:23 HAST 2012


[***]          Summary:          [***]

8 new Open rules. 16 (8/8) new Pro rules. Important fixes and tweaks.

2015975 Exploit specific sig for Kingcope 0day more complete coverage on
the way.
2015976 VOBFUS Generic checkin sig for VOBFUS.
2015977 Glazunov Javascript Injection
2015978 Blackhole new obfuscated url seen today.
2015979 CritiXPack landing page
2015980 Google Account Phish
2015981 - 2015982 Additional Zuponcic Coverage

2805753 - 2805760 Daily Pro Trojan/Malware coverage.

[+++]          Added rules:          [+++]

  Open:
  2015975 - ET EXPLOIT MySQL Stack based buffer overrun Exploit Specific
(exploit.rules)
  2015976 - ET TROJAN WORM_VOBFUS Checkin Generic (trojan.rules)
  2015977 - ET CURRENT_EVENTS probable malicious Glazunov Javascript
injection (current_events.rules)
  2015978 - ET CURRENT_EVENTS Blackhole Java applet with obfuscated URL Dec
03 2012 (current_events.rules)
  2015979 - ET CURRENT_EVENTS CritXPack - Landing Page
(current_events.rules)
  2015980 - ET CURRENT_EVENTS PHISH Google - Account Phished
(current_events.rules)
  2015981 - ET CURRENT_EVENTS Zuponcic Hostile Jar (current_events.rules)
  2015982 - ET CURRENT_EVENTS Zuponcic Hostile JavaScript
(current_events.rules)

  Pro:
  2805753 - ETPRO TROJAN Trojan/Genome.jpl Checkin (trojan.rules)
  2805754 - ETPRO TROJAN Trojan.Fakealert Checkin (trojan.rules)
  2805755 - ETPRO WEB_SPECIFIC_APPS Nagios XI Network Monitor - OS Command
Injection (web_specific_apps.rules)
  2805756 - ETPRO WEB_SPECIFIC_APPS Nagios XI Network Monitor - Blind SQL
Injection (web_specific_apps.rules)
  2805757 - ETPRO WEB_SPECIFIC_APPS Symantec Messaging Gateway 9.5.3-3 -
Arbitrary file download 1 (web_specific_apps.rules)
  2805758 - ETPRO WEB_SPECIFIC_APPS Symantec Messaging Gateway 9.5.3-3 -
Arbitrary file download 2 (web_specific_apps.rules)
  2805759 - ETPRO TROJAN Koobface.L Checkin (trojan.rules)
  2805760 - ETPRO TROJAN Trojan.Win32.Besysad.a / TROJ_SMALL.AHF Checkin
(trojan.rules)


 [///]     Modified active rules:     [///]

  Open:
  2015759 - ET CURRENT_EVENTS Blackhole Java Exploit Recent Jar (4)
(current_events.rules)
  2015887 - ET CURRENT_EVENTS Possible exploitation of CVE-2012-5076 by an
exploit kit Nov 13 2012 (current_events.rules)
  2015893 - ET CURRENT_EVENTS CoolEK - PDF Exploit - pdf_old.php
(current_events.rules)
  2015951 - ET CURRENT_EVENTS SibHost Jar Request (current_events.rules)

  Pro:
  2804611 - ETPRO TROJAN Hoax.Win32.ArchSMS.mhzq Checkin (trojan.rules)
  2805564 - ETPRO TROJAN Trojan.Win32.Inject.etds Checkin (trojan.rules)
  2805752 - ETPRO TROJAN Win32/Ksare.A /
Trojan-Dropper.Win32.Mudrop.kgCheckin (trojan.rules)


 [---]         Removed rules:         [---]

  2003182 - ET TROJAN Prg Trojan v0.1-v0.3 Data Upload (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20121203/e09f1a6c/attachment.html>


More information about the Emerging-sigs mailing list