[Emerging-Sigs] Weekly Ruleset Update Summary 12/7/2012

Matt Jonkman jonkman at emergingthreats.net
Fri Dec 7 07:11:59 HAST 2012


23 new open rules, 20 new Pro rules for 43 total new this week.

Have a great weekend!

[+++]          Added rules:          [+++]

 2015975 - ET EXPLOIT MySQL Stack based buffer overrun Exploit Specific
(exploit.rules)
 2015976 - ET TROJAN WORM_VOBFUS Checkin Generic (trojan.rules)
 2015977 - ET CURRENT_EVENTS probable malicious Glazunov Javascript
injection (current_events.rules)
 2015978 - ET CURRENT_EVENTS Blackhole Java applet with obfuscated URL Dec
03 2012 (current_events.rules)
 2015979 - ET CURRENT_EVENTS CritXPack - Landing Page (current_events.rules)
 2015980 - ET CURRENT_EVENTS PHISH Google - Account Phished
(current_events.rules)
 2015981 - ET CURRENT_EVENTS Zuponcic Hostile Jar (current_events.rules)
 2015982 - ET CURRENT_EVENTS Zuponcic Hostile JavaScript
(current_events.rules)
 2015983 - ET CURRENT_EVENTS PHISH Bank - York - Creds Phished
(current_events.rules)
 2015984 - ET CURRENT_EVENTS Joomla Component SQLi Attempt
(current_events.rules)
 2015985 - ET TROJAN Win32/Kuluoz.B Request (trojan.rules)
 2015986 - ET SCAN MYSQL MySQL Remote FAST Account Password Cracking
(scan.rules)
 2015987 - ET EXPLOIT MySQL Heap based buffer overrun Exploit Specific
(exploit.rules)
 2015988 - ET CURRENT_EVENTS CrimeBoss - Stats Load Fail
(current_events.rules)
 2015989 - ET CURRENT_EVENTS RedKit - Potential Java Exploit Requested - 3
digit jar (current_events.rules)
 2015990 - ET CURRENT_EVENTS RedKit - Potential Payload Requested -
/2Digit.html (current_events.rules)
 2015991 - ET CURRENT_EVENTS Robopak - Landing Page Received
(current_events.rules)
 2015992 - ET EXPLOIT MySQL (Linux) Database Privilege Elevation (Exploit
Specific) (exploit.rules)
 2015993 - ET ATTACK_RESPONSE MySQL User Account Enumeration
(attack_response.rules)
 2015994 - ET INFO MySQL Database Query Version OS compile (info.rules)
 2015995 - ET EXPLOIT MySQL Server for Windows Remote SYSTEM Level Exploit
(Stuxnet Techique DUMP INTO executable) (exploit.rules)
 2015996 - ET EXPLOIT MySQL Server for Windows Remote SYSTEM Level Exploit
(Stuxnet Techique) (exploit.rules)
 2015997 - ET CURRENT_EVENTS Fake Google Chrome Update/Install
(current_events.rules)


Pro Subscriber rules:

 2805753 - ETPRO TROJAN Trojan/Genome.jpl Checkin (trojan.rules)
 2805754 - ETPRO TROJAN Trojan.Fakealert Checkin (trojan.rules)
 2805755 - ETPRO WEB_SPECIFIC_APPS Nagios XI Network Monitor - OS Command
Injection (web_specific_apps.rules)
 2805756 - ETPRO WEB_SPECIFIC_APPS Nagios XI Network Monitor - Blind SQL
Injection (web_specific_apps.rules)
 2805757 - ETPRO WEB_SPECIFIC_APPS Symantec Messaging Gateway 9.5.3-3 -
Arbitrary file download 1 (web_specific_apps.rules)
 2805758 - ETPRO WEB_SPECIFIC_APPS Symantec Messaging Gateway 9.5.3-3 -
Arbitrary file download 2 (web_specific_apps.rules)
 2805759 - ETPRO TROJAN Koobface.L Checkin (trojan.rules)
 2805760 - ETPRO TROJAN Trojan.Win32.Besysad.a / TROJ_SMALL.AHF Checkin
(trojan.rules)
 2805761 - ETPRO TROJAN Trojan-Ransom.Win32.Foreign.vcs Checkin
(trojan.rules)
 2805762 - ETPRO TROJAN
Trojan-Dropper.Win32.Agent.mg<http://trojan-dropper.win32.agent.mg/>
Checkin
(trojan.rules)
 2805763 - ETPRO TROJAN W32/Dloader.IRQ!tr Checkin (trojan.rules)
 2805764 - ETPRO TROJAN Win32/Frethem.S at mm Checkin (trojan.rules)
 2805765 - ETPRO TROJAN Win32/Alureon.BV /
Trojan.TDss.FJ<http://trojan.tdss.fj/> Checkin
(trojan.rules)
 2805766 - ETPRO TROJAN Win32/AgentBypass.gen!G Checkin 2 (trojan.rules)
 2805767 - ETPRO TROJAN Win32/Spy.Agent.OBQ / Backdoor.Win32.Nosrawec
Checkin (trojan.rules)
 2805768 - ETPRO TROJAN Unknown Trojan Checkin (trojan.rules)
 2805769 - ETPRO TROJAN Trojan.Win32.Klovbot Checkin (trojan.rules)
 2805770 - ETPRO TROJAN Unknown Trojan Checkin (trojan.rules)
 2805771 - ETPRO TROJAN Taidoor Checkin (trojan.rules)
 2805772 - ETPRO TROJAN Trojan-Ransomware Checkin (trojan.rules)


[///]     Modified active rules:     [///]

 2014385 - ET DOS Microsoft Remote Desktop (RDP) Syn/Ack Outbound Flowbit
Set (dos.rules)
 2015759 - ET CURRENT_EVENTS Blackhole Java Exploit Recent Jar (4)
(current_events.rules)
 2015887 - ET CURRENT_EVENTS Possible exploitation of CVE-2012-5076 by an
exploit kit Nov 13 2012 (current_events.rules)
 2015893 - ET CURRENT_EVENTS CoolEK - PDF Exploit - pdf_old.php
(current_events.rules)
 2015922 - ET CURRENT_EVENTS Possible Glazunov Java exploit request
/10-/5-digit (current_events.rules)
 2015927 - ET CURRENT_EVENTS RedKit /h***.htm(l) Landing Page - Set
(current_events.rules)
 2015951 - ET CURRENT_EVENTS SibHost Jar Request (current_events.rules)

 2804611 - ETPRO TROJAN Hoax.Win32.ArchSMS.mhzq Checkin (trojan.rules)
 2805564 - ETPRO TROJAN Trojan.Win32.Inject.etds Checkin (trojan.rules)
 2805752 - ETPRO TROJAN Win32/Ksare.A /
Trojan-Dropper.Win32.Mudrop.kg<http://trojan-dropper.win32.mudrop.kg/>
Checkin
(trojan.rules)


[---]         Removed rules:         [---]

 2002774 - ET MALWARE Corpsespyware.net Blind Data Upload (malware.rules)
 2003182 - ET TROJAN Prg Trojan v0.1-v0.3 Data Upload (trojan.rules)
 2014753 - ET CURRENT_EVENTS probable malicious Glazunov Javascript
injection (current_events.rules)

-- 

----------------------------------------------------
Matt Jonkman
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 866-504-2523 x110
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20121207/6cb17c56/attachment.html>


More information about the Emerging-sigs mailing list