[Emerging-Sigs] Daily Ruleset Update Summary 12/14/2012

Will Metcalf wmetcalf at emergingthreatspro.com
Fri Dec 14 09:44:58 HAST 2012


 [***]          Summary:          [***]

16 new Open rules 19 new Pro rules (16/3)

2016030 - 2016031 Recent LOIC activity
2016032 JCE Joomla Scanner
2016033 Simple Slowloris Flooder
2016034 Fake Opera UA seen being dropped by EK's
2016035 Sibhost
2016036 - 2016045 Still Secure WebApp/ActiveX sigs.

2805838 - 2805840 Daily Pro Trojan/Malware Coverage


 [+++]          Added rules:          [+++]

  Open:
  2016030 - ET CURRENT_EVENTS LOIC POST (current_events.rules)
  2016031 - ET CURRENT_EVENTS LOIC GET (current_events.rules)
  2016032 - ET CURRENT_EVENTS JCE Joomla Scanner (current_events.rules)
  2016033 - ET CURRENT_EVENTS Simple Slowloris Flooder
(current_events.rules)
  2016034 - ET TROJAN Faked Russian Opera UA without Accept - probable
downloader (trojan.rules)
  2016035 - ET CURRENT_EVENTS Possible SibHost PDF Request
(current_events.rules)
  2016036 - ET WEB_SPECIFIC_APPS Simplemachines view parameter Cross Site
Scripting Attempt (web_specific_apps.rules)
  2016037 - ET WEB_SPECIFIC_APPS WordPress FSML Plugin fsml-admin.js.php
Remote File Inclusion Attempt (web_specific_apps.rules)
  2016038 - ET WEB_SPECIFIC_APPS WordPress FSML Plugin fsml-hideshow.js.php
Remote File Inclusion Attempt (web_specific_apps.rules)
  2016039 - ET WEB_SPECIFIC_APPS Havalite userId parameter Cross Site
Scripting Attempt (web_specific_apps.rules)
  2016040 - ET WEB_SPECIFIC_APPS SimpleInvoices having parameter Cross Site
Scripting Attempt (web_specific_apps.rules)
  2016041 - ET ACTIVEX Possible NVIDIA Install Application ActiveX Control
AddPackages Unicode Buffer Overflow (activex.rules)
  2016042 - ET WEB_SPECIFIC_APPS Manhali download.php Local File Inclusion
Vulnerability (web_specific_apps.rules)
  2016043 - ET WEB_SPECIFIC_APPS RIPS code.php Local File Inclusion
Vulnerability (web_specific_apps.rules)
  2016044 - ET WEB_SPECIFIC_APPS RIPS function.php Local File Inclusion
Vulnerability (web_specific_apps.rules)
  2016045 - ET WEB_SPECIFIC_APPS Admidio headline parameter Cross Site
Scripting Attempt (web_specific_apps.rules)

  Pro:
  2805838 - ETPRO TROJAN Unknown Trojan UA ????[A-F] (trojan.rules)
  2805839 - ETPRO TROJAN Win32/Tibs.gen!G /
Trojan-Downloader.Win32.Zlob.jsq Checkin (trojan.rules)
  2805840 - ETPRO MOBILE_MALWARE Andr/FakeIns-B /
Trojan-SMS.AndroidOS.Agent.a Checkin (mobile_malware.rules)


 [///]     Modified active rules:     [///]

  2015951 - ET CURRENT_EVENTS SibHost Jar Request (current_events.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20121214/026ca91a/attachment.html>


More information about the Emerging-sigs mailing list