[Emerging-Sigs] Daily Ruleset Update Summary 12/21/2012

Will Metcalf wmetcalf at emergingthreatspro.com
Fri Dec 21 11:56:57 HAST 2012


[***]          Summary:          [***]

17 new rules. A couple of fixes and tweaks.

2016073 SofosFO
2016074 Unknown Trojan UA
2016075 UA associated with FakeAV
2016076 - 2016083 Still Secure WEB_SPECIFIC/ACTIVEX sigs.
2016087 Unk Banker
2016088 SmokeLoader Server response
2016089 FakeAV checkin

[+++]          Added rules:          [+++]

  2016073 - ET CURRENT_EVENTS SofosFO - possible second stage landing page
(current_events.rules)
  2016074 - ET TROJAN User-Agent seen with confirmed C&C check-in
(trojan.rules)
  2016075 - ET TROJAN FakeAV Checkin (trojan.rules)
  2016076 - ET WEB_SPECIFIC_APPS WordPress Video Lead Form plugin errMsg
parameter Cross Site Scripting Attempt (web_specific_apps.rules)
  2016077 - ET WEB_SPECIFIC_APPS Amateur Photographer Image Gallery albumid
parameter Cross Site Scripting Attempt (web_specific_apps.rules)
  2016078 - ET WEB_SPECIFIC_APPS Amateur Photographer Image Gallery file
parameter Local File Inclusion Attempt (web_specific_apps.rules)
  2016079 - ET WEB_SPECIFIC_APPS simple machines forum include parameter
Local File Inclusion Attempt (web_specific_apps.rules)
  2016080 - ET WEB_SPECIFIC_APPS WordPress Cloudsafe365 file parameter
Local File Inclusion Attempt (web_specific_apps.rules)
  2016081 - ET WEB_SPECIFIC_APPS Zenphoto date parameter Cross Site
Scripting Attempt (web_specific_apps.rules)
  2016082 - ET WEB_SPECIFIC_APPS Wordpress Token Manager Plugin
tokenmanageredit page XSS Attempt (web_specific_apps.rules)
  2016083 - ET WEB_SPECIFIC_APPS Wordpress Token Manager Plugin
tokenmanagertypeedit page XSS Attempt (web_specific_apps.rules)
  2016084 - ET ACTIVEX Possible HP ALM XGO.ocx ActiveX Control
SetShapeNodeType method Remote Code Execution (activex.rules)
  2016085 - ET ACTIVEX Possible Cyme ChartFX client server ActiveX Control
ShowPropertiesDialog arbitrary code execution (activex.rules)
  2016086 - ET WEB_SPECIFIC_APPS SonicWALL SonicOS searchStr XML Tag Script
Insertion Attempt (web_specific_apps.rules)
  2016087 - ET CURRENT_EVENTS TROJAN Unk_Banker - Check In
(current_events.rules)
  2016088 - ET TROJAN SmokeLoader - Init 0x (trojan.rules)
  2016089 - ET TROJAN FakeAV checkin (trojan.rules)


 [///]     Modified active rules:     [///]

  2016070 - ET CURRENT_EVENTS SofosFO obfuscator string 19 Dec 12 -
possible landing (current_events.rules)
  2016071 - ET CURRENT_EVENTS SofosFO 20 Dec 12 - .jar file request
(current_events.rules)
  2016072 - ET CURRENT_EVENTS SofosFO 20 Dec 12 - .pdf file request
(current_events.rules)
  2402000 - ET DROP Dshield Block Listed Source (dshield.rules)
  2805761 - ETPRO TROJAN Trojan-Ransom.Win32.Foreign.vcs Checkin
(trojan.rules)


 [---]         Removed rules:         [---]

  2805808 - ETPRO TROJAN Trojan.Win32.Jorik.Agent.cqn Checkin (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20121221/e67d655e/attachment.html>


More information about the Emerging-sigs mailing list