[Emerging-Sigs] Daily Ruleset Update Summary 09/25/2014

Will Metcalf wmetcalf at emergingthreatspro.com
Thu Sep 25 13:56:07 EDT 2014


[+++]          Summary:          [+++]

6 new Open. 8 new Pro (2/6).

Added http_cookie vector for the 2014-6271 (tks @inliniac). We also enabled
by default ELF download sigs in POLICY. Most of the exploitation attempts
we are seeing are trying to pull down ELF DDoS bots. Depending on your
environment, you might want to disable although I think downloads of
straight ELF's is probably pretty rare for most orgs.

[+++]          Added rules:          [+++]

  Open:
  2019239 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie
(web_server.rules)
  2019240 - ET POLICY Executable and linking format (ELF) file download
Over HTTP (policy.rules)

  Pro:
  2808886 - ETPRO EXPLOIT EMC AlphaStor Device Manager Opcode 0x75 Command
Injection (exploit.rules)
  2808887 - ETPRO TROJAN Win32/BrowserPassview Checkin via SMTP
(trojan.rules)
  2808888 - ETPRO TROJAN Win32/BrowserPassview Checkin via SMTP 2
(trojan.rules)
  2808889 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Masnu.a Checkin
(mobile_malware.rules)
  2808890 - ETPRO MOBILE_MALWARE Android.Trojan.SMSSend.CH Checkin
(mobile_malware.rules)
  2808891 - ETPRO MOBILE_MALWARE AndroidOS/Agent.EJ Checkin
(mobile_malware.rules)


 [+++]  Enabled and modified rules:   [+++]

  2000418 - ET POLICY Executable and linking format (ELF) file download
(policy.rules)


 [///]     Modified active rules:     [///]

  2807982 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.gj Checkin
(mobile_malware.rules)
  2808485 - ETPRO MALWARE Win32/AdWare.ICLoader.A Checkin (malware.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20140925/692f63fb/attachment.html>


More information about the Emerging-sigs mailing list