<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7654.12">
<TITLE>StillSecure: 10 New Signatures - October 14th, 2011</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->

<P><FONT SIZE=2>Hi Matt,<BR>
<BR>
Please find the 10 signatures below,<BR>
<BR>
1. VIRUS Suspicious user-agent string (Se2011)<BR>
alert tcp $HOME_NET any -&gt; $EXTERNAL_NET $HTTP_PORTS (msg:&quot;VIRUS Suspicious user-agent string (Se2011)&quot;; flow:established,to_server; content:&quot;|0d 0a|User-Agent|3a| Se2011&quot;; classtype:trojan-activity; reference:url,threatexpert.com/report.aspx?md5=ed1ad8a8ff2357b1665055ac01b2df14; sid:14101; rev:1;)<BR>
<BR>
2. VIRUS Suspicious user-agent string (GPRecover)<BR>
alert tcp $HOME_NET any -&gt; $EXTERNAL_NET $HTTP_PORTS (msg:&quot;VIRUS Suspicious user-agent string (GPRecover)&quot;; flow:established,to_server; content:&quot;|0d 0a|User-Agent|3a| GPRecover&quot;; classtype:trojan-activity; reference:url,virustotal.com/file-scan/report.html?id=9524777b79c1e5ead00906f3d19c8714be5dba144bd3978adb2b05252fa0c739-1300934042; sid:14102; rev:1;)<BR>
<BR>
3. VIRUS suspicious useragent string EjUpdate<BR>
alert tcp $HOME_NET any -&gt; $EXTERNAL_NET $HTTP_PORTS (msg:&quot;VIRUS suspicious useragent string EjUpdate&quot;; flow:established,to_server; content:&quot;|0d 0a|User-Agent|3A 20|EjUpdate&quot;; classtype:trojan-activity; reference:url,threatexpert.com/report.aspx?md5=7bd56e44af2ea2267bf8de2bb98101ff; sid:1110111;rev:1;)<BR>
<BR>
4. WEB-PHP ShowTopKB.php script Remote File inclusion Attempt<BR>
alert tcp $EXTERNAL_NET any -&gt; $HTTP_SERVERS $HTTP_PORTS (msg:&quot;WEB-PHP ShowTopKB.php script Remote File inclusion Attempt&quot;; flow:established,to_server; content:&quot;GET &quot;; depth:4; uricontent:&quot;/includes/pages/ShowTopKB.php?&quot;; nocase; uricontent:&quot;ReportID=&quot;; nocase; pcre:&quot;/ReportID=\s*(ftps?|https?|php)\:\//Ui&quot;; classtype:web-application-attack; reference:url,packetstormsecurity.org/files/view/105668/2moons-rfi.txt; sid:1110113; rev:1;)<BR>
<BR>
5. WEB-PHP Smarty.class.php script Remote File inclusion Attempt<BR>
alert tcp $EXTERNAL_NET any -&gt; $HTTP_SERVERS $HTTP_PORTS (msg:&quot;WEB-PHP Smarty.class.php script Remote File inclusion Attempt&quot;; flow:established,to_server; content:&quot;GET &quot;; depth:4; uricontent:&quot;/includes/libs/Smarty/Smarty.class.php?&quot;; nocase; uricontent:&quot;file=&quot;; nocase; pcre:&quot;/file=\s*(ftps?|https?|php)\:\//Ui&quot;; classtype:web-application-attack; reference:url,packetstormsecurity.org/files/view/105668/2moons-rfi.txt; sid:1110114; rev:1;)<BR>
<BR>
6. WEB-PHP ShowModVersionPage.php script Remote File inclusion Attempt<BR>
alert tcp $EXTERNAL_NET any -&gt; $HTTP_SERVERS $HTTP_PORTS (msg:&quot;WEB-PHP ShowModVersionPage.php script Remote File inclusion Attempt&quot;; flow:established,to_server; content:&quot;GET &quot;; depth:4; uricontent:&quot;/includes/pages/adm/ShowModVersionPage.php?&quot;; nocase; uricontent:&quot;File=&quot;; nocase; pcre:&quot;/file=\s*(ftps?|https?|php)\:\//Ui&quot;; classtype:web-application-attack; reference:url,packetstormsecurity.org/files/view/105668/2moons-rfi.txt; sid:1110115; rev:1;)<BR>
<BR>
7. WEB-PHP smarty_internal_resource_php.php script Remote File inclusion Attempt<BR>
alert tcp $EXTERNAL_NET any -&gt; $HTTP_SERVERS $HTTP_PORTS (msg:&quot;WEB-PHP smarty_internal_resource_php.php script Remote File inclusion Attempt&quot;; flow:established,to_server; content:&quot;GET &quot;; depth:4; uricontent:&quot;/includes/libs/Smarty/sysplugins/smarty_internal_resource_php.php?&quot;; nocase; uricontent:&quot;_smarty_template=&quot;; nocase; pcre:&quot;/_smarty_template=\s*(ftps?|https?|php)\:\//Ui&quot;; classtype:web-application-attack; reference:url,packetstormsecurity.org/files/view/105668/2moons-rfi.txt; sid:1110116; rev:1;)<BR>
<BR>
8. WEB-PHP smarty_internal_templatecompilerbase.php script Remote File inclusion Attempt<BR>
alert tcp $EXTERNAL_NET any -&gt; $HTTP_SERVERS $HTTP_PORTS (msg:&quot;WEB-PHP smarty_internal_templatecompilerbase.php script Remote File inclusion Attempt&quot;; flow:established,to_server; content:&quot;GET &quot;; depth:4; uricontent:&quot;/includes/libs/Smarty/sysplugins/smarty_internal_templatecompilerbase.php?&quot;; nocase; uricontent:&quot;file=&quot;; nocase; pcre:&quot;/file=\s*(ftps?|https?|php)\:\//Ui&quot;; classtype:web-application-attack; reference:url,packetstormsecurity.org/files/view/105668/2moons-rfi.txt; sid:1110117; rev:1;)<BR>
<BR>
9. WEB-PHP Joomla component CalcBuilder Blind SQL Injection Attempt<BR>
alert tcp $EXTERNAL_NET any -&gt; $HTTP_SERVERS $HTTP_PORTS (msg:&quot;WEB-PHP Joomla component CalcBuilder Blind SQL Injection Attempt&quot;; flow:established,to_server; content:&quot;GET &quot;; depth:4; uricontent:&quot;/index.php?&quot;; nocase; uricontent:&quot;option=com_calcbuilder&quot;; nocase; uricontent:&quot;controller=calcbuilder&quot;; nocase; uricontent:&quot;id=&quot;; nocase; uricontent:&quot;and&quot;; nocase; uricontent:&quot;substring&quot;; nocase; pcre:&quot;/and.*substring\(/Ui&quot;; classtype:web-application-attack; reference:url,packetstormsecurity.org/files/view/102435/joomlacalcbuilder-sql.txt; sid:1210112; rev:1;)<BR>
<BR>
10. WEB-PHP Mambo component N-Namskeid XSS Vulnerability<BR>
alert tcp $EXTERNAL_NET any -&gt; $HTTP_SERVERS $HTTP_PORTS (msg:&quot;WEB-PHP Mambo component N-Namskeid XSS Vulnerability&quot;; flow:established,to_server; uricontent:&quot;/index.php?&quot;; nocase; uricontent:&quot;option=com_n-namskeid&quot;; nocase; uricontent:&quot;do=&quot;; nocase; pcre:&quot;/do\x3d.+(script|onmouse[a-z]+|onkey[a-z]+|onload|onunload|ondragdrop|onblur|onfocus|onclick|ondblclick|onsubmit|onreset|onselect|onchange|style\x3D)/Ui&quot;; classtype:web-application-attack; reference:url,packetstormsecurity.org/files/view/104690/mambonnamskeid-xss.txt; sid:1310111; rev:1;)<BR>
<BR>
Looking forward your comments if any.<BR>
<BR>
Thanks &amp; Regards,<BR>
StillSecure<BR>
<BR>
</FONT>
</P>

</BODY>
</HTML>