[Emerging-updates] Live Commit Output

emerging@emergingthreats.net emerging at emergingthreats.net
Fri Mar 14 18:28:01 EST 2008


[***] Results from Oinkmaster started Fri Mar 14 19:28:01 2008 [***]

[+++]          Added rules:          [+++]

 2008001 - ET CURRENT_EVENTS 2117966.net/iframe exploit (infection) (bleeding.rules)
 2008002 - ET CURRENT_EVENTS 2117966.net/iframe exploit (attempt) (bleeding.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (2):
        2008001 || ET CURRENT_EVENTS 2117966.net/iframe exploit (infection) || url,isc.sans.org/diary.html?storyid=4139
        2008002 || ET CURRENT_EVENTS 2117966.net/iframe exploit (attempt) || url,isc.sans.org/diary.html?storyid=4139

     -> Added to bleeding-sid-msg.map.txt (2):
        2008001 || ET CURRENT_EVENTS 2117966.net/iframe exploit (infection) || url,isc.sans.org/diary.html?storyid=4139
        2008002 || ET CURRENT_EVENTS 2117966.net/iframe exploit (attempt) || url,isc.sans.org/diary.html?storyid=4139

     -> Added to bleeding.rules (5):
        # From SANS/Diary isc.sans.org/diary.html?storyid=4139
        # Inspect your web proxy logs for visitors to 2117966.net. This will
        # indicate who is potentially exposed. Check these systems to verify
        # that their patches are up-to-date. Systems that are successfully
        # compromised will begin sending traffic to 61.188.39.175



More information about the Emerging-updates mailing list