[Emerging-updates] Live Commit Output

emerging@emergingthreats.net emerging at emergingthreats.net
Thu Dec 3 19:14:53 EST 2009


[***] Results from Oinkmaster started Thu Dec  3 19:14:53 2009 [***]

[+++]          Added rules:          [+++]

 2010443 - ET CURRENT_EVENTS MALWARE Potential Malware Download, rogue antivirus downloader (installer.1.exe) (emerging-current_events.rules)
 2010444 - ET CURRENT_EVENTS MALWARE Potential Malware Download, pdf exploit (emerging-current_events.rules)
 2010445 - ET CURRENT_EVENTS MALWARE Potential Malware Download, java exploit (emerging-current_events.rules)
 2010446 - ET CURRENT_EVENTS MALWARE Potential Malware Download, loadjavad.php exploit (emerging-current_events.rules)
 2010447 - ET CURRENT_EVENTS MALWARE Potential Malware Download, rogue antivirus (IAInstall.exe) (emerging-current_events.rules)
 2010448 - ET CURRENT_EVENTS MALWARE Potential Malware Download, trojan zbot (emerging-current_events.rules)
 2010449 - ET CURRENT_EVENTS MALWARE Potential Malware Download, exploit redirect (emerging-current_events.rules)


[///]     Modified active rules:     [///]

 2010050 - ET CURRENT_EVENTS MALWARE Likely Rogue Antivirus Download - Antivirus_21.exe (emerging-current_events.rules)
 2010441 - ET TROJAN Possible Storm Variant HTTP Post (S) (emerging-virus.rules)
 2010442 - ET TROJAN Possible Storm Variant HTTP Post (U) (emerging-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to emerging-current_events.rules (1):
        #by mike cox

     -> Added to emerging-sid-msg.map (9):
        2010441 || ET TROJAN Possible Storm Variant HTTP Post (S) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Storm || url,doc.emergingthreats.net/2010441 || url,www.blackhat.com/presentations/bh-usa-08/Stewart/BH_US_08_Stewart_Protocols_of_the_Storm.pdf || url,cyber.secdev.ca/2009/11/russian-malware-bundle
        2010442 || ET TROJAN Possible Storm Variant HTTP Post (U) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Storm || url,doc.emergingthreats.net/2010442 || url,www.blackhat.com/presentations/bh-usa-08/Stewart/BH_US_08_Stewart_Protocols_of_the_Storm.pdf || url,cyber.secdev.ca/2009/11/russian-malware-bundle
        2010443 || ET CURRENT_EVENTS MALWARE Potential Malware Download, rogue antivirus downloader (installer.1.exe) || url,doc.emergingthreats.net/2010443 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malwareurl_top_downloads || url,malwareurl.com
        2010444 || ET CURRENT_EVENTS MALWARE Potential Malware Download, pdf exploit || url,doc.emergingthreats.net/2010444 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malwareurl_top_downloads || url,malwareurl.com
        2010445 || ET CURRENT_EVENTS MALWARE Potential Malware Download, java exploit || url,doc.emergingthreats.net/2010445 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malwareurl_top_downloads || url,malwareurl.com
        2010446 || ET CURRENT_EVENTS MALWARE Potential Malware Download, loadjavad.php exploit || url,doc.emergingthreats.net/2010446 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malwareurl_top_downloads || url,malwareurl.com
        2010447 || ET CURRENT_EVENTS MALWARE Potential Malware Download, rogue antivirus (IAInstall.exe) || url,doc.emergingthreats.net/2010447 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malwareurl_top_downloads || url,malwareurl.com
        2010448 || ET CURRENT_EVENTS MALWARE Potential Malware Download, trojan zbot || url,doc.emergingthreats.net/2010448 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malwareurl_top_downloads || url,malwareurl.com
        2010449 || ET CURRENT_EVENTS MALWARE Potential Malware Download, exploit redirect || url,doc.emergingthreats.net/2010449 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malwareurl_top_downloads || url,malwareurl.com

     -> Added to emerging-sid-msg.map.txt (9):
        2010441 || ET TROJAN Possible Storm Variant HTTP Post (S) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Storm || url,doc.emergingthreats.net/2010441 || url,www.blackhat.com/presentations/bh-usa-08/Stewart/BH_US_08_Stewart_Protocols_of_the_Storm.pdf || url,cyber.secdev.ca/2009/11/russian-malware-bundle
        2010442 || ET TROJAN Possible Storm Variant HTTP Post (U) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Storm || url,doc.emergingthreats.net/2010442 || url,www.blackhat.com/presentations/bh-usa-08/Stewart/BH_US_08_Stewart_Protocols_of_the_Storm.pdf || url,cyber.secdev.ca/2009/11/russian-malware-bundle
        2010443 || ET CURRENT_EVENTS MALWARE Potential Malware Download, rogue antivirus downloader (installer.1.exe) || url,doc.emergingthreats.net/2010443 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malwareurl_top_downloads || url,malwareurl.com
        2010444 || ET CURRENT_EVENTS MALWARE Potential Malware Download, pdf exploit || url,doc.emergingthreats.net/2010444 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malwareurl_top_downloads || url,malwareurl.com
        2010445 || ET CURRENT_EVENTS MALWARE Potential Malware Download, java exploit || url,doc.emergingthreats.net/2010445 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malwareurl_top_downloads || url,malwareurl.com
        2010446 || ET CURRENT_EVENTS MALWARE Potential Malware Download, loadjavad.php exploit || url,doc.emergingthreats.net/2010446 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malwareurl_top_downloads || url,malwareurl.com
        2010447 || ET CURRENT_EVENTS MALWARE Potential Malware Download, rogue antivirus (IAInstall.exe) || url,doc.emergingthreats.net/2010447 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malwareurl_top_downloads || url,malwareurl.com
        2010448 || ET CURRENT_EVENTS MALWARE Potential Malware Download, trojan zbot || url,doc.emergingthreats.net/2010448 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malwareurl_top_downloads || url,malwareurl.com
        2010449 || ET CURRENT_EVENTS MALWARE Potential Malware Download, exploit redirect || url,doc.emergingthreats.net/2010449 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malwareurl_top_downloads || url,malwareurl.com

[---]     Removed non-rule lines:    [---]

     -> Removed from emerging-sid-msg.map (2):
        2010441 || ET TROJAN Possible Storm Variant HTTP Post (S) || url,www.blackhat.com/presentations/bh-usa-08/Stewart/BH_US_08_Stewart_Protocols_of_the_Storm.pdf || url,cyber.secdev.ca/2009/11/russian-malware-bundle
        2010442 || ET TROJAN Possible Storm Variant HTTP Post (U) || url,www.blackhat.com/presentations/bh-usa-08/Stewart/BH_US_08_Stewart_Protocols_of_the_Storm.pdf || url,cyber.secdev.ca/2009/11/russian-malware-bundle

     -> Removed from emerging-sid-msg.map.txt (2):
        2010441 || ET TROJAN Possible Storm Variant HTTP Post (S) || url,www.blackhat.com/presentations/bh-usa-08/Stewart/BH_US_08_Stewart_Protocols_of_the_Storm.pdf || url,cyber.secdev.ca/2009/11/russian-malware-bundle
        2010442 || ET TROJAN Possible Storm Variant HTTP Post (U) || url,www.blackhat.com/presentations/bh-usa-08/Stewart/BH_US_08_Stewart_Protocols_of_the_Storm.pdf || url,cyber.secdev.ca/2009/11/russian-malware-bundle



More information about the Emerging-updates mailing list