[Emerging-updates] Live Commit Output

emerging@emergingthreats.net emerging at emergingthreats.net
Tue Dec 15 12:23:07 EST 2009


[***] Results from Oinkmaster started Tue Dec 15 12:23:07 2009 [***]

[+++]          Added rules:          [+++]

 2010490 - ET TROJAN Vundo User-Agent Check-in (emerging-virus.rules)
 2010491 - ET DOS Possible MYSQL GeomFromWKB() function Denial Of Service Attempt (emerging-dos.rules)
 2010492 - ET DOS Possible MYSQL SELECT WHERE to User Variable Denial Of Service Attempt (emerging-dos.rules)
 2010493 - ET SCAN Non-Allowed Host Tried to Connect to MySQL Server (emerging-scan.rules)
 2010494 - ET SCAN Multiple MySQL Login Failures, Possible Brute Force Attempt (emerging-scan.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to emerging-dos.rules (1):
        #temp disabled till we figure out all options

     -> Added to emerging-sid-msg.map (5):
        2010490 || ET TROJAN Vundo User-Agent Check-in || url,www.symantec.com/security_response/writeup.jsp?docid=2004-112111-3912-99
        2010491 || ET DOS Possible MYSQL GeomFromWKB() function Denial Of Service Attempt || cve,2009-4019 || url,downloads.securityfocus.com/vulnerabilities/exploits/37297.txt || url,marc.info/?l=oss-security&m=125881733826437&w=2 || url,www.securityfocus.com/bid/37297/info
        2010492 || ET DOS Possible MYSQL SELECT WHERE to User Variable Denial Of Service Attempt || cve,2009-4019 || url,downloads.securityfocus.com/vulnerabilities/exploits/37297-2.txt || url,marc.info/?l=oss-security&m=125881733826437&w=2 || www.securityfocus.com/bid/37297/info
        2010493 || ET SCAN Non-Allowed Host Tried to Connect to MySQL Server || url,www.cyberciti.biz/tips/how-do-i-enable-remote-access-to-mysql-database-server.html
        2010494 || ET SCAN Multiple MySQL Login Failures, Possible Brute Force Attempt

     -> Added to emerging-sid-msg.map.txt (5):
        2010490 || ET TROJAN Vundo User-Agent Check-in || url,www.symantec.com/security_response/writeup.jsp?docid=2004-112111-3912-99
        2010491 || ET DOS Possible MYSQL GeomFromWKB() function Denial Of Service Attempt || cve,2009-4019 || url,downloads.securityfocus.com/vulnerabilities/exploits/37297.txt || url,marc.info/?l=oss-security&m=125881733826437&w=2 || url,www.securityfocus.com/bid/37297/info
        2010492 || ET DOS Possible MYSQL SELECT WHERE to User Variable Denial Of Service Attempt || cve,2009-4019 || url,downloads.securityfocus.com/vulnerabilities/exploits/37297-2.txt || url,marc.info/?l=oss-security&m=125881733826437&w=2 || www.securityfocus.com/bid/37297/info
        2010493 || ET SCAN Non-Allowed Host Tried to Connect to MySQL Server || url,www.cyberciti.biz/tips/how-do-i-enable-remote-access-to-mysql-database-server.html
        2010494 || ET SCAN Multiple MySQL Login Failures, Possible Brute Force Attempt



More information about the Emerging-updates mailing list