[Emerging-updates] Live Commit Output

emerging@emergingthreats.net emerging at emergingthreats.net
Wed Dec 16 13:04:01 EST 2009


[***] Results from Oinkmaster started Wed Dec 16 13:04:01 2009 [***]

[+++]          Added rules:          [+++]

 2010500 - ET MALWARE Executable purporting to be .txt file with no Referrer - Likely Malware (emerging-malware.rules)
 2010501 - ET MALWARE Executable purporting to be .cfg file with no Referrer - Likely Malware (emerging-malware.rules)
 2010502 - ET MALWARE Executable purporting to be .bin file with no Referrer - Likely Malware (emerging-malware.rules)
 2010503 - ET MALWARE Executable purporting to be .jpg file with no Referrer - Likely Malware (emerging-malware.rules)
 2010504 - ET TROJAN Potential Palevo executable download, executable purporting to be different file (emerging-virus.rules)


[///]     Modified active rules:     [///]

 2010499 - ET CURRENT_EVENTS Adobe Request flowbit set (emerging-current_events.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to emerging-malware.rules (1):
        #by evilghost

     -> Added to emerging-sid-msg.map (6):
        2010499 || ET CURRENT_EVENTS Adobe Request flowbit set || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Adobe || url,doc.emergingthreats.net/2010499
        2010500 || ET MALWARE Executable purporting to be .txt file with no Referrer - Likely Malware || url,www.symantec.com/security_response/writeup.jsp?docid=2009-072313-3630-99
        2010501 || ET MALWARE Executable purporting to be .cfg file with no Referrer - Likely Malware || url,www.symantec.com/security_response/writeup.jsp?docid=2009-072313-3630-99
        2010502 || ET MALWARE Executable purporting to be .bin file with no Referrer - Likely Malware || url,www.symantec.com/security_response/writeup.jsp?docid=2009-072313-3630-99
        2010503 || ET MALWARE Executable purporting to be .jpg file with no Referrer - Likely Malware || url,www.symantec.com/security_response/writeup.jsp?docid=2009-072313-3630-99
        2010504 || ET TROJAN Potential Palevo executable download, executable purporting to be different file || url,www.symantec.com/security_response/writeup.jsp?docid=2009-072313-3630-99

     -> Added to emerging-sid-msg.map.txt (6):
        2010499 || ET CURRENT_EVENTS Adobe Request flowbit set || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Adobe || url,doc.emergingthreats.net/2010499
        2010500 || ET MALWARE Executable purporting to be .txt file with no Referrer - Likely Malware || url,www.symantec.com/security_response/writeup.jsp?docid=2009-072313-3630-99
        2010501 || ET MALWARE Executable purporting to be .cfg file with no Referrer - Likely Malware || url,www.symantec.com/security_response/writeup.jsp?docid=2009-072313-3630-99
        2010502 || ET MALWARE Executable purporting to be .bin file with no Referrer - Likely Malware || url,www.symantec.com/security_response/writeup.jsp?docid=2009-072313-3630-99
        2010503 || ET MALWARE Executable purporting to be .jpg file with no Referrer - Likely Malware || url,www.symantec.com/security_response/writeup.jsp?docid=2009-072313-3630-99
        2010504 || ET TROJAN Potential Palevo executable download, executable purporting to be different file || url,www.symantec.com/security_response/writeup.jsp?docid=2009-072313-3630-99

[---]     Removed non-rule lines:    [---]

     -> Removed from emerging-sid-msg.map (1):
        2010499 || ET CURRENT_EVENTS Adobe Request flowbit set

     -> Removed from emerging-sid-msg.map.txt (1):
        2010499 || ET CURRENT_EVENTS Adobe Request flowbit set



More information about the Emerging-updates mailing list