[Emerging-updates] Live Commit Output

emerging@emergingthreats.net emerging at emergingthreats.net
Thu Dec 17 10:17:23 EST 2009


[***] Results from Oinkmaster started Thu Dec 17 10:17:23 2009 [***]

[///]     Modified active rules:     [///]

 2010500 - ET MALWARE Executable purporting to be .txt file with no Referrer - Likely Malware (emerging-malware.rules)
 2010501 - ET MALWARE Executable purporting to be .cfg file with no Referrer - Likely Malware (emerging-malware.rules)
 2010502 - ET MALWARE Executable purporting to be .bin file with no Referrer - Likely Malware (emerging-malware.rules)
 2010503 - ET MALWARE Executable purporting to be .jpg file with no Referrer - Likely Malware (emerging-malware.rules)
 2010504 - ET TROJAN Potential Palevo executable download, executable purporting to be different file (emerging-virus.rules)
 2010505 - ET WEB_SPECIFIC_APPS Cisco Adaptive Security Appliance WebVPN Cross Site Scripting Attempt (emerging-web_specific_apps.rules)
 2010506 - ET WEB_SPECIFIC_APPS Cisco BBSM Captive Portal AccesCodeStart.asp Cross-Site Scripting Attempt (emerging-web_specific_apps.rules)
 2010507 - ET WEB_SPECIFIC_APPS Possible APC Switched Rack PDU Web Administration Interface Cross Site Scripting Attempt (emerging-web_specific_apps.rules)
 2010508 - ET SCAN Springenwerk XSS Scanner User-Agent Detected (emerging-scan.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to emerging-sid-msg.map (9):
        2010500 || ET MALWARE Executable purporting to be .txt file with no Referrer - Likely Malware || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_Covert_Executable_DL || url,doc.emergingthreats.net/2010500 || url,www.symantec.com/security_response/writeup.jsp?docid=2009-072313-3630-99
        2010501 || ET MALWARE Executable purporting to be .cfg file with no Referrer - Likely Malware || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_Covert_Executable_DL || url,doc.emergingthreats.net/2010501 || url,www.symantec.com/security_response/writeup.jsp?docid=2009-072313-3630-99
        2010502 || ET MALWARE Executable purporting to be .bin file with no Referrer - Likely Malware || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_Covert_Executable_DL || url,doc.emergingthreats.net/2010502 || url,www.symantec.com/security_response/writeup.jsp?docid=2009-072313-3630-99
        2010503 || ET MALWARE Executable purporting to be .jpg file with no Referrer - Likely Malware || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_Covert_Executable_DL || url,doc.emergingthreats.net/2010503 || url,www.symantec.com/security_response/writeup.jsp?docid=2009-072313-3630-99
        2010504 || ET TROJAN Potential Palevo executable download, executable purporting to be different file || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Mariposa || url,doc.emergingthreats.net/2010504 || url,www.symantec.com/security_response/writeup.jsp?docid=2009-072313-3630-99
        2010505 || ET WEB_SPECIFIC_APPS Cisco Adaptive Security Appliance WebVPN Cross Site Scripting Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Cisco || url,doc.emergingthreats.net/2010505 || cve,2009-1220 || url,tools.cisco.com/security/center/viewAlert.x?alertId=17950 || url,www.securityfocus.com/bid/34307/info
        2010506 || ET WEB_SPECIFIC_APPS Cisco BBSM Captive Portal AccesCodeStart.asp Cross-Site Scripting Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Cisco || url,doc.emergingthreats.net/2010506 || cve,2008-2165 || url,www.securityfocus.com/bid/29191/info
        2010507 || ET WEB_SPECIFIC_APPS Possible APC Switched Rack PDU Web Administration Interface Cross Site Scripting Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_APC || url,doc.emergingthreats.net/2010507 || url,securitytracker.com/alerts/2009/Dec/1023331.html
        2010508 || ET SCAN Springenwerk XSS Scanner User-Agent Detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Springenwerk || url,doc.emergingthreats.net/2010508 || url,springenwerk.org/

     -> Added to emerging-sid-msg.map.txt (9):
        2010500 || ET MALWARE Executable purporting to be .txt file with no Referrer - Likely Malware || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_Covert_Executable_DL || url,doc.emergingthreats.net/2010500 || url,www.symantec.com/security_response/writeup.jsp?docid=2009-072313-3630-99
        2010501 || ET MALWARE Executable purporting to be .cfg file with no Referrer - Likely Malware || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_Covert_Executable_DL || url,doc.emergingthreats.net/2010501 || url,www.symantec.com/security_response/writeup.jsp?docid=2009-072313-3630-99
        2010502 || ET MALWARE Executable purporting to be .bin file with no Referrer - Likely Malware || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_Covert_Executable_DL || url,doc.emergingthreats.net/2010502 || url,www.symantec.com/security_response/writeup.jsp?docid=2009-072313-3630-99
        2010503 || ET MALWARE Executable purporting to be .jpg file with no Referrer - Likely Malware || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_Covert_Executable_DL || url,doc.emergingthreats.net/2010503 || url,www.symantec.com/security_response/writeup.jsp?docid=2009-072313-3630-99
        2010504 || ET TROJAN Potential Palevo executable download, executable purporting to be different file || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Mariposa || url,doc.emergingthreats.net/2010504 || url,www.symantec.com/security_response/writeup.jsp?docid=2009-072313-3630-99
        2010505 || ET WEB_SPECIFIC_APPS Cisco Adaptive Security Appliance WebVPN Cross Site Scripting Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Cisco || url,doc.emergingthreats.net/2010505 || cve,2009-1220 || url,tools.cisco.com/security/center/viewAlert.x?alertId=17950 || url,www.securityfocus.com/bid/34307/info
        2010506 || ET WEB_SPECIFIC_APPS Cisco BBSM Captive Portal AccesCodeStart.asp Cross-Site Scripting Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Cisco || url,doc.emergingthreats.net/2010506 || cve,2008-2165 || url,www.securityfocus.com/bid/29191/info
        2010507 || ET WEB_SPECIFIC_APPS Possible APC Switched Rack PDU Web Administration Interface Cross Site Scripting Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_APC || url,doc.emergingthreats.net/2010507 || url,securitytracker.com/alerts/2009/Dec/1023331.html
        2010508 || ET SCAN Springenwerk XSS Scanner User-Agent Detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Springenwerk || url,doc.emergingthreats.net/2010508 || url,springenwerk.org/

[---]     Removed non-rule lines:    [---]

     -> Removed from emerging-sid-msg.map (9):
        2010500 || ET MALWARE Executable purporting to be .txt file with no Referrer - Likely Malware || url,www.symantec.com/security_response/writeup.jsp?docid=2009-072313-3630-99
        2010501 || ET MALWARE Executable purporting to be .cfg file with no Referrer - Likely Malware || url,www.symantec.com/security_response/writeup.jsp?docid=2009-072313-3630-99
        2010502 || ET MALWARE Executable purporting to be .bin file with no Referrer - Likely Malware || url,www.symantec.com/security_response/writeup.jsp?docid=2009-072313-3630-99
        2010503 || ET MALWARE Executable purporting to be .jpg file with no Referrer - Likely Malware || url,www.symantec.com/security_response/writeup.jsp?docid=2009-072313-3630-99
        2010504 || ET TROJAN Potential Palevo executable download, executable purporting to be different file || url,www.symantec.com/security_response/writeup.jsp?docid=2009-072313-3630-99
        2010505 || ET WEB_SPECIFIC_APPS Cisco Adaptive Security Appliance WebVPN Cross Site Scripting Attempt || cve,2009-1220 || url,tools.cisco.com/security/center/viewAlert.x?alertId=17950 || url,www.securityfocus.com/bid/34307/info
        2010506 || ET WEB_SPECIFIC_APPS Cisco BBSM Captive Portal AccesCodeStart.asp Cross-Site Scripting Attempt || cve,2008-2165 || url,www.securityfocus.com/bid/29191/info
        2010507 || ET WEB_SPECIFIC_APPS Possible APC Switched Rack PDU Web Administration Interface Cross Site Scripting Attempt || url,securitytracker.com/alerts/2009/Dec/1023331.html
        2010508 || ET SCAN Springenwerk XSS Scanner User-Agent Detected || url,springenwerk.org/

     -> Removed from emerging-sid-msg.map.txt (9):
        2010500 || ET MALWARE Executable purporting to be .txt file with no Referrer - Likely Malware || url,www.symantec.com/security_response/writeup.jsp?docid=2009-072313-3630-99
        2010501 || ET MALWARE Executable purporting to be .cfg file with no Referrer - Likely Malware || url,www.symantec.com/security_response/writeup.jsp?docid=2009-072313-3630-99
        2010502 || ET MALWARE Executable purporting to be .bin file with no Referrer - Likely Malware || url,www.symantec.com/security_response/writeup.jsp?docid=2009-072313-3630-99
        2010503 || ET MALWARE Executable purporting to be .jpg file with no Referrer - Likely Malware || url,www.symantec.com/security_response/writeup.jsp?docid=2009-072313-3630-99
        2010504 || ET TROJAN Potential Palevo executable download, executable purporting to be different file || url,www.symantec.com/security_response/writeup.jsp?docid=2009-072313-3630-99
        2010505 || ET WEB_SPECIFIC_APPS Cisco Adaptive Security Appliance WebVPN Cross Site Scripting Attempt || cve,2009-1220 || url,tools.cisco.com/security/center/viewAlert.x?alertId=17950 || url,www.securityfocus.com/bid/34307/info
        2010506 || ET WEB_SPECIFIC_APPS Cisco BBSM Captive Portal AccesCodeStart.asp Cross-Site Scripting Attempt || cve,2008-2165 || url,www.securityfocus.com/bid/29191/info
        2010507 || ET WEB_SPECIFIC_APPS Possible APC Switched Rack PDU Web Administration Interface Cross Site Scripting Attempt || url,securitytracker.com/alerts/2009/Dec/1023331.html
        2010508 || ET SCAN Springenwerk XSS Scanner User-Agent Detected || url,springenwerk.org/



More information about the Emerging-updates mailing list