[Emerging-updates] Live Commit Output

emerging@emergingthreats.net emerging at emergingthreats.net
Mon Dec 21 23:53:53 EST 2009


[***] Results from Oinkmaster started Mon Dec 21 23:53:53 2009 [***]

[+++]          Added rules:          [+++]

 2010535 - ET WEB_SPECIFIC_APPS Joomla Component City Portal (Itemid) Blind SQL Injection Attempt (emerging-web_specific_apps.rules)
 2010536 - ET WEB_SPECIFIC_APPS Joomla Component Event Manager 1.5 (id) Blind SQL Injection Attempt (emerging-web_specific_apps.rules)
 2010537 - ET WEB_SPECIFIC_APPS Joomla Component com_zcalendar (eid) Blind SQL Injection Attempt (emerging-web_specific_apps.rules)
 2010538 - ET WEB_SPECIFIC_APPS Joomla Component com_acmis (Itemid) SQL Injection Attempt (emerging-web_specific_apps.rules)
 2010539 - ET WEB_SPECIFIC_APPS Joomla Component com_digistore (pid) Blind SQL Injection Attempt (emerging-web_specific_apps.rules)
 2010540 - ET WEB_SPECIFIC_APPS Joomla Component com_jbook (Itemid) Blind SQL Injection Attempt (emerging-web_specific_apps.rules)
 2010541 - ET WEB_SPECIFIC_APPS Joomla Component com_personel (id) Blind SQL Injection Attempt (emerging-web_specific_apps.rules)
 2010542 - ET WEB_SPECIFIC_APPS Joomla Component com_joomportfolio (secid) Blind SQL Injection Attempt (emerging-web_specific_apps.rules)
 2010543 - ET WEB_SPECIFIC_APPS F3Site2009 LFI Exploit Attempt (poll.php) (emerging-web_specific_apps.rules)
 2010544 - ET WEB_SPECIFIC_APPS F3Site2009 LFI Exploit Attempt (new.php) (emerging-web_specific_apps.rules)


[///]     Modified active rules:     [///]

 2009581 - ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host (emerging-attack_response.rules)
 2010454 - ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host (emerging-attack_response.rules)
 2010512 - ET TROJAN FakeAV FakeSmoke HTTP POST check-in (emerging-virus.rules)
 2010532 - ET CURRENT_EVENTS Malwareurl.com - potential oficla download (annonce.pdf) (emerging-current_events.rules)
 2010533 - ET CURRENT_EVENTS Malwareurl.com - potential oficla downlaod (sdfg.jar) (emerging-current_events.rules)
 2010534 - ET CURRENT_EVENTS Malwareurl.com - potential oficla download (loadjavad.php) (emerging-current_events.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to emerging-sid-msg.map (15):
        2009581 || ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Meterpreter || url,doc.emergingthreats.net/2009581
        2010454 || ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Meterpreter || url,doc.emergingthreats.net/2010454
        2010532 || ET CURRENT_EVENTS Malwareurl.com - potential oficla download (annonce.pdf) || url,doc.emergingthreats.net/2010532 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malwareurl_top_downloads || url,www.malwareurl.com
        2010533 || ET CURRENT_EVENTS Malwareurl.com - potential oficla downlaod (sdfg.jar) || url,doc.emergingthreats.net/2010533 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malwareurl_top_downloads || url,www.malwareurl.com
        2010534 || ET CURRENT_EVENTS Malwareurl.com - potential oficla download (loadjavad.php) || url,doc.emergingthreats.net/2010534 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malwareurl_top_downloads || url,www.malwareurl.com
        2010535 || ET WEB_SPECIFIC_APPS Joomla Component City Portal (Itemid) Blind SQL Injection Attempt || url,packetstormsecurity.org/0912-exploits/joomlacp-sql.txt
        2010536 || ET WEB_SPECIFIC_APPS Joomla Component Event Manager 1.5 (id) Blind SQL Injection Attempt || url,packetstormsecurity.org/0912-exploits/joomlacp-sql.txt
        2010537 || ET WEB_SPECIFIC_APPS Joomla Component com_zcalendar (eid) Blind SQL Injection Attempt || url,packetstormsecurity.org/0912-exploits/joomlazal-sql.txt
        2010538 || ET WEB_SPECIFIC_APPS Joomla Component com_acmis (Itemid) SQL Injection Attempt || url,packetstormsecurity.org/0912-exploits/joomlazal-sql.txt
        2010539 || ET WEB_SPECIFIC_APPS Joomla Component com_digistore (pid) Blind SQL Injection Attempt || url,packetstormsecurity.org/0903-exploits/joomladigistore-sql.txt
        2010540 || ET WEB_SPECIFIC_APPS Joomla Component com_jbook (Itemid) Blind SQL Injection Attempt || url,packetstormsecurity.org/filedesc/joomlajbook-sql.txt.html
        2010541 || ET WEB_SPECIFIC_APPS Joomla Component com_personel (id) Blind SQL Injection Attempt || url,packetstormsecurity.org/0912-exploits/joomlapersonel-sql.txt
        2010542 || ET WEB_SPECIFIC_APPS Joomla Component com_joomportfolio (secid) Blind SQL Injection Attempt || url,packetstormsecurity.org/0912-exploits/joomlaportfolio-sql.txt
        2010543 || ET WEB_SPECIFIC_APPS F3Site2009 LFI Exploit Attempt (poll.php) || url,packetstormsecurity.org/0912-exploits/f3site2009-lfi.txt
        2010544 || ET WEB_SPECIFIC_APPS F3Site2009 LFI Exploit Attempt (new.php) || url,packetstormsecurity.org/0912-exploits/f3site2009-lfi.txt

     -> Added to emerging-sid-msg.map.txt (15):
        2009581 || ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Meterpreter || url,doc.emergingthreats.net/2009581
        2010454 || ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Meterpreter || url,doc.emergingthreats.net/2010454
        2010532 || ET CURRENT_EVENTS Malwareurl.com - potential oficla download (annonce.pdf) || url,doc.emergingthreats.net/2010532 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malwareurl_top_downloads || url,www.malwareurl.com
        2010533 || ET CURRENT_EVENTS Malwareurl.com - potential oficla downlaod (sdfg.jar) || url,doc.emergingthreats.net/2010533 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malwareurl_top_downloads || url,www.malwareurl.com
        2010534 || ET CURRENT_EVENTS Malwareurl.com - potential oficla download (loadjavad.php) || url,doc.emergingthreats.net/2010534 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malwareurl_top_downloads || url,www.malwareurl.com
        2010535 || ET WEB_SPECIFIC_APPS Joomla Component City Portal (Itemid) Blind SQL Injection Attempt || url,packetstormsecurity.org/0912-exploits/joomlacp-sql.txt
        2010536 || ET WEB_SPECIFIC_APPS Joomla Component Event Manager 1.5 (id) Blind SQL Injection Attempt || url,packetstormsecurity.org/0912-exploits/joomlacp-sql.txt
        2010537 || ET WEB_SPECIFIC_APPS Joomla Component com_zcalendar (eid) Blind SQL Injection Attempt || url,packetstormsecurity.org/0912-exploits/joomlazal-sql.txt
        2010538 || ET WEB_SPECIFIC_APPS Joomla Component com_acmis (Itemid) SQL Injection Attempt || url,packetstormsecurity.org/0912-exploits/joomlazal-sql.txt
        2010539 || ET WEB_SPECIFIC_APPS Joomla Component com_digistore (pid) Blind SQL Injection Attempt || url,packetstormsecurity.org/0903-exploits/joomladigistore-sql.txt
        2010540 || ET WEB_SPECIFIC_APPS Joomla Component com_jbook (Itemid) Blind SQL Injection Attempt || url,packetstormsecurity.org/filedesc/joomlajbook-sql.txt.html
        2010541 || ET WEB_SPECIFIC_APPS Joomla Component com_personel (id) Blind SQL Injection Attempt || url,packetstormsecurity.org/0912-exploits/joomlapersonel-sql.txt
        2010542 || ET WEB_SPECIFIC_APPS Joomla Component com_joomportfolio (secid) Blind SQL Injection Attempt || url,packetstormsecurity.org/0912-exploits/joomlaportfolio-sql.txt
        2010543 || ET WEB_SPECIFIC_APPS F3Site2009 LFI Exploit Attempt (poll.php) || url,packetstormsecurity.org/0912-exploits/f3site2009-lfi.txt
        2010544 || ET WEB_SPECIFIC_APPS F3Site2009 LFI Exploit Attempt (new.php) || url,packetstormsecurity.org/0912-exploits/f3site2009-lfi.txt

[---]     Removed non-rule lines:    [---]

     -> Removed from emerging-sid-msg.map (5):
        2009581 || ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host
        2010454 || ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host
        2010532 || ET CURRENT_EVENTS Malwareurl.com - potential oficla download (annonce.pdf) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malwareurl_top_downloads || url,www.malwareurl.com
        2010533 || ET CURRENT_EVENTS Malwareurl.com - potential oficla downlaod (sdfg.jar) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malwareurl_top_downloads || url,www.malwareurl.com
        2010534 || ET CURRENT_EVENTS Malwareurl.com - potential oficla download (loadjavad.php) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malwareurl_top_downloads || url,www.malwareurl.com

     -> Removed from emerging-sid-msg.map.txt (5):
        2009581 || ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host
        2010454 || ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host
        2010532 || ET CURRENT_EVENTS Malwareurl.com - potential oficla download (annonce.pdf) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malwareurl_top_downloads || url,www.malwareurl.com
        2010533 || ET CURRENT_EVENTS Malwareurl.com - potential oficla downlaod (sdfg.jar) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malwareurl_top_downloads || url,www.malwareurl.com
        2010534 || ET CURRENT_EVENTS Malwareurl.com - potential oficla download (loadjavad.php) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malwareurl_top_downloads || url,www.malwareurl.com



More information about the Emerging-updates mailing list