[Emerging-updates] Live Commit Output

emerging@emergingthreats.net emerging at emergingthreats.net
Tue Dec 22 20:31:00 EST 2009


[***] Results from Oinkmaster started Tue Dec 22 20:31:00 2009 [***]

[+++]          Added rules:          [+++]

 2010545 - ET TROJAN Unknown Fake AV Checkin (emerging-virus.rules)
 2010546 - ET EXPLOIT HP Open View Data Protector Buffer Overflow Attempt (emerging-exploit.rules)
 2010547 - ET WEB_SPECIFIC_APPS Barracuda Web Application Firewall 600 XSS attempt (backup_username) (emerging-web_specific_apps.rules)
 2010548 - ET WEB_SPECIFIC_APPS Barracuda Web Application Firewall 600 XSS attempt (backup_server) (emerging-web_specific_apps.rules)
 2010549 - ET WEB_SPECIFIC_APPS Barracuda Web Application Firewall 600 XSS attempt (backup_path) (emerging-web_specific_apps.rules)
 2010550 - ET WEB_SPECIFIC_APPS Barracuda Web Application Firewall 600 XSS attempt (backup_password) (emerging-web_specific_apps.rules)
 2010551 - ET CURRENT_EVENTS iPhone Bot iKee.B Contacting C&C (emerging-current_events.rules)
 2010552 - ET CURRENT_EVENTS Possible Fake/Rogue AV Landing Page Encountered (hitin.php) (emerging-current_events.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to emerging-exploit.rules (1):
        #by mike cox

     -> Added to emerging-sid-msg.map (8):
        2010545 || ET TROJAN Unknown Fake AV Checkin || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Fake_AV || url,doc.emergingthreats.net/2010545
        2010546 || ET EXPLOIT HP Open View Data Protector Buffer Overflow Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_HP || url,doc.emergingthreats.net/2010546 || url,dvlabs.tippingpoint.com/advisory/TPTI-09-15
        2010547 || ET WEB_SPECIFIC_APPS Barracuda Web Application Firewall 600 XSS attempt (backup_username) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Barracuda || url,doc.emergingthreats.net/2010547 || url,packetstormsecurity.org/0912-exploits/barracuda-inject.txt
        2010548 || ET WEB_SPECIFIC_APPS Barracuda Web Application Firewall 600 XSS attempt (backup_server) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Barracuda || url,doc.emergingthreats.net/2010548 || url,packetstormsecurity.org/0912-exploits/barracuda-inject.txt
        2010549 || ET WEB_SPECIFIC_APPS Barracuda Web Application Firewall 600 XSS attempt (backup_path) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Barracuda || url,doc.emergingthreats.net/2010549 || url,packetstormsecurity.org/0912-exploits/barracuda-inject.txt
        2010550 || ET WEB_SPECIFIC_APPS Barracuda Web Application Firewall 600 XSS attempt (backup_password) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Barracuda || url,doc.emergingthreats.net/2010550 || url,packetstormsecurity.org/0912-exploits/barracuda-inject.txt
        2010551 || ET CURRENT_EVENTS iPhone Bot iKee.B Contacting C&C || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Ikee || url,doc.emergingthreats.net/2010551 || url,mtc.sri.com/iPhone/
        2010552 || ET CURRENT_EVENTS Possible Fake/Rogue AV Landing Page Encountered (hitin.php) || url,doc.emergingthreats.net/2010552 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Fake_AV || url,malwareurl.com/search.php?domain=&s=hitin.php&match=0&rp=50&urls=on&redirs=on&ip=on&reverse=on&as=on || url,en.wikipedia.org/wiki/Scareware

     -> Added to emerging-sid-msg.map.txt (8):
        2010545 || ET TROJAN Unknown Fake AV Checkin || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Fake_AV || url,doc.emergingthreats.net/2010545
        2010546 || ET EXPLOIT HP Open View Data Protector Buffer Overflow Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_HP || url,doc.emergingthreats.net/2010546 || url,dvlabs.tippingpoint.com/advisory/TPTI-09-15
        2010547 || ET WEB_SPECIFIC_APPS Barracuda Web Application Firewall 600 XSS attempt (backup_username) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Barracuda || url,doc.emergingthreats.net/2010547 || url,packetstormsecurity.org/0912-exploits/barracuda-inject.txt
        2010548 || ET WEB_SPECIFIC_APPS Barracuda Web Application Firewall 600 XSS attempt (backup_server) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Barracuda || url,doc.emergingthreats.net/2010548 || url,packetstormsecurity.org/0912-exploits/barracuda-inject.txt
        2010549 || ET WEB_SPECIFIC_APPS Barracuda Web Application Firewall 600 XSS attempt (backup_path) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Barracuda || url,doc.emergingthreats.net/2010549 || url,packetstormsecurity.org/0912-exploits/barracuda-inject.txt
        2010550 || ET WEB_SPECIFIC_APPS Barracuda Web Application Firewall 600 XSS attempt (backup_password) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Barracuda || url,doc.emergingthreats.net/2010550 || url,packetstormsecurity.org/0912-exploits/barracuda-inject.txt
        2010551 || ET CURRENT_EVENTS iPhone Bot iKee.B Contacting C&C || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Ikee || url,doc.emergingthreats.net/2010551 || url,mtc.sri.com/iPhone/
        2010552 || ET CURRENT_EVENTS Possible Fake/Rogue AV Landing Page Encountered (hitin.php) || url,doc.emergingthreats.net/2010552 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Fake_AV || url,malwareurl.com/search.php?domain=&s=hitin.php&match=0&rp=50&urls=on&redirs=on&ip=on&reverse=on&as=on || url,en.wikipedia.org/wiki/Scareware



More information about the Emerging-updates mailing list