[Emerging-updates] Live Commit Output

emerging@emergingthreats.net emerging at emergingthreats.net
Tue Dec 29 10:00:33 EST 2009


[***] Results from Oinkmaster started Tue Dec 29 10:00:33 2009 [***]

[+++]          Added rules:          [+++]

 2010596 - ET TROJAN Trest1 Binary Download Attempt (multiple malware variants served) (emerging-virus.rules)
 2010597 - ET TROJAN Potential FakeAV HTTP GET Check-IN (/check) (emerging-virus.rules)
 2010598 - ET TROJAN Potential FakeAV HTTP POST Check-IN (?r=) (emerging-virus.rules)
 2010599 - ET USER_AGENTS Suspicious User Agent Mozilla/3.0 (emerging-user_agents.rules)
 2010600 - ET USER_AGENTS Suspicious User Agent WebUpdate (emerging-user_agents.rules)


[///]     Modified active rules:     [///]

 2010594 - ET TROJAN Potential FakeAV HTTP POST Check-IN (?r=) (emerging-virus.rules)
 2010595 - ET USER_AGENTS Suspicious User Agent (???) (emerging-user_agents.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to emerging-sid-msg.map (7):
        2010594 || ET TROJAN Potential FakeAV HTTP POST Check-IN (?r=) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Fake_AV || url,doc.emergingthreats.net/2010594 || url,www.malwaredomainlist.com/forums/index.php?topic=3190.420 || url,www.threatexpert.com/report.aspx?md5=94e13e13c6da5e32bde00bc527475bd2
        2010595 || ET USER_AGENTS Suspicious User Agent (???) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_Suspicious || url,doc.emergingthreats.net/2010595
        2010596 || ET TROJAN Trest1 Binary Download Attempt (multiple malware variants served) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Trest1 || url,doc.emergingthreats.net/2010596 || url,www.malwareurl.com/search.php?domain=&s=trest1&match=0&rp=200&urls=on&redirs=on&ip=on&reverse=on&as=on || url,www.malwaredomainlist.com
        2010597 || ET TROJAN Potential FakeAV HTTP GET Check-IN (/check) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Fake_AV || url,doc.emergingthreats.net/2010597 || url,www.malwaredomainlist.com/forums/index.php?topic=3190.420 || url,www.threatexpert.com/report.aspx?md5=94e13e13c6da5e32bde00bc527475bd2
        2010598 || ET TROJAN Potential FakeAV HTTP POST Check-IN (?r=) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Fake_AV || url,doc.emergingthreats.net/2010598 || url,www.malwaredomainlist.com/forums/index.php?topic=3190.420 || url,www.threatexpert.com/report.aspx?md5=94e13e13c6da5e32bde00bc527475bd2
        2010599 || ET USER_AGENTS Suspicious User Agent Mozilla/3.0 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_Suspicious || url,doc.emergingthreats.net/2010599
        2010600 || ET USER_AGENTS Suspicious User Agent WebUpdate || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_Suspicious || url,doc.emergingthreats.net/2010600

     -> Added to emerging-sid-msg.map.txt (7):
        2010594 || ET TROJAN Potential FakeAV HTTP POST Check-IN (?r=) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Fake_AV || url,doc.emergingthreats.net/2010594 || url,www.malwaredomainlist.com/forums/index.php?topic=3190.420 || url,www.threatexpert.com/report.aspx?md5=94e13e13c6da5e32bde00bc527475bd2
        2010595 || ET USER_AGENTS Suspicious User Agent (???) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_Suspicious || url,doc.emergingthreats.net/2010595
        2010596 || ET TROJAN Trest1 Binary Download Attempt (multiple malware variants served) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Trest1 || url,doc.emergingthreats.net/2010596 || url,www.malwareurl.com/search.php?domain=&s=trest1&match=0&rp=200&urls=on&redirs=on&ip=on&reverse=on&as=on || url,www.malwaredomainlist.com
        2010597 || ET TROJAN Potential FakeAV HTTP GET Check-IN (/check) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Fake_AV || url,doc.emergingthreats.net/2010597 || url,www.malwaredomainlist.com/forums/index.php?topic=3190.420 || url,www.threatexpert.com/report.aspx?md5=94e13e13c6da5e32bde00bc527475bd2
        2010598 || ET TROJAN Potential FakeAV HTTP POST Check-IN (?r=) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Fake_AV || url,doc.emergingthreats.net/2010598 || url,www.malwaredomainlist.com/forums/index.php?topic=3190.420 || url,www.threatexpert.com/report.aspx?md5=94e13e13c6da5e32bde00bc527475bd2
        2010599 || ET USER_AGENTS Suspicious User Agent Mozilla/3.0 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_Suspicious || url,doc.emergingthreats.net/2010599
        2010600 || ET USER_AGENTS Suspicious User Agent WebUpdate || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_Suspicious || url,doc.emergingthreats.net/2010600

[---]     Removed non-rule lines:    [---]

     -> Removed from emerging-sid-msg.map (2):
        2010594 || ET TROJAN Potential FakeAV HTTP POST Check-IN (?r=) || url,www.malwaredomainlist.com/forums/index.php?topic=3190.420 || url,www.threatexpert.com/report.aspx?md5=94e13e13c6da5e32bde00bc527475bd2
        2010595 || ET USER_AGENTS Suspicious User Agent (???)

     -> Removed from emerging-sid-msg.map.txt (2):
        2010594 || ET TROJAN Potential FakeAV HTTP POST Check-IN (?r=) || url,www.malwaredomainlist.com/forums/index.php?topic=3190.420 || url,www.threatexpert.com/report.aspx?md5=94e13e13c6da5e32bde00bc527475bd2
        2010595 || ET USER_AGENTS Suspicious User Agent (???)



More information about the Emerging-updates mailing list