[Emerging-updates] Live Commit Output

emerging@emergingthreats.net emerging at emergingthreats.net
Mon May 11 20:47:42 EDT 2009


[***] Results from Oinkmaster started Mon May 11 20:47:42 2009 [***]

[///]     Modified active rules:     [///]

 2001621 - ET WEB Exploit Suspected PHP Injection Attack (emerging-web_sql_injection.rules)
 2001810 - ET WEB Explit PHP remote file include exploit attempt (emerging-web_sql_injection.rules)
 2002838 - ET WEB_SPECIFIC Google Search Appliance browsing the Internet (emerging-web_sql_injection.rules)
 2002849 - ET WEB_SPECIFIC Google Appliance External Proxy Stylesheet (emerging-web_sql_injection.rules)
 2003520 - ET WEB EXPLOIT webCalendar Remote File include (emerging-web.rules)
 2007611 - ET TROJAN Possible Infection Report Mail - Indy Mail lib and No Message Body - Priority 1 (emerging-virus.rules)
 2007612 - ET TROJAN Possible Infection Report Mail - Indy Mail lib and No Message Body - Priority 3 (emerging-virus.rules)
 2007613 - ET TROJAN Possible Infection Report Mail - Indy Mail lib and MAC Message Body - Priority 1 (emerging-virus.rules)
 2007614 - ET TROJAN Possible Infection Report Mail - Indy Mail lib and MAC Message Body - Priority 3 (emerging-virus.rules)
 2007950 - ET TROJAN Possible Infection Report Mail - Indy Mail lib and Nome do Computador in Body (emerging-virus.rules)
 2008142 - ET TROJAN Vapsup User-Agent (doshowmeanad loader v2.1) (emerging-virus.rules)
 2008278 - ET TROJAN Generic Raider Obfuscated VBScript (emerging-virus.rules)
 2008379 - ET TROJAN Swizzor Checkin (kgen_up) (emerging-virus.rules)
 2008973 - ET TROJAN onmuz.com Infection Activity (emerging-virus.rules)
 2009126 - ET TROJAN Possible bot C&C Checkin (emerging-virus.rules)
 2009156 - ET TROJAN Unknown Dropper Checkin (emerging-virus.rules)


[///]    Modified inactive rules:    [///]

 2001716 - ET WEB_SPECIFIC IDN url seen.. (emerging-web_sql_injection.rules)


[---]         Removed rules:         [---]

 2008505 - ET MALWARE Adaware.BarACE Checkin and Update (emerging-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to emerging-sid-msg.map (17):
        2001621 || ET WEB Exploit Suspected PHP Injection Attack || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Injection || url,doc.emergingthreats.net/2001621 || cve,2002-0953
        2001716 || ET WEB_SPECIFIC IDN url seen.. || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_IDN || url,doc.emergingthreats.net/2001716
        2001810 || ET WEB Explit PHP remote file include exploit attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Injection || url,doc.emergingthreats.net/2001810
        2002838 || ET WEB_SPECIFIC Google Search Appliance browsing the Internet || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Google || url,doc.emergingthreats.net/2002838 || url,www.google.com/enterprise/gsa/index.html
        2002849 || ET WEB_SPECIFIC Google Appliance External Proxy Stylesheet || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Google || url,doc.emergingthreats.net/2002849 || cve,2005-3758 || bugtraq,15509
        2003520 || ET WEB EXPLOIT webCalendar Remote File include || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_WebCalendar || url,doc.emergingthreats.net/2003520 || url,www.securityfocus.com/archive/1/462957
        2007611 || ET TROJAN Possible Infection Report Mail - Indy Mail lib and No Message Body - Priority 1 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Infection_Emails || url,doc.emergingthreats.net/2007611
        2007612 || ET TROJAN Possible Infection Report Mail - Indy Mail lib and No Message Body - Priority 3 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Infection_Emails || url,doc.emergingthreats.net/2007612
        2007613 || ET TROJAN Possible Infection Report Mail - Indy Mail lib and MAC Message Body - Priority 1 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Infection_Emails || url,doc.emergingthreats.net/2007613
        2007614 || ET TROJAN Possible Infection Report Mail - Indy Mail lib and MAC Message Body - Priority 3 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Infection_Emails || url,doc.emergingthreats.net/2007614
        2007950 || ET TROJAN Possible Infection Report Mail - Indy Mail lib and Nome do Computador in Body || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Infection_Emails || url,doc.emergingthreats.net/2007950
        2008142 || ET TROJAN Vapsup User-Agent (doshowmeanad loader v2.1) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Vapsup || url,doc.emergingthreats.net/2008142
        2008278 || ET TROJAN Generic Raider Obfuscated VBScript || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Raider_Obfuscated_VBS || url,doc.emergingthreats.net/2008278 || url,bbs.duba.net/viewthread.php?tid=21892104&page=1&extra=page=1
        2008379 || ET TROJAN Swizzor Checkin (kgen_up) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Lop || url,doc.emergingthreats.net/2008379
        2008973 || ET TROJAN onmuz.com Infection Activity || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Onmuz.com || url,doc.emergingthreats.net/2008973
        2009126 || ET TROJAN Possible bot C&C Checkin || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Downloader_General || url,doc.emergingthreats.net/2009126
        2009156 || ET TROJAN Unknown Dropper Checkin || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Droppers_General || url,doc.emergingthreats.net/2009156 || url,www.virustotal.com/analisis/a4a854e56ecc0a54204fc3b043c63094

     -> Added to emerging-sid-msg.map.txt (17):
        2001621 || ET WEB Exploit Suspected PHP Injection Attack || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Injection || url,doc.emergingthreats.net/2001621 || cve,2002-0953
        2001716 || ET WEB_SPECIFIC IDN url seen.. || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_IDN || url,doc.emergingthreats.net/2001716
        2001810 || ET WEB Explit PHP remote file include exploit attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Injection || url,doc.emergingthreats.net/2001810
        2002838 || ET WEB_SPECIFIC Google Search Appliance browsing the Internet || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Google || url,doc.emergingthreats.net/2002838 || url,www.google.com/enterprise/gsa/index.html
        2002849 || ET WEB_SPECIFIC Google Appliance External Proxy Stylesheet || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Google || url,doc.emergingthreats.net/2002849 || cve,2005-3758 || bugtraq,15509
        2003520 || ET WEB EXPLOIT webCalendar Remote File include || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_WebCalendar || url,doc.emergingthreats.net/2003520 || url,www.securityfocus.com/archive/1/462957
        2007611 || ET TROJAN Possible Infection Report Mail - Indy Mail lib and No Message Body - Priority 1 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Infection_Emails || url,doc.emergingthreats.net/2007611
        2007612 || ET TROJAN Possible Infection Report Mail - Indy Mail lib and No Message Body - Priority 3 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Infection_Emails || url,doc.emergingthreats.net/2007612
        2007613 || ET TROJAN Possible Infection Report Mail - Indy Mail lib and MAC Message Body - Priority 1 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Infection_Emails || url,doc.emergingthreats.net/2007613
        2007614 || ET TROJAN Possible Infection Report Mail - Indy Mail lib and MAC Message Body - Priority 3 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Infection_Emails || url,doc.emergingthreats.net/2007614
        2007950 || ET TROJAN Possible Infection Report Mail - Indy Mail lib and Nome do Computador in Body || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Infection_Emails || url,doc.emergingthreats.net/2007950
        2008142 || ET TROJAN Vapsup User-Agent (doshowmeanad loader v2.1) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Vapsup || url,doc.emergingthreats.net/2008142
        2008278 || ET TROJAN Generic Raider Obfuscated VBScript || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Raider_Obfuscated_VBS || url,doc.emergingthreats.net/2008278 || url,bbs.duba.net/viewthread.php?tid=21892104&page=1&extra=page=1
        2008379 || ET TROJAN Swizzor Checkin (kgen_up) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Lop || url,doc.emergingthreats.net/2008379
        2008973 || ET TROJAN onmuz.com Infection Activity || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Onmuz.com || url,doc.emergingthreats.net/2008973
        2009126 || ET TROJAN Possible bot C&C Checkin || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Downloader_General || url,doc.emergingthreats.net/2009126
        2009156 || ET TROJAN Unknown Dropper Checkin || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Droppers_General || url,doc.emergingthreats.net/2009156 || url,www.virustotal.com/analisis/a4a854e56ecc0a54204fc3b043c63094

[---]     Removed non-rule lines:    [---]

     -> Removed from emerging-sid-msg.map (18):
        2001621 || ET Exploit Suspected PHP Injection Attack || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Injection || url,doc.emergingthreats.net/2001621 || cve,2002-0953
        2001716 || ET Web IDN url seen.. || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_IDN || url,doc.emergingthreats.net/2001716
        2001810 || ET EXPLOIT WEB PHP remote file include exploit attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Injection || url,doc.emergingthreats.net/2001810
        2002838 || ET Google Search Appliance browsing the Internet || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Google || url,doc.emergingthreats.net/2002838 || url,www.google.com/enterprise/gsa/index.html
        2002849 || ET WEB-MISC Google Appliance External Proxy Stylesheet || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Google || url,doc.emergingthreats.net/2002849 || cve,2005-3758 || bugtraq,15509
        2003520 || ET EXPLOIT webCalendar Remote File include || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_WebCalendar || url,doc.emergingthreats.net/2003520 || url,www.securityfocus.com/archive/1/462957
        2007611 || ET MALWARE Possible Infection Report Mail - Indy Mail lib and No Message Body - Priority 1 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Infection_Emails || url,doc.emergingthreats.net/2007611
        2007612 || ET MALWARE Possible Infection Report Mail - Indy Mail lib and No Message Body - Priority 3 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Infection_Emails || url,doc.emergingthreats.net/2007612
        2007613 || ET MALWARE Possible Infection Report Mail - Indy Mail lib and MAC Message Body - Priority 1 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Infection_Emails || url,doc.emergingthreats.net/2007613
        2007614 || ET MALWARE Possible Infection Report Mail - Indy Mail lib and MAC Message Body - Priority 3 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Infection_Emails || url,doc.emergingthreats.net/2007614
        2007950 || ET MALWARE Possible Infection Report Mail - Indy Mail lib and Nome do Computador in Body || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Infection_Emails || url,doc.emergingthreats.net/2007950
        2008142 || ET MALWARE Vapsup User-Agent (doshowmeanad loader v2.1) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Vapsup || url,doc.emergingthreats.net/2008142
        2008278 || ET MALWARE Generic Raider Obfuscated VBScript || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Raider_Obfuscated_VBS || url,doc.emergingthreats.net/2008278 || url,bbs.duba.net/viewthread.php?tid=21892104&page=1&extra=page=1
        2008379 || ET MALWARE Swizzor Checkin (kgen_up) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Lop || url,doc.emergingthreats.net/2008379
        2008505 || ET MALWARE Adaware.BarACE Checkin and Update || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_BarAce || url,doc.emergingthreats.net/2008505 || url,www.symantec.com/security_response/writeup.jsp?docid=2007-021714-2431-99&tabid=2
        2008973 || ET MALWARE onmuz.com Infection Activity || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Onmuz.com || url,doc.emergingthreats.net/2008973
        2009126 || ET Malware Possible bot C&C Checkin || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Downloader_General || url,doc.emergingthreats.net/2009126
        2009156 || ET MALWARE Unknown Dropper Checkin || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Droppers_General || url,doc.emergingthreats.net/2009156 || url,www.virustotal.com/analisis/a4a854e56ecc0a54204fc3b043c63094

     -> Removed from emerging-sid-msg.map.txt (18):
        2001621 || ET Exploit Suspected PHP Injection Attack || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Injection || url,doc.emergingthreats.net/2001621 || cve,2002-0953
        2001716 || ET Web IDN url seen.. || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_IDN || url,doc.emergingthreats.net/2001716
        2001810 || ET EXPLOIT WEB PHP remote file include exploit attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Injection || url,doc.emergingthreats.net/2001810
        2002838 || ET Google Search Appliance browsing the Internet || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Google || url,doc.emergingthreats.net/2002838 || url,www.google.com/enterprise/gsa/index.html
        2002849 || ET WEB-MISC Google Appliance External Proxy Stylesheet || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Google || url,doc.emergingthreats.net/2002849 || cve,2005-3758 || bugtraq,15509
        2003520 || ET EXPLOIT webCalendar Remote File include || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_WebCalendar || url,doc.emergingthreats.net/2003520 || url,www.securityfocus.com/archive/1/462957
        2007611 || ET MALWARE Possible Infection Report Mail - Indy Mail lib and No Message Body - Priority 1 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Infection_Emails || url,doc.emergingthreats.net/2007611
        2007612 || ET MALWARE Possible Infection Report Mail - Indy Mail lib and No Message Body - Priority 3 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Infection_Emails || url,doc.emergingthreats.net/2007612
        2007613 || ET MALWARE Possible Infection Report Mail - Indy Mail lib and MAC Message Body - Priority 1 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Infection_Emails || url,doc.emergingthreats.net/2007613
        2007614 || ET MALWARE Possible Infection Report Mail - Indy Mail lib and MAC Message Body - Priority 3 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Infection_Emails || url,doc.emergingthreats.net/2007614
        2007950 || ET MALWARE Possible Infection Report Mail - Indy Mail lib and Nome do Computador in Body || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Infection_Emails || url,doc.emergingthreats.net/2007950
        2008142 || ET MALWARE Vapsup User-Agent (doshowmeanad loader v2.1) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Vapsup || url,doc.emergingthreats.net/2008142
        2008278 || ET MALWARE Generic Raider Obfuscated VBScript || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Raider_Obfuscated_VBS || url,doc.emergingthreats.net/2008278 || url,bbs.duba.net/viewthread.php?tid=21892104&page=1&extra=page=1
        2008379 || ET MALWARE Swizzor Checkin (kgen_up) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Lop || url,doc.emergingthreats.net/2008379
        2008505 || ET MALWARE Adaware.BarACE Checkin and Update || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_BarAce || url,doc.emergingthreats.net/2008505 || url,www.symantec.com/security_response/writeup.jsp?docid=2007-021714-2431-99&tabid=2
        2008973 || ET MALWARE onmuz.com Infection Activity || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Onmuz.com || url,doc.emergingthreats.net/2008973
        2009126 || ET Malware Possible bot C&C Checkin || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Downloader_General || url,doc.emergingthreats.net/2009126
        2009156 || ET MALWARE Unknown Dropper Checkin || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Droppers_General || url,doc.emergingthreats.net/2009156 || url,www.virustotal.com/analisis/a4a854e56ecc0a54204fc3b043c63094



More information about the Emerging-updates mailing list