[Emerging-updates] Live Commit Output

emerging@emergingthreats.net emerging at emergingthreats.net
Sat Jul 10 11:17:45 EDT 2010


[***] Results from Oinkmaster started Sat Jul 10 11:17:45 2010 [***]

[+++]          Added rules:          [+++]

 2011179 - ET TROJAN Generic Checkin - MSCommonInfoEx (emerging-virus.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to emerging-current_events.rules (2):
        # 2010-07-09 By Evilghost and Mike Cox
        alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS FakeAV Download with Cookie WinSec"; flow:established,to_server; uricontent:"/down.php?c="; nocase; content:"|0d 0a|Cookie\: WinSec"; nocase; classtype:trojan-activity; reference:url,www.virustotal.com/analisis/6b5ff522ddf418a5cca87ebd924736774c1a58a9b51bb44ee72dac01f0db317a-1278686791; reference:url,doc.emergingthreats.net/2011178; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_FakeAV; sid:2011178; rev:1)

     -> Added to emerging-sid-msg.map (1):
        2011179 || ET TROJAN Generic Checkin - MSCommonInfoEx || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_General || url,doc.emergingthreats.net/2011179

     -> Added to emerging-sid-msg.map.txt (1):
        2011179 || ET TROJAN Generic Checkin - MSCommonInfoEx || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_General || url,doc.emergingthreats.net/2011179

     -> Added to emerging-virus.rules (1):
        # 2010-07-08 By Eoin Miller



More information about the Emerging-updates mailing list