[Emerging-updates] Live Commit Output

emerging@emergingthreats.net emerging at emergingthreats.net
Sat Jul 10 12:17:50 EDT 2010


[***] Results from Oinkmaster started Sat Jul 10 12:17:50 2010 [***]

[+++]          Added rules:          [+++]

 2011178 - ET CURRENT_EVENTS FakeAV Download with Cookie WinSec (emerging-current_events.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to emerging-sid-msg.map (1):
        2011178 || ET CURRENT_EVENTS FakeAV Download with Cookie WinSec || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_FakeAV || url,doc.emergingthreats.net/2011178 || url,www.virustotal.com/analisis/6b5ff522ddf418a5cca87ebd924736774c1a58a9b51bb44ee72dac01f0db317a-1278686791

     -> Added to emerging-sid-msg.map.txt (1):
        2011178 || ET CURRENT_EVENTS FakeAV Download with Cookie WinSec || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_FakeAV || url,doc.emergingthreats.net/2011178 || url,www.virustotal.com/analisis/6b5ff522ddf418a5cca87ebd924736774c1a58a9b51bb44ee72dac01f0db317a-1278686791

[---]     Removed non-rule lines:    [---]

     -> Removed from emerging-current_events.rules (1):
        alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS FakeAV Download with Cookie WinSec"; flow:established,to_server; uricontent:"/down.php?c="; nocase; content:"|0d 0a|Cookie\: WinSec"; nocase; classtype:trojan-activity; reference:url,www.virustotal.com/analisis/6b5ff522ddf418a5cca87ebd924736774c1a58a9b51bb44ee72dac01f0db317a-1278686791; reference:url,doc.emergingthreats.net/2011178; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_FakeAV; sid:2011178; rev:1)



More information about the Emerging-updates mailing list