[Emerging-updates] Live Commit Output

emerging@emergingthreats.net emerging at emergingthreats.net
Thu Jul 29 14:18:02 EDT 2010


[***] Results from Oinkmaster started Thu Jul 29 14:18:02 2010 [***]

[+++]          Added rules:          [+++]

 2011175 - ET WEB_SERVER Casper Bot Search RFI Scan (emerging-web_server.rules)
 2011176 - ET WEB_SERVER MaMa CaSpEr RFI Scan (emerging-web_server.rules)
 2011239 - ET CURRENT_EVENTS Possible Microsoft Windows Shortcut LNK File Automatic File Execution Attempt Via WebDAV (emerging-current_events.rules)
 2011243 - ET WEB_SERVER Bot Search RFI Scan (ByroeNet/Casper-Like, planetwork) (emerging-web_server.rules)
 2011244 - ET WEB_SERVER Bot Search RFI Scan (ByroeNet/Casper-Like, sun4u) (emerging-web_server.rules)
 2011262 - ET WEB_SPECIFIC_APPS Group-Office comment_id Parameter SELECT FROM SQL Injection Attempt (emerging-web_specific_apps.rules)
 2011263 - ET WEB_SPECIFIC_APPS Group-Office comment_id Parameter DELETE FROM SQL Injection Attempt (emerging-web_specific_apps.rules)
 2011264 - ET WEB_SPECIFIC_APPS Group-Office comment_id Parameter UNION SELECT SQL Injection Attempt (emerging-web_specific_apps.rules)
 2011265 - ET WEB_SPECIFIC_APPS Group-Office comment_id Parameter INSERT INTO SQL Injection Attempt (emerging-web_specific_apps.rules)
 2011266 - ET WEB_SPECIFIC_APPS Group-Office comment_id Parameter UPDATE SET SQL Injection Attempt (emerging-web_specific_apps.rules)
 2011270 - ET CURRENT_EVENTS Possible Microsoft Windows .lnk File Processing WebDAV Arbitrary Code Execution Attempt (emerging-current_events.rules)
 2011274 - ET WEB_SPECIFIC_APPS OpenX phpAdsNew phpAds_geoPlugin Parameter Remote File Inclusion Attempt (emerging-web_specific_apps.rules)
 2011277 - ET TROJAN Generic Trojan HTTP Get (emerging-virus.rules)
 2011285 - ET WEB_SERVER Bot Search RFI Scan (Casper-Like, Jcomers Bot scan) (emerging-web_server.rules)
 2011286 - ET WEB_SERVER Bot Search RFI Scan (Casper-Like, MaMa Cyber/ebes) (emerging-web_server.rules)


[---]         Removed rules:         [---]

 2011175 - ET USER_AGENTS Casper Bot Search RFI Scan (emerging-user_agents.rules)
 2011176 - ET USER_AGENTS MaMa CaSpEr RFI Scan (emerging-user_agents.rules)
 2011243 - ET USER_AGENTS Bot Search RFI Scan (ByroeNet/Casper-Like, planetwork) (emerging-user_agents.rules)
 2011244 - ET USER_AGENTS Bot Search RFI Scan (ByroeNet/Casper-Like, sun4u) (emerging-user_agents.rules)
 2011277 - ET USER_AGENTS Bot Search RFI Scan (Casper-Like, Jcomers Bot scan) (emerging-user_agents.rules)
 2011278 - ET USER_AGENTS Bot Search RFI Scan (Casper-Like, MaMa Cyber/ebes) (emerging-user_agents.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to emerging-sid-msg.map (15):
        2011175 || ET WEB_SERVER Casper Bot Search RFI Scan || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_SERVER_Casper || url,doc.emergingthreats.net/2011175
        2011176 || ET WEB_SERVER MaMa CaSpEr RFI Scan || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_SERVER_Casper || url,doc.emergingthreats.net/2011176
        2011239 || ET CURRENT_EVENTS Possible Microsoft Windows Shortcut LNK File Automatic File Execution Attempt Via WebDAV || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Lnk || url,doc.emergingthreats.net/2011239 || cve,2010-2568 || url,tools.cisco.com/security/center/viewAlert.x?alertId=20918 || url,www.kb.cert.org/vuls/id/940193 || url,support.microsoft.com/kb/2286198
        2011243 || ET WEB_SERVER Bot Search RFI Scan (ByroeNet/Casper-Like, planetwork) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_SERVER_Casper || url,doc.emergingthreats.net/2011243 || url,eromang.zataz.com/2010/07/13/byroenet-casper-bot-search-e107-rce-scanner/
        2011244 || ET WEB_SERVER Bot Search RFI Scan (ByroeNet/Casper-Like, sun4u) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_SERVER_Casper || url,doc.emergingthreats.net/2011244 || url,eromang.zataz.com/2010/07/13/byroenet-casper-bot-search-e107-rce-scanner/
        2011262 || ET WEB_SPECIFIC_APPS Group-Office comment_id Parameter SELECT FROM SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_GroupOffice || url,doc.emergingthreats.net/2011262 || url,packetstormsecurity.org/1007-exploits/groupoffice-sql.txt || url,secunia.com/advisories/40665/
        2011263 || ET WEB_SPECIFIC_APPS Group-Office comment_id Parameter DELETE FROM SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_GroupOffice || url,doc.emergingthreats.net/2011263 || url,packetstormsecurity.org/1007-exploits/groupoffice-sql.txt || url,secunia.com/advisories/40665/
        2011264 || ET WEB_SPECIFIC_APPS Group-Office comment_id Parameter UNION SELECT SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_GroupOffice || url,doc.emergingthreats.net/2011264 || url,packetstormsecurity.org/1007-exploits/groupoffice-sql.txt || url,secunia.com/advisories/40665/
        2011265 || ET WEB_SPECIFIC_APPS Group-Office comment_id Parameter INSERT INTO SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_GroupOffice || url,doc.emergingthreats.net/2011265 || url,packetstormsecurity.org/1007-exploits/groupoffice-sql.txt || url,secunia.com/advisories/40665/
        2011266 || ET WEB_SPECIFIC_APPS Group-Office comment_id Parameter UPDATE SET SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_GroupOffice || url,doc.emergingthreats.net/2011266 || url,packetstormsecurity.org/1007-exploits/groupoffice-sql.txt || url,secunia.com/advisories/40665/
        2011270 || ET CURRENT_EVENTS Possible Microsoft Windows .lnk File Processing WebDAV Arbitrary Code Execution Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Lnk || url,doc.emergingthreats.net/2011270 || cve,2010-2568 || url,www.microsoft.com/technet/security/advisory/2286198.mspx || url,www.kb.cert.org/vuls/id/940193 || url,tools.cisco.com/security/center/viewAlert.x?alertId=20918
        2011274 || ET WEB_SPECIFIC_APPS OpenX phpAdsNew phpAds_geoPlugin Parameter Remote File Inclusion Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_OpenX || url,doc.emergingthreats.net/2011274 || url,inj3ct0r.com/exploits/13426 || url,exploit-db.com/exploits/14432/
        2011277 || ET TROJAN Generic Trojan HTTP Get
        2011285 || ET WEB_SERVER Bot Search RFI Scan (Casper-Like, Jcomers Bot scan) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_SERVER_Casper || url,doc.emergingthreats.net/2011285 || url,eromang.zataz.com/2010/07/13/byroenet-casper-bot-search-e107-rce-scanner/
        2011286 || ET WEB_SERVER Bot Search RFI Scan (Casper-Like, MaMa Cyber/ebes) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_SERVER_Casper || url,doc.emergingthreats.net/2011286 || url,eromang.zataz.com/2010/07/13/byroenet-casper-bot-search-e107-rce-scanner/

     -> Added to emerging-sid-msg.map.txt (15):
        2011175 || ET WEB_SERVER Casper Bot Search RFI Scan || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_SERVER_Casper || url,doc.emergingthreats.net/2011175
        2011176 || ET WEB_SERVER MaMa CaSpEr RFI Scan || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_SERVER_Casper || url,doc.emergingthreats.net/2011176
        2011239 || ET CURRENT_EVENTS Possible Microsoft Windows Shortcut LNK File Automatic File Execution Attempt Via WebDAV || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Lnk || url,doc.emergingthreats.net/2011239 || cve,2010-2568 || url,tools.cisco.com/security/center/viewAlert.x?alertId=20918 || url,www.kb.cert.org/vuls/id/940193 || url,support.microsoft.com/kb/2286198
        2011243 || ET WEB_SERVER Bot Search RFI Scan (ByroeNet/Casper-Like, planetwork) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_SERVER_Casper || url,doc.emergingthreats.net/2011243 || url,eromang.zataz.com/2010/07/13/byroenet-casper-bot-search-e107-rce-scanner/
        2011244 || ET WEB_SERVER Bot Search RFI Scan (ByroeNet/Casper-Like, sun4u) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_SERVER_Casper || url,doc.emergingthreats.net/2011244 || url,eromang.zataz.com/2010/07/13/byroenet-casper-bot-search-e107-rce-scanner/
        2011262 || ET WEB_SPECIFIC_APPS Group-Office comment_id Parameter SELECT FROM SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_GroupOffice || url,doc.emergingthreats.net/2011262 || url,packetstormsecurity.org/1007-exploits/groupoffice-sql.txt || url,secunia.com/advisories/40665/
        2011263 || ET WEB_SPECIFIC_APPS Group-Office comment_id Parameter DELETE FROM SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_GroupOffice || url,doc.emergingthreats.net/2011263 || url,packetstormsecurity.org/1007-exploits/groupoffice-sql.txt || url,secunia.com/advisories/40665/
        2011264 || ET WEB_SPECIFIC_APPS Group-Office comment_id Parameter UNION SELECT SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_GroupOffice || url,doc.emergingthreats.net/2011264 || url,packetstormsecurity.org/1007-exploits/groupoffice-sql.txt || url,secunia.com/advisories/40665/
        2011265 || ET WEB_SPECIFIC_APPS Group-Office comment_id Parameter INSERT INTO SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_GroupOffice || url,doc.emergingthreats.net/2011265 || url,packetstormsecurity.org/1007-exploits/groupoffice-sql.txt || url,secunia.com/advisories/40665/
        2011266 || ET WEB_SPECIFIC_APPS Group-Office comment_id Parameter UPDATE SET SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_GroupOffice || url,doc.emergingthreats.net/2011266 || url,packetstormsecurity.org/1007-exploits/groupoffice-sql.txt || url,secunia.com/advisories/40665/
        2011270 || ET CURRENT_EVENTS Possible Microsoft Windows .lnk File Processing WebDAV Arbitrary Code Execution Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Lnk || url,doc.emergingthreats.net/2011270 || cve,2010-2568 || url,www.microsoft.com/technet/security/advisory/2286198.mspx || url,www.kb.cert.org/vuls/id/940193 || url,tools.cisco.com/security/center/viewAlert.x?alertId=20918
        2011274 || ET WEB_SPECIFIC_APPS OpenX phpAdsNew phpAds_geoPlugin Parameter Remote File Inclusion Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_OpenX || url,doc.emergingthreats.net/2011274 || url,inj3ct0r.com/exploits/13426 || url,exploit-db.com/exploits/14432/
        2011277 || ET TROJAN Generic Trojan HTTP Get
        2011285 || ET WEB_SERVER Bot Search RFI Scan (Casper-Like, Jcomers Bot scan) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_SERVER_Casper || url,doc.emergingthreats.net/2011285 || url,eromang.zataz.com/2010/07/13/byroenet-casper-bot-search-e107-rce-scanner/
        2011286 || ET WEB_SERVER Bot Search RFI Scan (Casper-Like, MaMa Cyber/ebes) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_SERVER_Casper || url,doc.emergingthreats.net/2011286 || url,eromang.zataz.com/2010/07/13/byroenet-casper-bot-search-e107-rce-scanner/

     -> Added to emerging-virus.rules (1):
        #re aa894a50193470a9e50f9c0d842e1cb7

     -> Added to emerging-web_server.rules (2):
        # 2010-07-08: Submitted by Mike Cox
        #by eric romang

[---]     Removed non-rule lines:    [---]

     -> Removed from emerging-sid-msg.map (6):
        2011175 || ET USER_AGENTS Casper Bot Search RFI Scan || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_Casper || url,doc.emergingthreats.net/2011175
        2011176 || ET USER_AGENTS MaMa CaSpEr RFI Scan || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_Casper || url,doc.emergingthreats.net/2011176
        2011243 || ET USER_AGENTS Bot Search RFI Scan (ByroeNet/Casper-Like, planetwork) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_Casper || url,doc.emergingthreats.net/2011243 || url,eromang.zataz.com/2010/07/13/byroenet-casper-bot-search-e107-rce-scanner/
        2011244 || ET USER_AGENTS Bot Search RFI Scan (ByroeNet/Casper-Like, sun4u) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_Casper || url,doc.emergingthreats.net/2011244 || url,eromang.zataz.com/2010/07/13/byroenet-casper-bot-search-e107-rce-scanner/
        2011277 || ET USER_AGENTS Bot Search RFI Scan (Casper-Like, Jcomers Bot scan) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_Casper || url,doc.emergingthreats.net/2011277 || url,eromang.zataz.com/2010/07/13/byroenet-casper-bot-search-e107-rce-scanner/
        2011278 || ET USER_AGENTS Bot Search RFI Scan (Casper-Like, MaMa Cyber/ebes) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_Casper || url,doc.emergingthreats.net/2011278 || url,eromang.zataz.com/2010/07/13/byroenet-casper-bot-search-e107-rce-scanner/

     -> Removed from emerging-sid-msg.map.txt (6):
        2011175 || ET USER_AGENTS Casper Bot Search RFI Scan || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_Casper || url,doc.emergingthreats.net/2011175
        2011176 || ET USER_AGENTS MaMa CaSpEr RFI Scan || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_Casper || url,doc.emergingthreats.net/2011176
        2011243 || ET USER_AGENTS Bot Search RFI Scan (ByroeNet/Casper-Like, planetwork) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_Casper || url,doc.emergingthreats.net/2011243 || url,eromang.zataz.com/2010/07/13/byroenet-casper-bot-search-e107-rce-scanner/
        2011244 || ET USER_AGENTS Bot Search RFI Scan (ByroeNet/Casper-Like, sun4u) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_Casper || url,doc.emergingthreats.net/2011244 || url,eromang.zataz.com/2010/07/13/byroenet-casper-bot-search-e107-rce-scanner/
        2011277 || ET USER_AGENTS Bot Search RFI Scan (Casper-Like, Jcomers Bot scan) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_Casper || url,doc.emergingthreats.net/2011277 || url,eromang.zataz.com/2010/07/13/byroenet-casper-bot-search-e107-rce-scanner/
        2011278 || ET USER_AGENTS Bot Search RFI Scan (Casper-Like, MaMa Cyber/ebes) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_Casper || url,doc.emergingthreats.net/2011278 || url,eromang.zataz.com/2010/07/13/byroenet-casper-bot-search-e107-rce-scanner/

     -> Removed from emerging-user_agents.rules (2):
        # 2010-07-08: Submitted by Mike Cox
        #by eric romang



More information about the Emerging-updates mailing list