[Emerging-updates] Live Commit Output

emerging@emergingthreats.net emerging at emergingthreats.net
Thu Jul 29 19:34:19 EDT 2010


[***] Results from Oinkmaster started Thu Jul 29 19:34:19 2010 [***]

[+++]          Added rules:          [+++]

 2002667 - ET SCAN sumthin scan (emerging-scan.rules)
 2003466 - ET SCAN PHP Attack Tool Morfeus F Scanner (emerging-scan.rules)
 2003616 - ET SCAN DataCha0s Web Scanner/Robot (emerging-scan.rules)
 2009288 - ET SCAN Attack Tool Revolt Scanner (emerging-scan.rules)
 2009799 - ET SCAN PHP Attack Tool Morfeus F Scanner - M (emerging-scan.rules)
 2010720 - ET SCAN PHP Scan Precursor (emerging-scan.rules)
 2011175 - ET SCAN Casper Bot Search RFI Scan (emerging-scan.rules)
 2011176 - ET SCAN MaMa CaSpEr RFI Scan (emerging-scan.rules)
 2011243 - ET SCAN Bot Search RFI Scan (ByroeNet/Casper-Like, planetwork) (emerging-scan.rules)
 2011244 - ET SCAN Bot Search RFI Scan (ByroeNet/Casper-Like, sun4u) (emerging-scan.rules)
 2011285 - ET SCAN Bot Search RFI Scan (Casper-Like, Jcomers Bot scan) (emerging-scan.rules)
 2011286 - ET SCAN Bot Search RFI Scan (Casper-Like, MaMa Cyber/ebes) (emerging-scan.rules)


[---]         Removed rules:         [---]

 2002667 - ET WEB_SERVER sumthin scan (emerging-web_server.rules)
 2003466 - ET WEB_SERVER PHP Attack Tool Morfeus F Scanner (emerging-web_server.rules)
 2003616 - ET WEB_SERVER DataCha0s Web Scanner/Robot (emerging-web_server.rules)
 2009288 - ET WEB_SERVER Attack Tool Revolt Scanner (emerging-web_server.rules)
 2009799 - ET WEB_SERVER PHP Attack Tool Morfeus F Scanner - M (emerging-web_server.rules)
 2010720 - ET WEB_SERVER PHP Scan Precursor (emerging-web_server.rules)
 2011175 - ET WEB_SERVER Casper Bot Search RFI Scan (emerging-web_server.rules)
 2011176 - ET WEB_SERVER MaMa CaSpEr RFI Scan (emerging-web_server.rules)
 2011243 - ET WEB_SERVER Bot Search RFI Scan (ByroeNet/Casper-Like, planetwork) (emerging-web_server.rules)
 2011244 - ET WEB_SERVER Bot Search RFI Scan (ByroeNet/Casper-Like, sun4u) (emerging-web_server.rules)
 2011285 - ET WEB_SERVER Bot Search RFI Scan (Casper-Like, Jcomers Bot scan) (emerging-web_server.rules)
 2011286 - ET WEB_SERVER Bot Search RFI Scan (Casper-Like, MaMa Cyber/ebes) (emerging-web_server.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to emerging-scan.rules (7):
        # 2010-07-08: Submitted by Mike Cox
        #by eric romang
        #some kind of robot/scripted web scanner. Some reports that it's looking for awstats installs
        #by shirkdog
        #by Jared Braverman
        #by mike cox
        # By Frank Knobbe, 2005-11-02

     -> Added to emerging-sid-msg.map (12):
        2002667 || ET SCAN sumthin scan || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_sumthin || url,doc.emergingthreats.net/2002667 || url,www.webmasterworld.com/forum11/2100.htm
        2003466 || ET SCAN PHP Attack Tool Morfeus F Scanner || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Morfeus_Scan || url,doc.emergingthreats.net/2003466 || url,www.webmasterworld.com/search_engine_spiders/3227720.htm
        2003616 || ET SCAN DataCha0s Web Scanner/Robot || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_DataCha0s || url,doc.emergingthreats.net/2003616 || url,www.internetofficer.com/web-robot/datacha0s.html
        2009288 || ET SCAN Attack Tool Revolt Scanner || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Revolt_Scanner || url,doc.emergingthreats.net/2009288 || url,www.Whitehatsecurityresponse.blogspot.com
        2009799 || ET SCAN PHP Attack Tool Morfeus F Scanner - M || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Morfeus_Scan || url,doc.emergingthreats.net/2003466 || url,www.webmasterworld.com/search_engine_spiders/3227720.htm
        2010720 || ET SCAN PHP Scan Precursor || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_nonexist || url,doc.emergingthreats.net/2010720
        2011175 || ET SCAN Casper Bot Search RFI Scan || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Casper || url,doc.emergingthreats.net/2011175
        2011176 || ET SCAN MaMa CaSpEr RFI Scan || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Casper || url,doc.emergingthreats.net/2011176
        2011243 || ET SCAN Bot Search RFI Scan (ByroeNet/Casper-Like, planetwork) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Casper || url,doc.emergingthreats.net/2011243 || url,eromang.zataz.com/2010/07/13/byroenet-casper-bot-search-e107-rce-scanner/
        2011244 || ET SCAN Bot Search RFI Scan (ByroeNet/Casper-Like, sun4u) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Casper || url,doc.emergingthreats.net/2011244 || url,eromang.zataz.com/2010/07/13/byroenet-casper-bot-search-e107-rce-scanner/
        2011285 || ET SCAN Bot Search RFI Scan (Casper-Like, Jcomers Bot scan) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Casper || url,doc.emergingthreats.net/2011285 || url,eromang.zataz.com/2010/07/13/byroenet-casper-bot-search-e107-rce-scanner/
        2011286 || ET SCAN Bot Search RFI Scan (Casper-Like, MaMa Cyber/ebes) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Casper || url,doc.emergingthreats.net/2011286 || url,eromang.zataz.com/2010/07/13/byroenet-casper-bot-search-e107-rce-scanner/

     -> Added to emerging-sid-msg.map.txt (12):
        2002667 || ET SCAN sumthin scan || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_sumthin || url,doc.emergingthreats.net/2002667 || url,www.webmasterworld.com/forum11/2100.htm
        2003466 || ET SCAN PHP Attack Tool Morfeus F Scanner || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Morfeus_Scan || url,doc.emergingthreats.net/2003466 || url,www.webmasterworld.com/search_engine_spiders/3227720.htm
        2003616 || ET SCAN DataCha0s Web Scanner/Robot || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_DataCha0s || url,doc.emergingthreats.net/2003616 || url,www.internetofficer.com/web-robot/datacha0s.html
        2009288 || ET SCAN Attack Tool Revolt Scanner || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Revolt_Scanner || url,doc.emergingthreats.net/2009288 || url,www.Whitehatsecurityresponse.blogspot.com
        2009799 || ET SCAN PHP Attack Tool Morfeus F Scanner - M || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Morfeus_Scan || url,doc.emergingthreats.net/2003466 || url,www.webmasterworld.com/search_engine_spiders/3227720.htm
        2010720 || ET SCAN PHP Scan Precursor || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_nonexist || url,doc.emergingthreats.net/2010720
        2011175 || ET SCAN Casper Bot Search RFI Scan || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Casper || url,doc.emergingthreats.net/2011175
        2011176 || ET SCAN MaMa CaSpEr RFI Scan || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Casper || url,doc.emergingthreats.net/2011176
        2011243 || ET SCAN Bot Search RFI Scan (ByroeNet/Casper-Like, planetwork) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Casper || url,doc.emergingthreats.net/2011243 || url,eromang.zataz.com/2010/07/13/byroenet-casper-bot-search-e107-rce-scanner/
        2011244 || ET SCAN Bot Search RFI Scan (ByroeNet/Casper-Like, sun4u) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Casper || url,doc.emergingthreats.net/2011244 || url,eromang.zataz.com/2010/07/13/byroenet-casper-bot-search-e107-rce-scanner/
        2011285 || ET SCAN Bot Search RFI Scan (Casper-Like, Jcomers Bot scan) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Casper || url,doc.emergingthreats.net/2011285 || url,eromang.zataz.com/2010/07/13/byroenet-casper-bot-search-e107-rce-scanner/
        2011286 || ET SCAN Bot Search RFI Scan (Casper-Like, MaMa Cyber/ebes) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Casper || url,doc.emergingthreats.net/2011286 || url,eromang.zataz.com/2010/07/13/byroenet-casper-bot-search-e107-rce-scanner/

[---]     Removed non-rule lines:    [---]

     -> Removed from emerging-sid-msg.map (12):
        2002667 || ET WEB_SERVER sumthin scan || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_sumthin || url,doc.emergingthreats.net/2002667 || url,www.webmasterworld.com/forum11/2100.htm
        2003466 || ET WEB_SERVER PHP Attack Tool Morfeus F Scanner || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Morfeus_Scan || url,doc.emergingthreats.net/2003466 || url,www.webmasterworld.com/search_engine_spiders/3227720.htm
        2003616 || ET WEB_SERVER DataCha0s Web Scanner/Robot || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_DataCha0s || url,doc.emergingthreats.net/2003616 || url,www.internetofficer.com/web-robot/datacha0s.html
        2009288 || ET WEB_SERVER Attack Tool Revolt Scanner || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Revolt_Scanner || url,doc.emergingthreats.net/2009288 || url,www.Whitehatsecurityresponse.blogspot.com
        2009799 || ET WEB_SERVER PHP Attack Tool Morfeus F Scanner - M || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Morfeus_Scan || url,doc.emergingthreats.net/2003466 || url,www.webmasterworld.com/search_engine_spiders/3227720.htm
        2010720 || ET WEB_SERVER PHP Scan Precursor || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_nonexist || url,doc.emergingthreats.net/2010720
        2011175 || ET WEB_SERVER Casper Bot Search RFI Scan || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_SERVER_Casper || url,doc.emergingthreats.net/2011175
        2011176 || ET WEB_SERVER MaMa CaSpEr RFI Scan || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_SERVER_Casper || url,doc.emergingthreats.net/2011176
        2011243 || ET WEB_SERVER Bot Search RFI Scan (ByroeNet/Casper-Like, planetwork) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_SERVER_Casper || url,doc.emergingthreats.net/2011243 || url,eromang.zataz.com/2010/07/13/byroenet-casper-bot-search-e107-rce-scanner/
        2011244 || ET WEB_SERVER Bot Search RFI Scan (ByroeNet/Casper-Like, sun4u) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_SERVER_Casper || url,doc.emergingthreats.net/2011244 || url,eromang.zataz.com/2010/07/13/byroenet-casper-bot-search-e107-rce-scanner/
        2011285 || ET WEB_SERVER Bot Search RFI Scan (Casper-Like, Jcomers Bot scan) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_SERVER_Casper || url,doc.emergingthreats.net/2011285 || url,eromang.zataz.com/2010/07/13/byroenet-casper-bot-search-e107-rce-scanner/
        2011286 || ET WEB_SERVER Bot Search RFI Scan (Casper-Like, MaMa Cyber/ebes) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_SERVER_Casper || url,doc.emergingthreats.net/2011286 || url,eromang.zataz.com/2010/07/13/byroenet-casper-bot-search-e107-rce-scanner/

     -> Removed from emerging-sid-msg.map.txt (12):
        2002667 || ET WEB_SERVER sumthin scan || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_sumthin || url,doc.emergingthreats.net/2002667 || url,www.webmasterworld.com/forum11/2100.htm
        2003466 || ET WEB_SERVER PHP Attack Tool Morfeus F Scanner || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Morfeus_Scan || url,doc.emergingthreats.net/2003466 || url,www.webmasterworld.com/search_engine_spiders/3227720.htm
        2003616 || ET WEB_SERVER DataCha0s Web Scanner/Robot || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_DataCha0s || url,doc.emergingthreats.net/2003616 || url,www.internetofficer.com/web-robot/datacha0s.html
        2009288 || ET WEB_SERVER Attack Tool Revolt Scanner || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Revolt_Scanner || url,doc.emergingthreats.net/2009288 || url,www.Whitehatsecurityresponse.blogspot.com
        2009799 || ET WEB_SERVER PHP Attack Tool Morfeus F Scanner - M || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Morfeus_Scan || url,doc.emergingthreats.net/2003466 || url,www.webmasterworld.com/search_engine_spiders/3227720.htm
        2010720 || ET WEB_SERVER PHP Scan Precursor || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_nonexist || url,doc.emergingthreats.net/2010720
        2011175 || ET WEB_SERVER Casper Bot Search RFI Scan || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_SERVER_Casper || url,doc.emergingthreats.net/2011175
        2011176 || ET WEB_SERVER MaMa CaSpEr RFI Scan || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_SERVER_Casper || url,doc.emergingthreats.net/2011176
        2011243 || ET WEB_SERVER Bot Search RFI Scan (ByroeNet/Casper-Like, planetwork) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_SERVER_Casper || url,doc.emergingthreats.net/2011243 || url,eromang.zataz.com/2010/07/13/byroenet-casper-bot-search-e107-rce-scanner/
        2011244 || ET WEB_SERVER Bot Search RFI Scan (ByroeNet/Casper-Like, sun4u) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_SERVER_Casper || url,doc.emergingthreats.net/2011244 || url,eromang.zataz.com/2010/07/13/byroenet-casper-bot-search-e107-rce-scanner/
        2011285 || ET WEB_SERVER Bot Search RFI Scan (Casper-Like, Jcomers Bot scan) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_SERVER_Casper || url,doc.emergingthreats.net/2011285 || url,eromang.zataz.com/2010/07/13/byroenet-casper-bot-search-e107-rce-scanner/
        2011286 || ET WEB_SERVER Bot Search RFI Scan (Casper-Like, MaMa Cyber/ebes) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_SERVER_Casper || url,doc.emergingthreats.net/2011286 || url,eromang.zataz.com/2010/07/13/byroenet-casper-bot-search-e107-rce-scanner/

     -> Removed from emerging-web_server.rules (5):
        # 2010-07-08: Submitted by Mike Cox
        #by eric romang
        #some kind of robot/scripted web scanner. Some reports that it's looking for awstats installs
        #by shirkdog
        # By Frank Knobbe, 2005-11-02



More information about the Emerging-updates mailing list