[Emerging-updates] Live Commit Output

emerging@emergingthreats.net emerging at emergingthreats.net
Wed Jun 9 20:48:10 EDT 2010


[***] Results from Oinkmaster started Wed Jun  9 20:48:10 2010 [***]

[///]     Modified active rules:     [///]

 2001808 - ET P2P LimeWire P2P Traffic (emerging-p2p.rules)
 2002101 - ET GAMES Battle.net Starcraft login (emerging-game.rules)
 2002102 - ET GAMES Battle.net Brood War login (emerging-game.rules)
 2002103 - ET GAMES Battle.net Diablo login (emerging-game.rules)
 2002104 - ET GAMES Battle.net Diablo 2 login (emerging-game.rules)
 2002105 - ET GAMES Battle.net Diablo 2 Lord of Destruction login (emerging-game.rules)
 2002106 - ET GAMES Battle.net Warcraft 2 login (emerging-game.rules)
 2002107 - ET GAMES Battle.net Warcraft 3 login (emerging-game.rules)
 2002108 - ET GAMES Battle.net Warcraft 3\: The Frozen throne login (emerging-game.rules)
 2002109 - ET GAMES Battle.net old game version (emerging-game.rules)
 2002110 - ET GAMES Battle.net invalid version (emerging-game.rules)
 2002111 - ET GAMES Battle.net invalid cdkey (emerging-game.rules)
 2002112 - ET GAMES Battle.net cdkey in use (emerging-game.rules)
 2002113 - ET GAMES Battle.net banned key (emerging-game.rules)
 2002114 - ET GAMES Battle.net wrong product (emerging-game.rules)
 2002115 - ET GAMES Battle.net failed account login (OLS)\: wrong password (emerging-game.rules)
 2002116 - ET GAMES Battle.net failed account login (NLS)\: wrong password (emerging-game.rules)
 2002117 - ET GAMES Battle.net connection reset (possible IP-Ban) (emerging-game.rules)
 2002118 - ET GAMES Battle.net user in channel (emerging-game.rules)
 2002119 - ET GAMES Battle.net outgoing chat message (emerging-game.rules)
 2002138 - ET GAMES World of Warcraft connection (emerging-game.rules)
 2002139 - ET GAMES World of Warcraft failed logon (emerging-game.rules)
 2002140 - ET GAMES Battle.net user joined channel (emerging-game.rules)
 2002141 - ET GAMES Battle.net user left channel (emerging-game.rules)
 2002142 - ET GAMES Battle.net received whisper message (emerging-game.rules)
 2002144 - ET GAMES Battle.net joined channel (emerging-game.rules)
 2002145 - ET GAMES Battle.net user had a flags update (emerging-game.rules)
 2002146 - ET GAMES Battle.net sent a whisper (emerging-game.rules)
 2002147 - ET GAMES Battle.net channel full (emerging-game.rules)
 2002148 - ET GAMES Battle.net channel doesn't exist (emerging-game.rules)
 2002149 - ET GAMES Battle.net channel is restricted (emerging-game.rules)
 2002150 - ET GAMES Battle.net informational message (emerging-game.rules)
 2002151 - ET GAMES Battle.net error message (emerging-game.rules)
 2002152 - ET GAMES Battle.net 'emote' message (emerging-game.rules)
 2002154 - ET GAMES Guild Wars connection (emerging-game.rules)
 2002170 - ET GAMES Battle.net incoming chat message (emerging-game.rules)
 2007711 - ET TROJAN Srizbi registering with controller (emerging-virus.rules)
 2007712 - ET TROJAN Srizbi requesting template (emerging-virus.rules)
 2007800 - ET P2P LimeWire P2P Traffic (emerging-p2p.rules)
 2008473 - ET TROJAN HotLan.C Spambot Trojan Activity (emerging-virus.rules)
 2008644 - ET TROJAN Spy-Net Trojan Connection (emerging-virus.rules)
 2008645 - ET TROJAN Spy-Net Trojan Connection (2) (emerging-virus.rules)
 2008675 - ET TROJAN Backdoor.Win32.Assasin.20.C Control Session Start (emerging-virus.rules)
 2008676 - ET TROJAN Backdoor.Win32.Assasin.20.C Control Session Server Reply (emerging-virus.rules)
 2008677 - ET TROJAN Backdoor.Win32.Assasin.20.C Control Channel Client Reply (emerging-virus.rules)
 2008730 - ET TROJAN Ipbill.com Related Dialer Trojan Checkin (emerging-virus.rules)
 2008731 - ET TROJAN Ipbill.com Related Dialer Trojan Server Response (emerging-virus.rules)
 2008750 - ET TROJAN Buzus FTP Log Upload (emerging-virus.rules)
 2008805 - ET TROJAN DNS Changer.bnm/Downloader.bnm CnC Channel Start (emerging-virus.rules)
 2008806 - ET TROJAN DNS Changer.bnm/Downloader.bnm CnC Channel Start Response (emerging-virus.rules)
 2008807 - ET TROJAN DNS Changer.bnm/Downloader.bnm Second CnC Channel Start (emerging-virus.rules)
 2008808 - ET TROJAN DNS Changer.bnm/Downloader.bnm Second CnC Channel Traffic (emerging-virus.rules)
 2008841 - ET TROJAN Trojan-PWS.Win32.Small.gs Passwords leak over FTP (emerging-virus.rules)
 2008842 - ET POLICY Possible HTTP-TUNNEL to External Proxy for Anonymous Access (emerging-policy.rules)
 2008843 - ET POLICY Possible HTTP-TUNNEL to External Proxy for Anonymous Access (server download) (emerging-policy.rules)
 2008905 - ET TROJAN Trojan.Delf-5496 Checkin Error (emerging-virus.rules)
 2008906 - ET TROJAN Trojan.Delf-5496 Egg Request (emerging-virus.rules)
 2008907 - ET TROJAN Trojan.Delf-5496 File Manager Access Report (emerging-virus.rules)
 2008908 - ET TROJAN Trojan.Delf-5496 New Infection Report (emerging-virus.rules)
 2009028 - ET MALWARE 404 Response with an EXE Attached - Likely Malware Drop (emerging-policy.rules)
 2009052 - ET TROJAN Hupigon System Stats Report (I-variant) (emerging-virus.rules)
 2009350 - ET TROJAN Win32.Hupigon Control Server Response (emerging-virus.rules)
 2009351 - ET TROJAN Urlzone/Bebloh Communication with Controller (emerging-virus.rules)
 2009862 - ET TROJAN Banker Trojan CnC AddNew Command (emerging-virus.rules)
 2009863 - ET TROJAN Banker Trojan CnC Hello Command (emerging-virus.rules)
 2009864 - ET TROJAN Banker Trojan CnC Server Ping (emerging-virus.rules)
 2009895 - ET POLICY OperaUnite URL Registration (emerging-policy.rules)
 2009949 - ET WEB_SERVER Tilde in URI, potential .pl source disclosure vulnerability (emerging-web_server.rules)
 2009950 - ET WEB_SERVER Tilde in URI, potential .inc source disclosure vulnerability (emerging-web_server.rules)
 2009951 - ET WEB_SERVER Tilde in URI, potential .conf source disclosure vulnerability (emerging-web_server.rules)
 2009952 - ET WEB_SERVER Tilde in URI, potential .asp source disclosure vulnerability (emerging-web_server.rules)
 2009953 - ET WEB_SERVER Tilde in URI, potential .aspx source disclosure vulnerability (emerging-web_server.rules)
 2009955 - ET WEB_SERVER Tilde in URI, potential .php source disclosure vulnerability (emerging-web_server.rules)
 2010344 - ET TROJAN Chorns/Poison Ivy related Backdoor Initial Connection (emerging-virus.rules)
 2010345 - ET TROJAN Chorns/Poison Ivy related Backdoor Keep Alive (emerging-virus.rules)
 2010463 - ET CURRENT_EVENTS RFI Scanner Success (Fx29ID) (emerging-current_events.rules)
 2010509 - ET WEB_SPECIFIC_APPS Sonicwall NSA E7500 XSS attempt (fwReg parameter) (emerging-web_specific_apps.rules)
 2010511 - ET WEB_SPECIFIC_APPS Sonicwall Global Management System XSS attempt (scrn_name parameter) (emerging-web_specific_apps.rules)
 2010514 - ET WEB_CLIENT Possible HTTP 401 XSS Attempt (External Source) (emerging-web_client.rules)
 2010516 - ET WEB_CLIENT Possible HTTP 403 XSS Attempt (External Source) (emerging-web_client.rules)
 2010518 - ET WEB_CLIENT Possible HTTP 404 XSS Attempt (External Source) (emerging-web_client.rules)
 2010520 - ET WEB_CLIENT Possible HTTP 405 XSS Attempt (External Source) (emerging-web_client.rules)
 2010522 - ET WEB_CLIENT Possible HTTP 406 XSS Attempt (External Source) (emerging-web_client.rules)
 2010525 - ET WEB_CLIENT Possible HTTP 500 XSS Attempt (External Source) (emerging-web_client.rules)
 2010527 - ET WEB_CLIENT Possible HTTP 503 XSS Attempt (External Source) (emerging-web_client.rules)
 2010547 - ET WEB_SPECIFIC_APPS Barracuda Web Application Firewall 600 XSS attempt (backup_username) (emerging-web_specific_apps.rules)
 2010548 - ET WEB_SPECIFIC_APPS Barracuda Web Application Firewall 600 XSS attempt (backup_server) (emerging-web_specific_apps.rules)
 2010549 - ET WEB_SPECIFIC_APPS Barracuda Web Application Firewall 600 XSS attempt (backup_path) (emerging-web_specific_apps.rules)
 2010550 - ET WEB_SPECIFIC_APPS Barracuda Web Application Firewall 600 XSS attempt (backup_password) (emerging-web_specific_apps.rules)
 2010602 - ET WEB_SPECIFIC_APPS ClarkConnect Linux proxy.php XSS Attempt (emerging-web_specific_apps.rules)
 2010646 - ET TROJAN Lethic Spambot CnC Initial Connect (emerging-virus.rules)
 2010647 - ET TROJAN Lethic Spambot CnC Initial Connect Bot Response (emerging-virus.rules)
 2010648 - ET TROJAN Lethic Spambot CnC Connect Command (emerging-virus.rules)
 2010649 - ET TROJAN Lethic Spambot CnC Connect Command (port 25 specifically) (emerging-virus.rules)
 2010650 - ET TROJAN Lethic Spambot CnC Bot Command Confirmation (emerging-virus.rules)
 2010651 - ET TROJAN Lethic Spambot CnC Bot Transaction Relay (emerging-virus.rules)
 2010820 - ET WEB_SERVER Tilde in URI, potential .cgi source disclosure vulnerability (emerging-web_server.rules)
 2010823 - ET TROJAN Torpig Related Fake User-Agent (Apache (compatible...)) (emerging-virus.rules)
 2010824 - ET TROJAN Torpig Ping-Pong Keepalives Outbound (emerging-virus.rules)
 2010825 - ET TROJAN Torpig Ping-Pong Keepalives Inbound (emerging-virus.rules)
 2010826 - ET TROJAN Torpig Initial CnC Connect on port 8392 (emerging-virus.rules)
 2010827 - ET TROJAN Torpig CnC Connect on port 8392 (emerging-virus.rules)
 2010828 - ET TROJAN Torpig CnC IP Report Command on port 8392 (emerging-virus.rules)
 2010829 - ET TROJAN Torpig CnC Report Command on port 8392 (emerging-virus.rules)
 2010859 - ET TROJAN Gh0st Trojan CnC (emerging-virus.rules)
 2010860 - ET TROJAN Gh0st Trojan CnC Response (emerging-virus.rules)
 2010861 - ET TROJAN Zeus Bot Request to CnC (emerging-virus.rules)
 2010888 - ET TROJAN Generic Downloader checkin (3) (emerging-virus.rules)


[///]    Modified inactive rules:    [///]

 2009954 - ET WEB_SERVER Tilde in URI after file, potential source disclosure vulnerability (emerging-web_server.rules)


[---]         Removed rules:         [---]

 2002143 - ET GAMES Battle.net received server broadcast (emerging-game.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to emerging-game.rules (1):
        alert tcp $EXTERNAL_NET 6112 -> $HOME_NET any (msg:"ET GAMES Battle.net received server broadcast"; flow:established,from_server; content:"|FF 0F|"; depth:2; content:"|06 00 00 00|"; offset:4; depth:4; classtype: policy-violation; reference:url,doc.emergingthreats.net/bin/view/Main/2002143; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/GAMES/GAMES_Battlenet; sid:2002143; rev:45)

[---]     Removed non-rule lines:    [---]

     -> Removed from emerging-sid-msg.map (1):
        2002143 || ET GAMES Battle.net received server broadcast || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/GAMES/GAMES_Battlenet || url,doc.emergingthreats.net/bin/view/Main/2002143

     -> Removed from emerging-sid-msg.map.txt (1):
        2002143 || ET GAMES Battle.net received server broadcast || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/GAMES/GAMES_Battlenet || url,doc.emergingthreats.net/bin/view/Main/2002143



More information about the Emerging-updates mailing list