[Emerging-updates] Daily Ruleset Update Summary 4/2/2011

Matthew Jonkman jonkman at emergingthreatspro.com
Sat Apr 2 14:59:01 EST 2011

Light update today, just a few important things. Updates to and a new rule for the Lizamoon injection attacks.

[+++]          Added rules:          [+++]

 2012624 - ET CURRENT_EVENTS Lizamoon Related Compromised site served to local client (current_events.rules)
 2801948 - ETPRO TROJAN PC Total Defender or related Fake AV Checkin (trojan.rules)

[///]     Modified active rules:     [///]

 2007626 - ET TROJAN Pitbull IRCbotnet Fetch (trojan.rules)
 2009752 - ET TROJAN Monkif/DlKroha Trojan Activity HTTP Outbound (trojan.rules)
 2010920 - ET WEB_SERVER Exploit Suspected PHP Injection Attack (cmd=) (web_server.rules)
 2012056 - ET WEB_CLIENT Flash Player Flash6.ocx AllowScriptAccess Denial of Service (web_client.rules)
 2012614 - ET CURRENT_EVENTS Internal WebServer Compromised By Lizamoon Mass SQL-Injection Attacks (current_events.rules)
 2012619 - ET USER_AGENTS Suspicious User-Agent Mozilla/3.0 (user_agents.rules)
 2012620 - ET TROJAN Unknown Fake antivirus check-in (trojan.rules)

Final list of the new references. We'll not use these for a couple weeks at least.

     -> Added to reference.config:
        config reference: osvdb     http://osvdb.org/show/osvdb/
        config reference: threatexpert http://www.threatexpert.com/report.aspx?md5=
        config reference: exploitdb http://www.exploit-db.com/exploits/
        config reference: openpacket https://www.openpacket.org/capture/grab/
        config reference: securitytracker http://securitytracker.com/id?
        config reference: secunia   http://secunia.com/advisories/
        #config reference: cve       http://cvedetails.com/cve/
        config reference: bid       http://www.securityfocus.com/bid/
        config reference: xforce    http://xforce.iss.net/xforce/xfdb/

Matthew Jonkman
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630 x110
Fax 312-264-0205

PGP: http://www.jonkmans.com/mattjonkman.asc

More information about the Emerging-updates mailing list