[Emerging-updates] Daily Ruleset Update 4/7/2011

Matthew Jonkman jonkman at emergingthreatspro.com
Thu Apr 7 14:47:42 EDT 2011


We hit the sandnet hard today to put out a lot of new signatures. There's also a significant update to the RBN list in this update. Enjoy!

[+++]          Added rules:          [+++]

 2012647 - ET POLICY Dropbox.com Offsite File Backup in Use (policy.rules)
 2012648 - ET POLICY Dropbox Client Broadcasting (policy.rules)
 2406714 - ET RBN Known Russian Business Network IP (358) (rbn.rules)
 2406716 - ET RBN Known Russian Business Network IP (359) (rbn.rules)
 2406718 - ET RBN Known Russian Business Network IP (360) (rbn.rules)
 2801988 - ETPRO TROJAN Trojan-Downloader.Win32.VB.acda Checkin (trojan.rules)
 2801989 - ETPRO USER_AGENTS Suspicious User-Agent (bajun) (user_agents.rules)
 2801990 - ETPRO USER_AGENTS Suspicious User-Agent HTTP Client (user_agents.rules)
 2801991 - ETPRO USER_AGENTS Suspicious User-Agent random (user_agents.rules)
 2801992 - ETPRO USER_AGENTS Suspicious User-Agent Se2011 (user_agents.rules)
 2801993 - ETPRO USER_AGENTS Trojan Related Lame Updater User-Agent (user_agents.rules)
 2801994 - ETPRO TROJAN Dooptroop Dropper Checkin (trojan.rules)
 2801995 - ETPRO TROJAN Buzus/Bifrost Checkin (trojan.rules)
 2801996 - ETPRO TROJAN Buzus/Bifrost Checkin Response (trojan.rules)
 2801997 - ETPRO TROJAN Ardamax Keylogger Reporting (trojan.rules)
 2801998 - ETPRO TROJAN Unknown Keylogger Reporting (trojan.rules)
 2801999 - ETPRO USER_AGENTS Suspicious User Agent Possible Spyware Related (Mozilla 0a) 2 (user_agents.rules)
 2802000 - ETPRO TROJAN Win32.AutoRun.bntt Checkin (trojan.rules)


[///]     Modified active rules:     [///]

 2011969 - ET CURRENT_EVENTS SEO FAKE AV Win32.Ponmocup Checkin (current_events.rules)
 2012169 - ET TROJAN Potential Blackhole Exploit Pack Binary Load Request (trojan.rules)
 2012506 - ET TROJAN Driveby Exploit Attempt Often to Install Monkif (trojan.rules)



----------------------------------------------------
Matthew Jonkman
Emergingthreats.net
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630 x110
Fax 312-264-0205
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc





More information about the Emerging-updates mailing list