[Emerging-updates] Daily Ruleset Update Summary 4/14/2011

Matthew Jonkman jonkman at emergingthreatspro.com
Thu Apr 14 21:27:14 EDT 2011


A few interesting sigs today, enjoy!

[+++]          Added rules:          [+++]

 2012688 - ET CURRENT_EVENTS Potential Blackhole Exploit Pack landing (current_events.rules)
 2012689 - ET POLICY LoJack asset recovery/tracking - not malicious (policy.rules)


And the pro sigs. These first few just changed category to ACTIVEX.

 2801236 - ETPRO ACTIVEX Microsoft WMI Administrative Tools ActiveX Control AddContextRef Method Overflow 1 (activex.rules)
 2801237 - ETPRO ACTIVEX Microsoft WMI Administrative Tools ActiveX Control ReleaseContext Method Overflow 2 (activex.rules)
 2801238 - ETPRO ACTIVEX Microsoft WMI Administrative Tools ActiveX Control AddContextRef Method Overflow (activex.rules)
 2801239 - ETPRO ACTIVEX Microsoft WMI Administrative Tools ActiveX Control ReleaseContext Method Overflow (activex.rules)


 2802043 - ETPRO WEB_CLIENT Adobe Flash Compressed File Embedded in Microsoft Document ASCII (web_client.rules)
 2802044 - ETPRO WEB_CLIENT Adobe Flash Compressed File Embedded in Microsoft Document - Unicode (web_client.rules)


[---]         Removed rules:         [---]

 2010064 - ET MALWARE Buzus Posting Data (malware.rules)
 2801988 - ETPRO TROJAN Trojan-Downloader.Win32.VB.acda Checkin (trojan.rules)



----------------------------------------------------
Matthew Jonkman
Emergingthreats.net
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630 x110
Fax 312-264-0205
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc





More information about the Emerging-updates mailing list