[Emerging-updates] Daily Ruleset Update Summary 4/16/2011

Matthew Jonkman jonkman at emergingthreatspro.com
Sun Apr 17 00:50:19 EDT 2011

Mostly maintenance today, but one new signature for the Windows 7 cmd shell. 

[+++]          Added rules:          [+++]

 2012690 - ET ATTACK_RESPONSE Windows 7 CMD Shell from Local System (attack_response.rules)

[///]     Modified active rules:     [///]

    2176 - GPL NETBIOS SMB startup folder access (netbios.rules)
 2004442 - ET TROJAN Banker.Delf User-Agent (hhh) (trojan.rules)
 2008953 - ET ATTACK_RESPONSE Possible MS CMD Shell opened on local system (attack_response.rules)
 2011816 - ET TROJAN Zeus POST Request to CnC (trojan.rules)
 2012158 - ET ACTIVEX Possible Microsoft WMI Administration Tools WEBSingleView.ocx ActiveX Buffer Overflow Attempt (activex.rules)
 2801216 - ETPRO WEB_CLIENT Microsoft Windows Fax Services Cover Page Editor Flowbit Set (web_client.rules)
 2801217 - ETPRO WEB_CLIENT Microsoft Windows Fax Services Cover Page Editor Heap Buffer Overflow (Published Exploit) (web_client.rules)
 2802041 - ETPRO NETBIOS Microsoft SMBv2 Transaction Parsing Vulnerability SMB (netbios.rules)

[---]         Disabled rules:        [---]

 2801962 - ETPRO TROJAN Kryptik/CodecPack.amda/TROJ_RENOS.SM3 Checkin (trojan.rules)

[---]         Removed rules:         [---]

 2008750 - ET TROJAN Buzus FTP Log Upload (trojan.rules)

Matthew Jonkman
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630 x110
Fax 312-264-0205

PGP: http://www.jonkmans.com/mattjonkman.asc

More information about the Emerging-updates mailing list