[Emerging-updates] Daily Ruleset Update Summary 2/7/2011

Matthew Jonkman jonkman at emergingthreatspro.com
Mon Feb 7 20:33:06 EST 2011


Not a huge update today, Preparing for patch tuesday sigs, we'll have full coverage when we can release sigs!

RBN update in this tarball as well.

[+++]          Added rules:          [+++]

 2012301 - ET TROJAN Potential Trojan dropper Wlock.A (AS1680) (trojan.rules)
 2012302 - ET CURRENT_EVENTS Potential Fake AV Scan (AS31252) (current_events.rules)

Pro rules:
 2801322 - ETPRO TROJAN Win32.Dogrobot activity on port 123 (trojan.rules)
 2801323 - ETPRO CURRENT_EVENTS Win32/Dogrobot Checkin on HTTP_PORTS (current_events.rules)


[///]     Modified active rules:     [///]

 2001652 - ET USER_AGENTS JoltID Agent New Code Download (user_agents.rules)
 2011967 - ET CURRENT_EVENTS Trojan Zbot (AS9121) (current_events.rules)

Pro rules:
 2800818 - ETPRO WORM Worm.Win32.Carrier.ih Checkin (hello) (worm.rules)
 2801178 - ETPRO EXPLOIT Microsoft IIS FTP Server Telnet IAC Buffer Overflow (exploit.rules)



----------------------------------------------------
Matthew Jonkman
Emergingthreats.net
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630
Fax 312-264-0205
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc





More information about the Emerging-updates mailing list