[Emerging-updates] Daily Ruleset Update Summary 2/21/2011

Matthew Jonkman jonkman at emergingthreatspro.com
Mon Feb 21 17:06:22 EST 2011


We've got a great update for you today. Lots of ET Open sigs as well as a good load of ET Pro sigs. 

Special note: I've added an Apple iDisk sig into Policy. iDisk data is NOT encrypted in transit, so it's use in a corporate environment is a major issue. This will help identify syncing clients.

[+++]          Added rules:          [+++]

 2012315 - ET USER_AGENTS Fake Opera 8.11 UA related to Trojan Activity (user_agents.rules)
 2012316 - ET USER_AGENTS Suspicious Win32 User Agent (user_agents.rules)
 2012317 - ET NETBIOS Microsoft Windows Server 2003 Active Directory Pre-Auth BROWSER ELECTION Heap Overflow Attempt (netbios.rules)
 2012318 - ET CURRENT_EVENTS FAKEAV download (AntiSpyWareSetup.exe) (current_events.rules)
 2012319 - ET CURRENT_EVENTS IRS Inbound SMTP Malware (current_events.rules)
 2012320 - ET CURRENT_EVENTS IRS Inbound SPAM (current_events.rules)
 2012321 - ET CURRENT_EVENTS HTTP Request to a suspicious *.cx.cc domain (current_events.rules)
 2012322 - ET TROJAN Possible TDSS User-Agent CMD3 (trojan.rules)
 2012323 - ET CURRENT_EVENTS Malicious Advertizing URL in.cgi/antibot_hash (current_events.rules)
 2012324 - ET EXPLOIT Unknown Exploit Pack URL Detected (exploit.rules)
 2012325 - ET WEB_CLIENT Obfuscated Javascript // ptth (web_client.rules)
 2012326 - ET WEB_CLIENT Obfuscated Javascript // ptth (escaped) (web_client.rules)
 2012327 - ET MALWARE All Numerical .cn Domain Likely Malware Related (malware.rules)
 2012328 - ET MALWARE All Numerical .ru Domain Likely Malware Related (malware.rules)
 2012329 - ET CURRENT_EVENTS IRS Inbound SPAM variant 3 (current_events.rules)
 2012330 - ET CURRENT_EVENTS HTTP Request to a *.rr.nu domain (current_events.rules)
 2012331 - ET POLICY Apple iDisk Sync Unencrypted (policy.rules)


And your ET Pro Rules for today:

 2801349 - ETPRO USER_AGENTS Trojan-Downloader.Win32.FraudLoad.yevp Related UA (user_agents.rules)
 2801350 - ETPRO USER_AGENTS suspicious user agent (The Http-string-downloader) (user_agents.rules)
 2801351 - ETPRO TROJAN Win32/Small.AII Checkin (trojan.rules)
 2801352 - ETPRO TROJAN Trojan.Win32.Dreammon.D Checkin (trojan.rules)
 2801353 - ETPRO EXPLOIT HP OpenView Network Node Manager ovutil.dll stringToSeconds Buffer Overflow (exploit.rules)
 2801354 - ETPRO TROJAN Trojan.Win32.Cryect.A Checkin on port 443 (trojan.rules)
 2801355 - ETPRO EXPLOIT IBM DB2 Universal Database receiveDASMessage Buffer Overflow 1 (exploit.rules)
 2801356 - ETPRO EXPLOIT IBM DB2 Universal Database receiveDASMessage Buffer Overflow 2 (exploit.rules)
 2801357 - ETPRO EXPLOIT IBM DB2 Universal Database receiveDASMessage Buffer Overflow 3 (exploit.rules)
 2801358 - ETPRO EXPLOIT IBM DB2 Universal Database receiveDASMessage Buffer Overflow 4 (exploit.rules)
 2801359 - ETPRO EXPLOIT IBM DB2 Universal Database receiveDASMessage Buffer Overflow 5 (exploit.rules)
 2801360 - ETPRO EXPLOIT IBM DB2 Universal Database receiveDASMessage Buffer Overflow 6 (exploit.rules)
 2801361 - ETPRO EXPLOIT IBM DB2 Universal Database receiveDASMessage Buffer Overflow 7 (exploit.rules)
 2801362 - ETPRO EXPLOIT IBM DB2 Universal Database receiveDASMessage Buffer Overflow 8 (exploit.rules)
 2801363 - ETPRO TROJAN Trojan.Win32.Lanaur.A Checkin (trojan.rules)

Enjoy!

Matt

----------------------------------------------------
Matthew Jonkman
Emergingthreats.net
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630
Fax 312-264-0205
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc





More information about the Emerging-updates mailing list