[Emerging-updates] Daily Update Summary 2/22/2011

Matthew Jonkman jonkman at emergingthreatspro.com
Tue Feb 22 16:58:35 EST 2011


Slimmer ruleset update today. Significant RBN list update is in here, as well as some more hosts in the Bot-cc list. We've added the Palevo tracker to the mix. Be sure to thank the guys at abuse.ch for the incredible work they do if you get the chance!

[+++]          Added rules:          [+++]

 2010440 - ET CURRENT_EVENTS Potential Malware Download flash-HQ-plugin exe (current_events.rules)
 2012332 - ET CURRENT_EVENTS Possible Fast Flux Trojan Rogue Antivirus (current_events.rules)
 2012333 - ET CURRENT_EVENTS Possible Neosploit Toolkit download (current_events.rules)

Pro rules:
 2801364 - ETPRO USER_AGENTS Suspicious user agent GTB (user_agents.rules)
 2801365 - ETPRO MALWARE Packed.Win32.Krap Checkin (malware.rules)
 2801366 - ETPRO MALWARE Trojan.Win32.Biter.g Checkin (malware.rules)
 2801367 - ETPRO TROJAN Backdoor.Win32.Talsab.B Checkin Request (trojan.rules)
 2801368 - ETPRO TROJAN Backdoor.Win32.Talsab.B Reporting Information (trojan.rules)
 2801369 - ETPRO NETBIOS Microsoft Windows Active Directory BROWSER ELECTION Buffer Overflow Inbound Netbios 138 1 (netbios.rules)
 2801370 - ETPRO NETBIOS Microsoft Windows Active Directory BROWSER ELECTION Buffer Overflow Inbound Netbios 138 2 (netbios.rules)
 2801371 - ETPRO NETBIOS Microsoft Windows Active Directory BROWSER ELECTION Buffer Overflow Inbound Netbios 139 (netbios.rules)
 2801372 - ETPRO NETBIOS Microsoft Windows Active Directory BROWSER ELECTION Buffer Overflow SMB (netbios.rules)
 2801373 - ETPRO NETBIOS Microsoft Windows Active Directory BROWSER ELECTION Buffer Overflow CIFS (netbios.rules)
 2801374 - ETPRO NETBIOS Microsoft Windows Active Directory BROWSER ELECTION Buffer Overflow Internal Netbios 138 1 (netbios.rules)
 2801375 - ETPRO NETBIOS Microsoft Windows Active Directory BROWSER ELECTION Buffer Overflow Internal Netbios 138 2 (netbios.rules)
 2801376 - ETPRO NETBIOS Microsoft Windows Active Directory BROWSER ELECTION Buffer Overflow Internal Netbios 139 (netbios.rules)
 2801377 - ETPRO NETBIOS Microsoft Windows Active Directory BROWSER ELECTION Buffer Overflow Internal SMB (netbios.rules)
 2801378 - ETPRO NETBIOS Microsoft Windows Active Directory BROWSER ELECTION Buffer Overflow Internal CIFS (netbios.rules)


[///]     Modified active rules:     [///]

 2011904 - ET CURRENT_EVENTS fast flux rogue antivirus download.php?id=2004 (current_events.rules)
 2011983 - ET CURRENT_EVENTS Suspicious executable download possible Fast Flux Trojan (current_events.rules)


----------------------------------------------------
Matthew Jonkman
Emergingthreats.net
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630
Fax 312-264-0205
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc





More information about the Emerging-updates mailing list