[Emerging-updates] Daily Update Summary 10/1/2011

Matthew Jonkman jonkman at emergingthreatspro.com
Mon Jan 10 15:02:40 EST 2011


[+++]          Added rules:          [+++]

 2012170 - ET GAMES Blizzard Web Downloader Install Detected (games.rules)

A new UA for blizzard web games found in the sandnet.


New Pro rules:
 2801231 - ETPRO TROJAN Trojan-Dropper.Win32.Clons.lrg Checkin (trojan.rules)
 2801235 - ETPRO TROJAN Generic Malware CnC Download Command (trojan.rules)

Reliable new rules, same old trojans.


 2801232 - ETPRO WEB_CLIENT Microsoft Internet Explorer IE CSS Multiple Dereference Vulnerability Exploit Specific Trigger (web_client.rules)
 2801233 - ETPRO WEB_CLIENT Microsoft Internet Explorer IE CSS Multiple Dereference Vulnerability Exploit Specific IE 6.2 (web_client.rules)
 2801234 - ETPRO WEB_CLIENT Microsoft Internet Explorer IE CSS Multiple Dereference Vulnerability Exploit Specific IE 7.x (web_client.rules)
 2801236 - ETPRO WEB_CLIENT Microsoft WMI Administrative Tools ActiveX Control AddContextRef Method Overflow 1 (web_client.rules)
 2801237 - ETPRO WEB_CLIENT Microsoft WMI Administrative Tools ActiveX Control ReleaseContext Method Overflow 2 (web_client.rules)
 2801238 - ETPRO WEB_CLIENT Microsoft WMI Administrative Tools ActiveX Control AddContextRef Method Overflow (web_client.rules)
 2801239 - ETPRO WEB_CLIENT Microsoft WMI Administrative Tools ActiveX Control ReleaseContext Method Overflow (web_client.rules)

More MS/IE issues. Note, these are NOT the ones coming out for patch tuesday tomorrow. We've got those queued up for release tomorrow.



[///]     Modified active rules:     [///]

 2009301 - ET POLICY Megaupload file download service access (policy.rules)
 2010973 - ET TROJAN Vobfus/Changeup/Chinky Download Command (trojan.rules)
 2012132 - ET CURRENT_EVENTS Misc Malware Related Activity (current_events.rules)
 2800964 - ETPRO TROJAN Banker/Banbra.fxe Checkin (trojan.rules)
 2801224 - ETPRO WORM Worm.Win32.Soglueda.A Checkin (worm.rules)

Mostly minor updates.

See you for patch tuesday tomorrow!


----------------------------------------------------
Matthew Jonkman
Emergingthreats.net
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630
Fax 312-264-0205
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc





More information about the Emerging-updates mailing list