[Emerging-updates] Daily Update Summary 12/1/2011

Matthew Jonkman jonkman at emergingthreatspro.com
Wed Jan 12 17:34:39 EST 2011


Some good new rules today, and a significant rbn list update. 


[+++]          Added rules:          [+++]

 2012171 - ET MALWARE Lookup of Chinese Dynamic DNS Provider 3322.org Likely Malware Related (malware.rules)

Will be interesting, nothing good comes form this domain. If you have unexpected lookups you likely have a problem.


 2012172 - ET USER_AGENTS Suspicious User-Agent mrgud (user_agents.rules)
 2012176 - ET MALWARE Lookup of Malware Domain twothousands.cm Likely Infection (malware.rules)

Both very strong indications of an infection.


 2012173 - ET WEB_CLIENT eval String.fromCharCode String Which May Be Malicious (web_client.rules)

Experimental, very likely indication of hostile html/drivebys. Thanks Kevin!


 2012174 - ET EXPLOIT Microsoft Windows Common Control Library Heap Buffer Overflow (exploit.rules)

More MS!


 2801245 - ETPRO TROJAN TrojanDownloader Win32/VB.NP Checkin (trojan.rules)
 2801246 - ETPRO TROJAN Unknown Trojan Activity (trojan.rules)
 2801247 - ETPRO MALWARE Zango Spyware Install Checkin (malware.rules)
 2801248 - ETPRO USER_AGENTS Malware Related User-Agent RepairR (user_agents.rules)
 2801249 - ETPRO TROJAN Unknown Checkin via HTTP Post (trojan.rules)
 2801250 - ETPRO TROJAN Win32.Refroso CnC Request to Server (trojan.rules)
 2801251 - ETPRO TROJAN Win32.Refroso CnC Response from Server (trojan.rules)

And some pro malware rules, the research team had some fun in the sandnet!


----------------------------------------------------
Matthew Jonkman
Emergingthreats.net
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630
Fax 312-264-0205
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc





More information about the Emerging-updates mailing list