[Emerging-updates] Daily Update Summary 12/1/2011

Matthew Jonkman jonkman at emergingthreatspro.com
Wed Jan 12 17:34:39 EST 2011

Some good new rules today, and a significant rbn list update. 

[+++]          Added rules:          [+++]

 2012171 - ET MALWARE Lookup of Chinese Dynamic DNS Provider 3322.org Likely Malware Related (malware.rules)

Will be interesting, nothing good comes form this domain. If you have unexpected lookups you likely have a problem.

 2012172 - ET USER_AGENTS Suspicious User-Agent mrgud (user_agents.rules)
 2012176 - ET MALWARE Lookup of Malware Domain twothousands.cm Likely Infection (malware.rules)

Both very strong indications of an infection.

 2012173 - ET WEB_CLIENT eval String.fromCharCode String Which May Be Malicious (web_client.rules)

Experimental, very likely indication of hostile html/drivebys. Thanks Kevin!

 2012174 - ET EXPLOIT Microsoft Windows Common Control Library Heap Buffer Overflow (exploit.rules)

More MS!

 2801245 - ETPRO TROJAN TrojanDownloader Win32/VB.NP Checkin (trojan.rules)
 2801246 - ETPRO TROJAN Unknown Trojan Activity (trojan.rules)
 2801247 - ETPRO MALWARE Zango Spyware Install Checkin (malware.rules)
 2801248 - ETPRO USER_AGENTS Malware Related User-Agent RepairR (user_agents.rules)
 2801249 - ETPRO TROJAN Unknown Checkin via HTTP Post (trojan.rules)
 2801250 - ETPRO TROJAN Win32.Refroso CnC Request to Server (trojan.rules)
 2801251 - ETPRO TROJAN Win32.Refroso CnC Response from Server (trojan.rules)

And some pro malware rules, the research team had some fun in the sandnet!

Matthew Jonkman
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630
Fax 312-264-0205

PGP: http://www.jonkmans.com/mattjonkman.asc

More information about the Emerging-updates mailing list