[Emerging-updates] Daily Ruleset Update Summary 3/1/2011

Matthew Jonkman jonkman at emergingthreatspro.com
Tue Mar 1 00:05:54 EST 2011


A good mix of both open and pro rules today, some interesting malware in both!


[+++]          Added rules:          [+++]
 
 2012391 - ET TROJAN Tatanga Checkin (trojan.rules)
 2012392 - ET CURRENT_EVENTS Potential Fast Flux Rogue Antivirus (Setup_245.exe) (current_events.rules)
 2012393 - ET WEB_SPECIFIC_APPS Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Attempt (web_specific_apps.rules)
 2012394 - ET WEB_SPECIFIC_APPS IBM Lotus Sametime Server stconf.nsf Cross Site Scripting Attempt (web_specific_apps.rules)
 2012395 - ET WEB_SPECIFIC_APPS IBM Lotus Sametime Server stconf.nsf Cross Site Scripting Attempt (web_specific_apps.rules)
 2012396 - ET WEB_SPECIFIC_APPS Eclipse IDE Help Component Cross Site Scripting Attempt (web_specific_apps.rules)
 2012397 - ET WEB_SPECIFIC_APPS Eclipse IDE Help Component Cross Site Scripting Attempt (web_specific_apps.rules)
 2012398 - ET WEB_CLIENT Hex Obfuscation of replace Javascript Function % Encoding (web_client.rules)
 2012399 - ET WEB_CLIENT Hex Obfuscation of replace Javascript Function %u UTF-8 Encoding (web_client.rules)
 2012400 - ET WEB_CLIENT Hex Obfuscation of replace Javascript Function %u UTF-16 Encoding (web_client.rules)
 2012401 - ET CURRENT_EVENTS Driveby Download Secondary Request (current_events.rules)
 2012402 - ET CURRENT_EVENTS Facebook URL Redirect Vulnerability (current_events.rules)
 2012403 - ET CURRENT_EVENTS Potential Rogue Antivirus FakePAV (current_events.rules)
 2012404 - ET WEB_CLIENT Likely Hostile Eval CRYPT.obfuscate Usage (web_client.rules)
 2012405 - ET CURRENT_EVENTS Potential FakePAV Checkin (current_events.rules)

And the ET Pro rules:
 2801391 - ETPRO EXPLOIT IBM Informix Dynamic Server SET ENVIRONMENT Stack Buffer Overflow (exploit.rules)
 2801393 - ETPRO CURRENT_EVENTS Cnzz.cn Related Dropper Checkin (current_events.rules)
 2801394 - ETPRO TROJAN Generic Dropper Checkin callback (trojan.rules)
 2801395 - ETPRO USER_AGENTS qqkuyou Related Checkin (user_agents.rules)
 2801391 - ETPRO CURRENT_EVENTS Cnzz.cn Related Dropper Checkin (current_events.rules)
 2801392 - ETPRO EXPLOIT IBM Informix Dynamic Server SET ENVIRONMENT Stack Buffer Overflow (exploit.rules)
 2801391 - ETPRO EXPLOIT IBM Informix Dynamic Server SET ENVIRONMENT Stack Buffer Overflow (exploit.rules)
 2801393 - ETPRO CURRENT_EVENTS Cnzz.cn Related Dropper Checkin (current_events.rules)
 2801394 - ETPRO TROJAN Generic Dropper Checkin callback (trojan.rules)
 2801395 - ETPRO USER_AGENTS qqkuyou Related Checkin (user_agents.rules)



----------------------------------------------------
Matthew Jonkman
Emergingthreats.net
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630
Fax 312-264-0205
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc





More information about the Emerging-updates mailing list