[Emerging-updates] Daily Ruleset Update Summary 3/3/2011

Matthew Jonkman jonkman at emergingthreatspro.com
Thu Mar 3 19:33:04 EST 2011


Some very good malware stuff today, both open and pro rules. Here's to hoping you don't have any hits on them! (but if you do at least you'll know)

[+++]          Added rules:          [+++]

 2012411 - ET WEB_SPECIFIC_APPS IWantOneButton Wordpress updateAJAX.php post_id Parameter Cross Site Scripting Attempt (web_specific_apps.rules)
 2012412 - ET WEB_SPECIFIC_APPS IWantOneButton Wordpress SQL Injection Attempt  updateAJAX.php post_id SELECT (web_specific_apps.rules)
 2012413 - ET WEB_SPECIFIC_APPS IWantOneButton Wordpress SQL Injection Attempt updateAJAX.php post_id UNION SELECT (web_specific_apps.rules)
 2012414 - ET WEB_SPECIFIC_APPS IWantOneButton Wordpress SQL Injection Attempt updateAJAX.php post_id INSERT (web_specific_apps.rules)
 2012415 - ET WEB_SPECIFIC_APPS IWantOneButton Wordpress SQL Injection Attempt updateAJAX.php post_id DELETE (web_specific_apps.rules)
 2012416 - ET WEB_SPECIFIC_APPS IWantOneButton Wordpress SQL Injection Attempt updateAJAX.php post_id ASCII (web_specific_apps.rules)
 2012417 - ET WEB_SPECIFIC_APPS IWantOneButton Wordpress SQL Injection Attempt updateAJAX.php post_id UPDATE (web_specific_apps.rules)
 2012418 - ET WEB_SPECIFIC_APPS PhreeBooks js_include.php form Parameter Cross Site Scripting Attempt 1 (web_specific_apps.rules)
 2012419 - ET WEB_SPECIFIC_APPS PhreeBooks js_include.php form Parameter Cross Site Scripting Attempt 2 (web_specific_apps.rules)


And the ET Pro Rules:

 2801408 - ETPRO WEB_SPECIFIC_APPS SnapProof (page.php) SQL Injection SELECT FROM SQL Injection Attempt (web_specific_apps.rules)
 2801409 - ETPRO WEB_SPECIFIC_APPS SnapProof (page.php) SQL Injection DELETE FROM SQL Injection Attempt (web_specific_apps.rules)
 2801410 - ETPRO WEB_SPECIFIC_APPS SnapProof (page.php) SQL Injection UNION SELECT SQL Injection Attempt (web_specific_apps.rules)
 2801411 - ETPRO WEB_SPECIFIC_APPS SnapProof (page.php) SQL Injection INSERT INTO SQL Injection Attempt (web_specific_apps.rules)
 2801412 - ETPRO WEB_SPECIFIC_APPS SnapProof (page.php) SQL Injection UPDATE SET SQL Injection Attempt (web_specific_apps.rules)
 2801413 - ETPRO TROJAN Trojan.Win32.Socnet.A Activity (trojan.rules)
 2801414 - ETPRO TROJAN Trojan-Downloader.Win32.Parkchicers.A Checkin (trojan.rules)
 2801415 - ETPRO WORM KOOBFACE.AW Activity (worm.rules)
 2801416 - ETPRO USER_AGENTS Trojan-Downloader.Win32.Agent.eapd UA (user_agents.rules)
 2801418 - ETPRO MALWARE RogueSoftware.Win32.AVGAntivirus2011 Checkin 1 (malware.rules)
 2801419 - ETPRO MALWARE RogueSoftware.Win32.AVGAntivirus2011 Checkin 2 (malware.rules)
 2801420 - ETPRO MALWARE RogueSoftware.Win32.AVGAntivirus2011 Checkin 3 (malware.rules)
 2801421 - ETPRO MALWARE RogueSoftware.Win32.AVGAntivirus2011 Checkin 4 (malware.rules)
 2801422 - ETPRO TROJAN Trojan.Win32.OddJob.A Checkin 1 (trojan.rules)
 2801423 - ETPRO TROJAN Trojan.Win32.OddJob.A Checkin 2 (trojan.rules)
 2801424 - ETPRO MALWARE Adware.Win32.OpenCandy Checkin 1 (malware.rules)
 2801425 - ETPRO MALWARE Adware.Win32.OpenCandy Checkin 2 (malware.rules)
 2801426 - ETPRO TROJAN Trojan.Win32.KeyLogger.mww Checkin (trojan.rules)


[///]     Modified active rules:     [///]

 2801211 - ETPRO USER_AGENTS Likely Grum/Tedroo Spambot Data in User-Agent (user_agents.rules)
Thanks Darren for the mod to the above!



----------------------------------------------------
Matthew Jonkman
Emergingthreats.net
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630
Fax 312-264-0205
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc





More information about the Emerging-updates mailing list