[Emerging-updates] Daily Ruleset Update Summary 3/14/2011

Matthew Jonkman jonkman at emergingthreatspro.com
Mon Mar 14 10:51:21 EST 2011


This is a compiled update. We had a few updates go in over the weekend for sig fixes, as well as some new signatures. 

Major update to the RBN list as well.

[+++]          Added rules:          [+++]

 2012468 - ET WEB_SPECIFIC_APPS All In One Control Panel SQL Injection Attempt -- cp_menu_data_file.php menu SELECT (web_specific_apps.rules)
 2012469 - ET WEB_SPECIFIC_APPS All In One Control Panel SQL Injection Attempt -- cp_menu_data_file.php menu UNION SELECT (web_specific_apps.rules)
 2012470 - ET WEB_SPECIFIC_APPS All In One Control Panel SQL Injection Attempt -- cp_menu_data_file.php menu INSERT (web_specific_apps.rules)
 2012471 - ET WEB_SPECIFIC_APPS All In One Control Panel SQL Injection Attempt -- cp_menu_data_file.php menu DELETE (web_specific_apps.rules)
 2012472 - ET WEB_SPECIFIC_APPS All In One Control Panel SQL Injection Attempt -- cp_menu_data_file.php menu ASCII (web_specific_apps.rules)
 2012473 - ET WEB_SPECIFIC_APPS All In One Control Panel SQL Injection Attempt -- cp_menu_data_file.php menu UPDATE (web_specific_apps.rules)
 2012474 - ET WEB_SPECIFIC_APPS RecordPress rp-menu.php sess_user Parameter Cross Site Scripting Attempt (web_specific_apps.rules)
 2012475 - ET WEB_SPECIFIC_APPS RecordPress header.php titledesc Parameter Cross Site Scripting Attempt (web_specific_apps.rules)
 2012476 - ET WEB_SPECIFIC_APPS Flash Gallery wordpress plugin folder.php type Parameter Cross Site Scripting Attempt (web_specific_apps.rules)
 2012477 - ET WEB_SPECIFIC_APPS Flash Gallery wordpress plugin SQL Injection Attempt -- massedit_album.php gall_id SELECT (web_specific_apps.rules)
 2012478 - ET WEB_SPECIFIC_APPS Flash Gallery wordpress plugin SQL Injection Attempt -- massedit_album.php gall_id UNION SELECT (web_specific_apps.rules)
 2012479 - ET WEB_SPECIFIC_APPS Flash Gallery wordpress plugin SQL Injection Attempt -- massedit_album.php gall_id INSERT (web_specific_apps.rules)
 2012480 - ET WEB_SPECIFIC_APPS Flash Gallery wordpress plugin SQL Injection Attempt -- massedit_album.php gall_id DELETE (web_specific_apps.rules)
 2012481 - ET WEB_SPECIFIC_APPS Flash Gallery wordpress plugin SQL Injection Attempt -- massedit_album.php gall_id ASCII (web_specific_apps.rules)
 2012482 - ET WEB_SPECIFIC_APPS Flash Gallery wordpress plugin SQL Injection Attempt -- massedit_album.php gall_id UPDATE (web_specific_apps.rules)
 2012483 - ET WEB_SPECIFIC_APPS Wikiwig spell-check-savedicts.php to_p_dict Parameter Cross Site Scripting Attempt (web_specific_apps.rules)
 2012484 - ET WEB_SPECIFIC_APPS Wikiwig spell-check-savedicts.php to_r_list Parameter Cross Site Scripting Attempt (web_specific_apps.rules)
 2012485 - ET WEB_SPECIFIC_APPS Keynect Ecommerce SQL Injection Attempt -- products.php ctf SELECT (web_specific_apps.rules)
 2012486 - ET WEB_SPECIFIC_APPS Keynect Ecommerce SQL Injection Attempt -- products.php ctf UNION SELECT (web_specific_apps.rules)
 2012487 - ET WEB_SPECIFIC_APPS Keynect Ecommerce SQL Injection Attempt -- products.php ctf INSERT (web_specific_apps.rules)
 2012488 - ET WEB_SPECIFIC_APPS Keynect Ecommerce SQL Injection Attempt -- products.php ctf DELETE (web_specific_apps.rules)
 2012489 - ET WEB_SPECIFIC_APPS Keynect Ecommerce SQL Injection Attempt -- products.php ctf ASCII (web_specific_apps.rules)
 2012490 - ET WEB_SPECIFIC_APPS Keynect Ecommerce SQL Injection Attempt -- products.php ctf UPDATE (web_specific_apps.rules)

 2012491 - ET TROJAN Spyeye Presto UA Download Request (trojan.rules)


Simplified versions fo these, thanks Jason. 
 2012492 - ET CURRENT_EVENTS DHL Spam Inbound (current_events.rules)
 2012493 - ET CURRENT_EVENTS DHL Spam Inbound (current_events.rules)



And the ET Pro Subscriber rules:

 2801448 - ETPRO NETBIOS Microsoft Internet Explorer 8 IESHIMS.DLL Insecure Library Loading SMB ASCII (netbios.rules)
 2801449 - ETPRO NETBIOS Microsoft Internet Explorer 8 IESHIMS.DLL Insecure Library Loading SMB Unicode (netbios.rules)
 2801450 - ETPRO NETBIOS Microsoft Internet Explorer 8 IESHIMS.DLL Insecure Library Loading SMB-DS ASCII (netbios.rules)
 2801451 - ETPRO NETBIOS Microsoft Internet Explorer 8 IESHIMS.DLL Insecure Library Loading SMB-DS Unicode (netbios.rules)
 2801456 - ETPRO NETBIOS Windows Media Player ehtrace.dll Insecure Library Loading Code Execution SMB ASCII (netbios.rules)
 2801457 - ETPRO NETBIOS Windows Media Player ehtrace.dll Insecure Library Loading Code Execution SMB Unicode (netbios.rules)
 2801458 - ETPRO NETBIOS Windows Media Player ehtrace.dll Insecure Library Loading Code Execution SMB-DS ASCII (netbios.rules)
 2801459 - ETPRO NETBIOS Windows Media Player ehtrace.dll Insecure Library Loading Code Execution SMB-DS Unicode (netbios.rules)
 2801462 - ETPRO NETBIOS Microsoft Office Groove 2007 Insecure Library Loading Code Execution SMB ASCII (netbios.rules)
 2801463 - ETPRO NETBIOS Microsoft Office Groove 2007 Insecure Library Loading Code Execution SMB Unicode (netbios.rules)
 2801464 - ETPRO NETBIOS Microsoft Office Groove 2007 Insecure Library Loading Code Execution SMB-DS ASCII (netbios.rules)
 2801465 - ETPRO NETBIOS Microsoft Office Groove 2007 Insecure Library Loading Code Execution SMB-DS Unicode (netbios.rules)
 2801470 - ETPRO NETBIOS Microsoft Remote Desktop Connection Insecure Library Loading  - SMB-DS ASCII (netbios.rules)
 2801471 - ETPRO NETBIOS Microsoft Remote Desktop Connection Insecure Library Loading - SMB-DS Unicode (netbios.rules)
 2801472 - ETPRO NETBIOS Microsoft Remote Desktop Connection Insecure Library Loading - SMB ASCII (netbios.rules)
 2801473 - ETPRO NETBIOS Microsoft Remote Desktop Connection Insecure Library Loading - SMB Unicode (netbios.rules)


[///]     Modified active rules:     [///]

 2004011 - ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-ajax.php cookie SELECT (web_specific_apps.rules)
 2004012 - ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-ajax.php cookie UNION SELECT (web_specific_apps.rules)
 2004013 - ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-ajax.php cookie INSERT (web_specific_apps.rules)
 2004014 - ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-ajax.php cookie DELETE (web_specific_apps.rules)
 2004015 - ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-ajax.php cookie ASCII (web_specific_apps.rules)
 2004016 - ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-ajax.php cookie UPDATE (web_specific_apps.rules)
 2009173 - ET TROJAN Possible Vundo Trojan Variant reporting to Controller (trojan.rules)
 2010148 - ET CURRENT_EVENTS DHL Spam Inbound (current_events.rules)
 2012445 - ET CURRENT_EVENTS Post Express Inbound bad attachment (current_events.rules)





----------------------------------------------------
Matthew Jonkman
Emergingthreats.net
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630 x110
Fax 312-264-0205
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc





More information about the Emerging-updates mailing list