[Emerging-updates] Daily Ruleset Update Summary 3/15/2011

Matthew Jonkman jonkman at emergingthreatspro.com
Tue Mar 15 13:22:28 EST 2011


The CI Army rules have updated today, and we've got a few new adobe sigs as well as a new group of insecure dll loading sigs. 

Enjoy!

[+++]          Added rules:          [+++]

 2012503 - ET CURRENT_EVENTS Compressed Adobe Flash File Embedded in XLS FILE Caution - Could be Exploit (current_events.rules)
 2012504 - ET CURRENT_EVENTS Excel with Embedded .emf object downloaded (current_events.rules)
 2012505 - ET TROJAN Monkif Checkin (trojan.rules)
 2012506 - ET TROJAN Monkif Initial Checkin (trojan.rules)
 2012507 - ET TROJAN Monkif CnC response in fake JPEG (trojan.rules)


And the new Pro rules:

 2801498 - ETPRO NETBIOS Microsoft Windows Media Encoder PRX File msxml.dll Insecure Library Loading  - SMB-DS ASCII (netbios.rules)
 2801499 - ETPRO NETBIOS Microsoft Windows Media Encoder PRX File msxml.dll Insecure Library Loading - SMB-DS Unicode (netbios.rules)
 2801500 - ETPRO NETBIOS Microsoft Windows Media Encoder PRX File msxml.dll Insecure Library Loading - SMB ASCII (netbios.rules)
 2801501 - ETPRO NETBIOS Microsoft Windows Media Encoder PRX File msxml.dll Insecure Library Loading - SMB Unicode (netbios.rules)
 2801502 - ETPRO WEB_CLIENT Microsoft Windows Media Encoder PRX File msxml.dll Insecure Library Loading - Set (web_client.rules)
 2801503 - ETPRO WEB_CLIENT Microsoft Windows Media Encoder PRX File msxml.dll Insecure Library Loading (web_client.rules)
 2801504 - ETPRO NETBIOS Multiple Load Library Vulns wintab32.dll  - SMB-DS ASCII (netbios.rules)
 2801505 - ETPRO NETBIOS Multiple Load Library Vulns wintab32.dll - SMB-DS Unicode (netbios.rules)
 2801506 - ETPRO NETBIOS Multiple Load Library Vulns wintab32.dll - SMB ASCII (netbios.rules)
 2801507 - ETPRO NETBIOS Multiple Load Library Vulns wintab32.dll - SMB Unicode (netbios.rules)
 2801508 - ETPRO WEB_CLIENT Multiple Load Library Vulns wintab32.dll Insecure Library Loading - Set (web_client.rules)
 2801509 - ETPRO WEB_CLIENT Multiple Load Library Vulns wintab32.dll Insecure Library Loading (web_client.rules)
 2801510 - ETPRO NETBIOS Multiple Load Library Vulns dwmapi.dll - SMB-DS ASCII (netbios.rules)
 2801511 - ETPRO NETBIOS Multiple Load Library Vulns dwmapi.dll - SMB-DS Unicode (netbios.rules)
 2801512 - ETPRO NETBIOS Multiple Load Library Vulns dwmapi.dll - SMB ASCII (netbios.rules)
 2801513 - ETPRO NETBIOS Multiple Load Library Vulns dwmapi.dll - SMB Unicode (netbios.rules)
 2801514 - ETPRO WEB_CLIENT Multiple Load Library Vulns dwmapi.dll Insecure Library Loading - Set (web_client.rules)
 2801515 - ETPRO WEB_CLIENT Multiple Load Library Vulns dwmapi.dll Insecure Library Loading (web_client.rules)
 2801516 - ETPRO NETBIOS Adobe Illustrator Insecure Library Loading aires.dll  - SMB-DS ASCII (netbios.rules)
 2801517 - ETPRO NETBIOS Adobe Illustrator Insecure Library Loading aires.dll - SMB-DS Unicode (netbios.rules)
 2801518 - ETPRO NETBIOS Adobe Illustrator Insecure Library Loading aires.dll - SMB ASCII (netbios.rules)
 2801519 - ETPRO NETBIOS Adobe Illustrator Insecure Library Loading aires.dll - SMB Unicode (netbios.rules)
 2801520 - ETPRO WEB_CLIENT Adobe Illustrator aires.dll Insecure Library Loading - Set (web_client.rules)
 2801521 - ETPRO WEB_CLIENT Adobe Illustrator aires.dll Insecure Library Loading (web_client.rules)

Home subscriptions are now $35 per year! http://www.emergingthreatspro.com

Matt


----------------------------------------------------
Matthew Jonkman
Emergingthreats.net
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630 x110
Fax 312-264-0205
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc





More information about the Emerging-updates mailing list