[Emerging-updates] Daily Ruleset Update Summary 3/16/2011

Matthew Jonkman jonkman at emergingthreatspro.com
Wed Mar 16 17:17:38 EST 2011


We have a number of good trojan sigs today from the community, and a new set of insecure dll load sigs and a few more trojan sigs in the ET Pro ruleset. 

Enjoy!

[+++]          Added rules:          [+++]

 2011677 - ET MALWARE MSIL.Amiricil.gen HTTP Checkin (malware.rules)
 2012508 - ET POLICY Akamai NetSession Interface PUTing data (policy.rules)
 2012509 - ET WEB_CLIENT Android Webkit removeChild Use-After-Free Remote Code Execution Attempt (web_client.rules)
 2012510 - ET SHELLCODE UTF-8/16 Encoded Shellcode (shellcode.rules)
 2012511 - ET WEB_CLIENT Opera Window.Open document.cloneNode Null Pointer Deference Attempt (web_client.rules)
 2012512 - ET TROJAN Hiloti loader installed successfully response (trojan.rules)
 2012513 - ET CURRENT_EVENTS Hiloti loader installed successfully request (current_events.rules)
 2012514 - ET CURRENT_EVENTS Hiloti loader requesting payload URL (current_events.rules)
 2012515 - ET TROJAN Hiloti loader receiving payload URL (trojan.rules)
 2012516 - ET USER_AGENTS Fake Google Toolbar User-Agent (user_agents.rules)


And the Pro sigs:

 2801522 - ETPRO NETBIOS Microsoft Powerpoint pp7x32.dll Insecure Library Loading - SMB-DS ASCII (netbios.rules)
 2801523 - ETPRO NETBIOS Microsoft Powerpoint pp7x32.dll Insecure Library Loading - SMB-DS Unicode  (netbios.rules)
 2801524 - ETPRO NETBIOS Microsoft Powerpoint pp7x32.dll Insecure Library Loading - SMB ASCII (netbios.rules)
 2801525 - ETPRO WEB_CLIENT Microsoft Powerpoint pp7x32.dll Insecure Library Loading - SMB Unicode (web_client.rules)
 2801526 - ETPRO WEB_CLIENT Microsoft Powerpoint pp7x32.dll Insecure Library Loading - Set (web_client.rules)
 2801527 - ETPRO WEB_CLIENT Microsoft Powerpoint pp7x32.dll Insecure Library Loading (web_client.rules)
 2801528 - ETPRO NETBIOS Microsoft Powerpoint pp4x322.dll Insecure Library Loading - SMB-DS ASCII (netbios.rules)
 2801529 - ETPRO NETBIOS Microsoft Powerpoint pp4x322.dll Insecure Library Loading - SMB-DS Unicode  (netbios.rules)
 2801530 - ETPRO NETBIOS Microsoft Powerpoint pp4x322.dll Insecure Library Loading - SMB ASCII (netbios.rules)
 2801531 - ETPRO NETBIOS Microsoft Powerpoint pp4x322.dll Insecure Library Loading - SMB Unicode (netbios.rules)
 2801532 - ETPRO WEB_CLIENT Microsoft Powerpoint pp4x322.dll Insecure Library Loading - Set (web_client.rules)
 2801533 - ETPRO WEB_CLIENT Microsoft Powerpoint pp4x322.dll Insecure Library Loading (web_client.rules)
 2801534 - ETPRO NETBIOS Microsoft Powerpoint msapsspc.dll Insecure Library Loading - SMB-DS ASCII (netbios.rules)
 2801535 - ETPRO NETBIOS Microsoft Powerpoint msapsspc.dll Insecure Library Loading - SMB-DS Unicode  (netbios.rules)
 2801536 - ETPRO NETBIOS Microsoft Powerpoint msapsspc.dll Insecure Library Loading - SMB ASCII (netbios.rules)
 2801537 - ETPRO NETBIOS Microsoft Powerpoint msapsspc.dll Insecure Library Loading - SMB Unicode (netbios.rules)
 2801538 - ETPRO WEB_CLIENT Microsoft Powerpoint msapsspc.dll Insecure Library Loading - Set (web_client.rules)
 2801539 - ETPRO WEB_CLIENT Microsoft Powerpoint msapsspc.dll Insecure Library Loading (web_client.rules)
 2801540 - ETPRO NETBIOS Microsoft Powerpoint schannel.dll Insecure Library Loading - SMB-DS ASCII (netbios.rules)
 2801541 - ETPRO NETBIOS Microsoft Powerpoint schannel.dll Insecure Library Loading - SMB-DS Unicode  (netbios.rules)
 2801542 - ETPRO NETBIOS Microsoft Powerpoint schannel.dll Insecure Library Loading - SMB ASCII (netbios.rules)
 2801543 - ETPRO NETBIOS Microsoft Powerpoint schannel.dll Insecure Library Loading - SMB Unicode (netbios.rules)
 2801544 - ETPRO WEB_CLIENT Microsoft Powerpoint schannel.dll Insecure Library Loading - Set (web_client.rules)
 2801545 - ETPRO WEB_CLIENT Microsoft Powerpoint schannel.dll Insecure Library Loading (web_client.rules)
 2801632 - ETPRO SMTP Multiple Products STARTTLS Plaintext Command Injection (smtp.rules)
 2801633 - ETPRO TROJAN Backdoor.Win32.Torr.gau Activity (trojan.rules)


----------------------------------------------------
Matthew Jonkman
Emergingthreats.net
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630 x110
Fax 312-264-0205
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc





More information about the Emerging-updates mailing list