[Emerging-updates] Daily Ruleset Update Summary 3/17/2011

Matthew Jonkman jonkman at emergingthreatspro.com
Thu Mar 17 20:40:32 EST 2011


Loads of good stuff today, and another set of the insecure DLL loading signatures. 

[+++]          Added rules:          [+++]

2012517 - ET TROJAN Win32/Rimecud.B Activity (trojan.rules)
2012518 - ET CURRENT_EVENTS RetroGuard Obfuscated JAR likely part of hostile exploit kit (current_events.rules)

The following two were moved from the Pro rules to Open to support the Adobe vulnerability. Just setting a flowbit for compound ole files.

2012519 - ET WEB_CLIENT Microsoft Publisher Array Indexing Memory Corruption SET (web_client.rules)
2012520 - ET WEB_CLIENT Microsoft OLE Compound File Magic Code (web_client.rules)


And the ET Pro rules:

2801546 - ETPRO NETBIOS Microsoft Powerpoint digest.dll Insecure Library Loading - SMB-DS ASCII (netbios.rules)
2801547 - ETPRO NETBIOS Microsoft Powerpoint digest.dll Insecure Library Loading - SMB-DS Unicode  (netbios.rules)
2801548 - ETPRO NETBIOS Microsoft Powerpoint digest.dll Insecure Library Loading - SMB ASCII (netbios.rules)
2801549 - ETPRO NETBIOS Microsoft Powerpoint digest.dll Insecure Library Loading - SMB Unicode (netbios.rules)
2801550 - ETPRO WEB_CLIENT Microsoft Powerpoint digest.dll Insecure Library Loading - Set (web_client.rules)
2801551 - ETPRO WEB_CLIENT Microsoft Powerpoint digest.dll Insecure Library Loading (web_client.rules)
2801552 - ETPRO NETBIOS Microsoft Powerpoint msnsspc.dll Insecure Library - SMB-DS ASCII (netbios.rules)
2801553 - ETPRO NETBIOS Microsoft Powerpoint msnsspc.dll Insecure Library - SMB-DS Unicode  (netbios.rules)
2801554 - ETPRO NETBIOS Microsoft Powerpoint msnsspc.dll Insecure Library - SMB ASCII (netbios.rules)
2801555 - ETPRO NETBIOS Microsoft Powerpoint msnsspc.dll Insecure Library - SMB Unicode (netbios.rules)
2801556 - ETPRO WEB_CLIENT Microsoft Powerpoint msnsspc.dll Insecure Library - Set (web_client.rules)
2801557 - ETPRO WEB_CLIENT Microsoft Powerpoint msnsspc.dll Insecure Library (web_client.rules)
2801558 - ETPRO NETBIOS Qualcomm eXtensible Diagnostic Monitor mfc71enu.dll Insecure Library Loading - SMB-DS ASCII (netbios.rules)
2801559 - ETPRO NETBIOS Qualcomm eXtensible Diagnostic Monitor mfc71enu.dll Insecure Library Loading - SMB-DS Unicode  (netbios.rules)
2801560 - ETPRO NETBIOS Qualcomm eXtensible Diagnostic Monitor mfc71enu.dll Insecure Library Loading - SMB ASCII (netbios.rules)
2801561 - ETPRO NETBIOS Qualcomm eXtensible Diagnostic Monitor mfc71enu.dll Insecure Library Loading - SMB Unicode (netbios.rules)
2801562 - ETPRO WEB_CLIENT Qualcomm eXtensible Diagnostic Monitor mfc71enu.dll Insecure Library Loading - Set (web_client.rules)
2801563 - ETPRO WEB_CLIENT Qualcomm eXtensible Diagnostic Monitor mfc71enu.dll Insecure Library Loading (web_client.rules)
2801564 - ETPRO NETBIOS Microsoft Windows SDK for Windows 7 and NET Framework 4 GraphEdit measure.dll Insecure Library Loading - SMB-DS ASCII (netbios.rules)
2801565 - ETPRO NETBIOS Microsoft Windows SDK for Windows 7 and NET Framework 4 GraphEdit measure.dll Insecure Library Loading - SMB-DS Unicode (netbios.rules)
2801566 - ETPRO NETBIOS Microsoft Windows SDK for Windows 7 and NET Framework 4 GraphEdit measure.dll Insecure Library Loading - SMB ASCII (netbios.rules)
2801567 - ETPRO NETBIOS Microsoft Windows SDK for Windows 7 and NET Framework 4 GraphEdit measure.dll Insecure Library Loading - SMB Unicode (netbios.rules)
2801568 - ETPRO WEB_CLIENT Microsoft Windows SDK for Windows 7 and NET Framework 4 GraphEdit measure.dll Insecure Library Loading - Set (web_client.rules)
2801569 - ETPRO WEB_CLIENT Microsoft Windows SDK for Windows 7 and NET Framework 4 GraphEdit measure.dll Insecure Library Loading (web_client.rules)
2801634 - ETPRO TROJAN Trojan.Win32.PassStealer.wx Checkin (trojan.rules)
2801635 - ET TROJAN Win32/Rimecud.B Checkin (trojan.rules)
2801636 - ETPRO TROJAN Backdoor.Win32.TKcik.A Flowbit SET (trojan.rules)
2801637 - ETPRO TROJAN Backdoor.Win32.TKcik.A KCICK Flowbit SET 2 (trojan.rules)
2801638 - ETPRO TROJAN Backdoor.Win32.TKcik.A Checkin (trojan.rules)
2801639 - ETPRO TROJAN Trojan-Downloader.Win32.Vmara.A SQL Checkin (trojan.rules)
2801670 - ETPRO TROJAN Backdoor.Win32.Dtd.A Checkin (trojan.rules)
2801671 - ETPRO TROJAN BestAntivirus Fake AV Download (trojan.rules)

----------------------------------------------------
Matthew Jonkman
Emergingthreats.net
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630 x110
Fax 312-264-0205
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc





More information about the Emerging-updates mailing list