[Emerging-updates] Daily Ruleset Update Summary 3/28/2011

Matthew Jonkman jonkman at emergingthreatspro.com
Mon Mar 28 16:32:06 EST 2011


Some good malware and trojan signatures added today, both to the open and pro rulesets. Enjoy!


[+++]          Added rules:          [+++]

 2012445 - ET CURRENT_EVENTS Post Express Inbound bad attachment (current_events.rules)
 2012586 - ET TROJAN Suspicious User-Agent I mLuo (trojan.rules)
 2012587 - ET TROJAN VirTool-Win32-VBInject.gen-FA Reporting (trojan.rules)
 2012588 - ET TROJAN RiskTool.Win32.WFPDisabler Reporting (trojan.rules)
 2012589 - ET TROJAN Trojan-Dropper.Win32.Mudrop.asj Reporting (trojan.rules)
 2012590 - ET TROJAN Best Spyware Scanner FaveAV Download (trojan.rules)
 2012591 - ET CURRENT_EVENTS EICAR test file with MZ header double-stacking AV evasion technique (current_events.rules)
 2012592 - ET TROJAN PWS-Banker.gen.b Reporting (trojan.rules)

And the Pro sigs:

 2801876 - ETPRO USER_AGENTS Suspicious User Agent SAMPLE (user_agents.rules)
 2801877 - ETPRO EXPLOIT Oracle Secure Backup Admin Server index.php preauth Parameter Arbitrary Code Execution (exploit.rules)
 2801878 - ETPRO EXPLOIT Oracle Secure Backup Admin Server property_box.php other Parameter Arbitrary Code Execution (exploit.rules)
 2801879 - ETPRO EXPLOIT Oracle Secure Backup Admin Server property_box.php objectname Parameter Arbitrary Command Execution (exploit.rules)
 2801880 - ETPRO NETBIOS Microsoft Windows SMB-DS Client Transaction Buffer Overflow (Published Exploit) (netbios.rules)
 2801881 - ETPRO NETBIOS Microsoft Windows SMB Client Transaction Buffer Overflow (Published Exploit) (netbios.rules)
 2801882 - ETPRO TROJAN Win32.AutoRun.cedq Checkin (trojan.rules)
 2801883 - ETPRO WEB_CLIENT RealNetworks RealPlayer IVR RealPlayer video file MAGIC BYTES 1 Flowbit set (web_client.rules)
 2801884 - ETPRO WEB_CLIENT RealNetworks RealPlayer IVR RealPlayer video file MAGIC BYTES 2 Flowbit set (web_client.rules)
 2801885 - ETPRO WEB_CLIENT RealNetworks RealPlayer IVR Handling Heap Buffer Overflow (Published Exploit) (web_client.rules)


[///]     Modified active rules:     [///]

 2010007 - ET TROJAN Potential Gemini Malware Download (trojan.rules)
 2010644 - ET CURRENT_EVENTS UPS Spam Inbound (current_events.rules)
 2010645 - ET USER_AGENTS Suspicious User Agent (Launcher) (user_agents.rules)



----------------------------------------------------
Matthew Jonkman
Emergingthreats.net
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630 x110
Fax 312-264-0205
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc





More information about the Emerging-updates mailing list