[Emerging-updates] Daily Ruleset Update Summary 3/30/2011

Matthew Jonkman jonkman at emergingthreatspro.com
Wed Mar 30 21:33:35 EST 2011


[+++]          Added rules:          [+++]

 2012606 - ET SCAN Havij SQL Injection Tool User-Agent Inbound (scan.rules)
 2012607 - ET USER_AGENTS Lowercase User-Agent header purporting to be MSIE (user_agents.rules)
 2012608 - ET CURRENT_EVENTS Java Exploit Attempt applet via file URI (current_events.rules)
 2012609 - ET CURRENT_EVENTS Java Exploit Attempt Request for .class from octal host (current_events.rules)
 2012610 - ET CURRENT_EVENTS Java Exploit io.exe download served (current_events.rules)

And your Pro rules:

 2801914 - ETPRO TROJAN NCom Linux Rootkit Checkin (trojan.rules)
 2801915 - ETPRO TROJAN Ncom Rootkit Failed Login (trojan.rules)
 2801916 - ETPRO TROJAN NCom Rootkit Login (Default PW) (trojan.rules)
 2801917 - ETPRO ACTIVEX Cisco Secure Desktop CSDWebInstaller Code Execution 2 (activex.rules)
 2801918 - ETPRO ACTIVEX Cisco Secure Desktop CSDWebInstaller Code Execution (activex.rules)
 2801919 - ETPRO TROJAN Backdoor.Win32.Sagnu.A cmd command (trojan.rules)
 2801920 - ETPRO TROJAN Backdoor.Win32.Sagnu.A getinfo command (trojan.rules)
 2801922 - ETPRO TROJAN Backdoor.Win32.Sagnu.A Checkin (trojan.rules)
 2801923 - ETPRO TROJAN Trojan-Downloader.Win32.Pingbed.B Checkin (trojan.rules)
 2801924 - ETPRO TROJAN Trojan.Win32.Alipime.DUK Checkin 1 (trojan.rules)
 2801925 - ETPRO TROJAN Trojan.Win32.Alipime.DUK Checkin 2 (trojan.rules)
 2801926 - ETPRO TROJAN Trojan.Win32.Bancos.OBQ Checkin 2 (trojan.rules)
 2801927 - ETPRO USER_AGENTS Backdoor.Win32.Vertexbot.A Checkin UA (user_agents.rules)


[///]     Modified active rules:     [///]

 2009090 - ET TROJAN Generic Banker Trojan Downloader Config to client (trojan.rules)
 2010644 - ET CURRENT_EVENTS UPS Spam Inbound (current_events.rules)
 2801906 - ETPRO WEB_CLIENT Microsoft Office Excel ADO Object Parsing Code Execution - SET (web_client.rules)
 2801913 - ETPRO WEB_CLIENT Microsoft Office Excel ADO Object Parsing Code Execution (web_client.rules)


----------------------------------------------------
Matthew Jonkman
Emergingthreats.net
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630 x110
Fax 312-264-0205
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc





More information about the Emerging-updates mailing list