[Emerging-updates] Daily Ruleset Update Summary 5/2/2011

Matthew Jonkman jonkman at emergingthreatspro.com
Mon May 2 21:00:44 EDT 2011


RBN Ruleset updated, as well as another batch moved from gpl tot he new sid range. 

[+++]          Added rules:          [+++]


These three will in the next update have DYNDNS in the title to better categorize.

 2012171 - ET POLICY Lookup of Chinese Dynamic DNS Provider 3322.org Likely Malware Related (policy.rules)
 2012738 - ET POLICY Lookup of Chinese Dynamic DNS Provider 8866.org Likely Malware Related (policy.rules)
 2012758 - ET POLICY .dyndns.org DNS Lookup - Possible Malware (policy.rules)


 2012760 - ET WEB_SPECIFIC_APPS Cisco Unified Communications Manager xmldirectorylist.jsp SQL Injection Attempt (web_specific_apps.rules)
 2012761 - ET USER_AGENTS Suspicious user agent (mdms) (user_agents.rules)


And just moved to the new sid range:

 2101852 - GPL WEB_SERVER robots.txt access (web_server.rules)
 2101857 - GPL WEB_SERVER robot.txt access (web_server.rules)
 2101859 - GPL POLICY Sun JavaServer default password login attempt (policy.rules)
 2101860 - GPL POLICY Linksys router default password login attempt (policy.rules)
 2101861 - GPL POLICY Linksys router default username and password login attempt (policy.rules)
 2101864 - GPL FTP SITE NEWER attempt (ftp.rules)
 2101866 - GPL POP3 USER overflow attempt (pop3.rules)
 2101867 - GPL RPC xdmcp info query (rpc.rules)
 2101874 - GPL SQL Oracle Java Process Manager access (sql.rules)


And some new pro rules, our favorite - Zango!

 2802100 - ETPRO USER_AGENTS Zango Toolbar User-Agent (BAR) (user_agents.rules)
 2802101 - ETPRO TROJAN Backdoor.Win32.Bewymbot.A Checkin (trojan.rules)


[///]     Modified active rules:     [///]

All performance tweaks.

    1877 - GPL WEB_SERVER printenv access (web_server.rules)
 2010882 - ET POLICY .pdf File Containing Javascript (policy.rules)
 2012753 - ET MALWARE Possible FakeAV Binary Download (malware.rules)

 2802083 - ETPRO ATTACK_RESPONSE MediaCast Password Dump Attack Response (attack_response.rules)
 2802085 - ETPRO TROJAN Win32.VBKrypt.xiz Checkin (trojan.rules)


[---]         Disabled rules:        [---]

DIsabled for some FP issues, but tweaks should make it more reliable.

 2012736 - ET CURRENT_EVENTS Trojan-GameThief.Win32.OnLineGames.bnye Checkin (current_events.rules)

----------------------------------------------------
Matthew Jonkman
Emergingthreats.net
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630 x110
Fax 312-264-0205
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc





More information about the Emerging-updates mailing list