[Emerging-updates] Daily Ruleset Update Summary 5/5/2011

Matthew Jonkman jonkman at emergingthreatspro.com
Thu May 5 14:47:21 EDT 2011


Happy Cinco de Mayo! We're cutting out early to celebrate, hope you all are as well!

No new open rules today unfortunately, but some great Pro sigs. 

[+++]          Added rules:          [+++]

 2802147 - ETPRO WEB_CLIENT Oracle Java Applet2ClassLoader Remote Code Execution 3 (web_client.rules)
 2802148 - ETPRO WEB_CLIENT Oracle Java Applet2ClassLoader Remote Code Execution 4 (web_client.rules)
 2802149 - ETPRO WEB_CLIENT Oracle Java Applet2ClassLoader Remote Code Execution 5 (web_client.rules)
 2802150 - ETPRO EXPLOIT HP Data Protector Backup Client Service GET_FILE Buffer Overflow (UTF-16 Little-Endian ) (exploit.rules)
 2802151 - ETPRO EXPLOIT HP Data Protector Backup Client Service GET_FILE Buffer Overflow (UTF-16 Big-Endian) (exploit.rules)
 2802152 - ETPRO TROJAN Backdoor.Win32.Kolbot.A Checkin 1 (trojan.rules)
 2802153 - ETPRO TROJAN Backdoor.Win32.Kolbot.A Checkin 2 (trojan.rules)
 2802154 - ETPRO USER_AGENTS Adware.addare User-Agent (user_agents.rules)


[///]     Modified active rules:     [///]

All three of these are modified to adjust to a change in the cnc protocols.

 2802015 - ETPRO TROJAN Cybergate/Rebhip/Spyrat Backdoor Keepalive (trojan.rules)
 2802016 - ETPRO TROJAN Cybergate/Rebhip/Spyrat Backdoor Keepalive Response (trojan.rules)
 2802017 - ETPRO TROJAN Fiskos/Fynloski/Gpigeon Backdoor Keepalive (trojan.rules)

----------------------------------------------------
Matthew Jonkman
Emergingthreats.net
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630 x110
Fax 312-264-0205
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc





More information about the Emerging-updates mailing list