[Emerging-updates] Daily Ruleset Update Summary 5/17/2011

Matthew Jonkman jonkman at emergingthreatspro.com
Tue May 17 17:31:23 EDT 2011

RBN update today, some moved GPL sigs, and a nice load of malware!

[***] Results from Oinkmaster started Tue May 17 15:39:43 2011 [***]

[+++]          Added rules:          [+++]

Moved from the GPL range:

 2101780 - GPL IMAP EXPLOIT partial body overflow attempt (imap.rules)
 2101790 - GPL CHAT IRC dns response (chat.rules)
 2101792 - GPL MISC return code buffer overflow attempt (misc.rules)
 2101808 - GPL EXPLOIT apache chunked encoding memory corruption exploit attempt (exploit.rules)
 2101809 - GPL WEB_SERVER Apache Chunked-Encoding worm attempt (web_server.rules)
 2101817 - GPL WEB_SERVER MS Site Server default login attempt (web_server.rules)
 2101818 - GPL WEB_SERVER MS Site Server admin attempt (web_server.rules)
 2101821 - GPL EXPLOIT LPD dvips remote command execution attempt (exploit.rules)
 2101833 - GPL INAPPROPRIATE naked lesbians (inappropriate.rules)
 2101838 - GPL EXPLOIT SSH server banner overflow (exploit.rules)
 2101840 - GPL WEB_CLIENT Javascript document.domain attempt (web_client.rules)
 2101842 - GPL IMAP login buffer overflow attempt (imap.rules)
 2101844 - GPL IMAP authenticate overflow attempt (imap.rules)
 2101845 - GPL IMAP list literal overflow attempt (imap.rules)
 2101846 - GPL POLICY vncviewer Java applet download attempt (policy.rules)
 2101847 - GPL WEB_SERVER webalizer access (web_server.rules)

And a couple ET Pro sigs:

 2802209 - ETPRO TROJAN Carberp Checkin first.php related (trojan.rules)
 2802210 - ETPRO EXPLOIT Sybase M-Business Anywhere agSoap.exe Closing Tag Buffer Overflow (exploit.rules)

[///]     Modified active rules:     [///]

Modified to avoid an evasion discovered in recent versions in the sandnet.

 2801635 - ET TROJAN Win32/Rimecud.B Checkin (trojan.rules)

Matthew Jonkman
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630 x110
Fax 312-264-0205

PGP: http://www.jonkmans.com/mattjonkman.asc

More information about the Emerging-updates mailing list