[Emerging-updates] Daily Ruleset Update Summary 5/26/2011

Matthew Jonkman jonkman at emergingthreatspro.com
Thu May 26 22:20:26 EDT 2011

A light update today. Thresholding and some accuracy tweaks, as well as a few new rules.

[+++]          Added rules:          [+++]

Moved to open from the Pro ruleset:

 2012865 - ET TROJAN Vinself Backdoor Checkin (trojan.rules)

 2012866 - ET EXPLOIT RXS-3211 IP Camera Password Information Disclosure Attempt (exploit.rules)
 2012867 - ET TROJAN Clicker.Win32.AutoIt.ai Checkin (trojan.rules)
 2012868 - ET POLICY HTTP Outbound Request containing a password (policy.rules)
 2012869 - ET POLICY HTTP Outbound Request containing a pass field (policy.rules)
 2012870 - ET POLICY HTTP Outbound Request contains pw (policy.rules)
 2012871 - ET TROJAN Gozi posting form data (trojan.rules)
 2802872 - ETPRO TROJAN Backdoor.Win32.XYTvn.A Checkin (trojan.rules)

[///]     Modified active rules:     [///]

 2011581 - ET POLICY Vulnerable Java Version 1.5.x Detected (policy.rules)
 2011582 - ET POLICY Vulnerable Java Version 1.6.x Detected (policy.rules)
 2011584 - ET POLICY Vulnerable Java Version 1.4.x Detected (policy.rules)
 2011919 - ET CURRENT_EVENTS FAKEAV Gemini - packupdate*.exe download (current_events.rules)
 2012227 - ET CURRENT_EVENTS FAKEAV Gemini softupdate*.exe download (current_events.rules)
 2012318 - ET CURRENT_EVENTS FAKEAV download (AntiSpyWareSetup.exe) (current_events.rules)

[---]         Removed rules:         [---]

Moved to the Open ruleset

 2801175 - ETPRO TROJAN Vinself Backdoor Checkin (trojan.rules)

Matthew Jonkman
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630 x110
Fax 312-264-0205

PGP: http://www.jonkmans.com/mattjonkman.asc

More information about the Emerging-updates mailing list