[Emerging-updates] Daily Ruleset Update Summary 10/5/2011

Matthew Jonkman jonkman at emergingthreatspro.com
Wed Oct 5 23:27:22 EDT 2011

A light update today, but a couple very important malware signatures. 20 new sigs total, one open and 10 pro. 

[+++]          Added rules:          [+++]

New functionality from Zeus, we're seeing widespread infection as well. Highly recommend running this rule!
 2013739 - ET TROJAN ZeuS P2P Communication 1 (trojan.rules)

And the pro rules. 
 2803811 - ETPRO TROJAN TrojanDownloader.Win32/Gabeerf.A Checkin (trojan.rules)
 2803812 - ETPRO TROJAN Win32/Sefnit.K Checkin (trojan.rules)
 2803813 - ETPRO TROJAN Win32/Rimod Checkin (trojan.rules)
 2803814 - ETPRO TROJAN ZEUS Retrieving configuration file (trojan.rules)
 2803815 - ETPRO TROJAN Aldi Bot command StartHTTP from CnC server INBOUND (trojan.rules)
 2803816 - ETPRO TROJAN Aldi Bot command StartTCP from CnC server INBOUND (trojan.rules)
 2803817 - ETPRO TROJAN Aldi Bot command StopHTTPDDoS from CnC server INBOUND (trojan.rules)
 2803818 - ETPRO TROJAN Aldi Bot command StopTCPDDoS from CnC server INBOUND (trojan.rules)
 2803819 - ETPRO TROJAN Aldi Bot command StopDDoS from CnC server INBOUND (trojan.rules)
 2803820 - ETPRO TROJAN Aldi Bot command DownloadEx from CnC server INBOUND (trojan.rules)
 2803821 - ETPRO TROJAN Aldi Bot command CreateSocks from CnC server INBOUND (trojan.rules)
 2803822 - ETPRO TROJAN Aldi Bot command StealData from CnC server INBOUND (trojan.rules)
 2803823 - ETPRO TROJAN Aldi Bot command Update from CnC server INBOUND (trojan.rules)
 2803824 - ETPRO TROJAN Trojan.Generic.KDV.274800 Checkin (trojan.rules)
 2803825 - ETPRO TROJAN TrojanDownloader.Win32/Stegvob.A Checkin (trojan.rules)
 2803826 - ETPRO TROJAN Application.Generic.379873 Checkin (trojan.rules)
 2803827 - ETPRO TROJAN Win32/Dynamer!dtc CnC INBOUND (trojan.rules)
 2803828 - ETPRO TROJAN Trojan-Banker.Win32.Banbra.alyg Checkin (trojan.rules)
 2803829 - ETPRO POLICY Bitcoin Cash Guild Bot Work Request (policy.rules)

[///]     Modified active rules:     [///]

Generalized to catch a variation:
 2013076 - ET TROJAN Zeus Bot GET to Google checking Internet connectivity (trojan.rules)
 2013740 - ET CURRENT_EVENTS Zeus/Aeausuc P2P Variant Retrieving Peers List (current_events.rules)

Matt Jonkman
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 866-504-2523 x110

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4364 bytes
Desc: not available
Url : http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20111005/8c05e0d7/smime.bin

More information about the Emerging-updates mailing list