[Emerging-updates] Daily Ruleset Update Summary 4/02/2012

Will Metcalf wmetcalf at emergingthreatspro.com
Mon Apr 2 19:38:31 EDT 2012


11 new Open Rules 1 new Pro rule. A lot of fixes and tweaks. Enjoy!

[***] Results from Oinkmaster started Mon Apr  2 19:27:49 2012 [***]

 [+++]          Added rules:          [+++]

 2010921 - ET ACTIVEX Ask.com Toolbar askBar.dll ActiveX ShortFormat
Buffer Overflow Attempt (activex.rules)
 2014448 - ET WEB_SPECIFIC_APPS WEB-PHP Wordpress enable-latex plugin
url Remote File inclusion Attempt (web_specific_apps.rules)
 2014449 - ET WEB_SPECIFIC_APPS Event Calendar PHP cal_year Parameter
Cross Site Scripting Attempt (web_specific_apps.rules)
 2014450 - ET WEB_SPECIFIC_APPS WordPress Mini Mail Dashboard Widget
abspath Remote File inclusion Attempt (web_specific_apps.rules)
 2014451 - ET ACTIVEX  Dell Webcam CrazyTalk ActiveX Control BackImage
Access Potential Buffer Overflow Attempt (activex.rules)
 2014452 - ET ACTIVEX Dell Webcam CrazyTalk ActiveX Control BackImage
Access Potential  Buffer Overflow Attempt 2 (activex.rules)
 2014453 - ET ACTIVEX Quest InTrust Annotation Objects ActiveX Control
Add Access Potential Remote Code Execution (activex.rules)
 2014454 - ET ACTIVEX Quest InTrust Annotation Objects ActiveX Control
Add Access Potential Remote Code Execution 2 (activex.rules)
 2014455 - ET ACTIVEX TRENDnet TV-IP121WN UltraMJCam ActiveX Control
OpenFileDlg Access Potential Remote Stack Buffer Overflow
(activex.rules)
 2014456 - ET ACTIVEX TRENDnet TV-IP121WN UltraMJCam ActiveX Control
OpenFileDlg Access Potential Remote Stack Buffer Overflow 2
(activex.rules)
 2014457 - ET CURRENT_EVENTS Blackhole Exploit Kit JAR from //Home/
(current_events.rules)
 2804729 - ETPRO CURRENT_EVENTS Eleonore Exploit Kit (current_events.rules)


 [///]     Modified active rules:     [///]

 2001742 - ET EXPLOIT Arkeia full remote access without password or
authentication (exploit.rules)
 2002863 - ET WEB_SERVER osCommerce vulnerable web application extras
update.php exists (web_server.rules)
 2003149 - ET ATTACK_RESPONSE Possible /etc/passwd via SMTP (linux
style) (attack_response.rules)
 2003150 - ET ATTACK_RESPONSE Possible /etc/passwd via SMTP (BSD
style) (attack_response.rules)
 2009387 - ET POLICY PPTP Requester is not authorized to establish a
command channel (policy.rules)
 2009408 - ET TROJAN Patcher/Bankpatch V2 Communication with
Controller (trojan.rules)
 2009797 - ET TROJAN Bifrose Response from victim (trojan.rules)
 2012218 - ET ACTIVEX Possible UserManager SelectServer method Buffer
Overflow Attempt (activex.rules)
 2012612 - ET TROJAN Hiloti Style GET to PHP with invalid terse MSIE
headers (trojan.rules)
 2013092 - ET TROJAN VBKrypt.cmtp Login to Server (trojan.rules)
 2013348 - ET TROJAN Zeus Bot Request to CnC 2 (trojan.rules)
 2013349 - ET TROJAN Connectivity Check of Unknown Origin 1 (trojan.rules)
 2013350 - ET TROJAN Connectivity Check of Unknown Origin 2 (trojan.rules)
 2013351 - ET TROJAN Connectivity Check of Unknown Origin 3 (trojan.rules)
 2013936 - ET POLICY SSH banner detected on TCP 443 likely proxy
evasion (policy.rules)
 2014177 - ET CURRENT_EVENTS Incognito/Sakura exploit kit binary
download request (current_events.rules)
 2803851 - ETPRO WEB_CLIENT Microsoft Internet Explorer remote code
execution via option element (web_client.rules)
 2804719 - ETPRO POLICY myipreal IP Lookup Request (policy.rules)


 [///]    Modified inactive rules:    [///]

 2010463 - ET WEB_SERVER RFI Scanner Success (Fx29ID) (web_server.rules)
 2011812 - ET CURRENT_EVENTS SEO Exploit Kit - Landing Page
(current_events.rules)
 2101675 - GPL SQL Oracle misparsed login response (sql.rules)
 2101792 - GPL MISC return code buffer overflow attempt (misc.rules)
 100000172 - GPL MISC NNTP Lynx overflow attempt (misc.rules)


 [---]         Disabled rules:        [---]

 2014444 - ET CURRENT_EVENTS DRIVEBY Blackhole - Page redirecting to
driveby (current_events.rules)


 [---]         Removed rules:         [---]

 2002707 - ET MALWARE iframebiz - adv***.php (malware.rules)
 2007777 - ET TROJAN Browser HiJacker/Infostealer Stat file (trojan.rules)
 2009290 - ET TROJAN Possible Hupigon Connect (trojan.rules)
 2009291 - ET TROJAN Hupigon CnC Client Status (trojan.rules)
 2009292 - ET TROJAN Hupigon CnC Server Response (trojan.rules)


More information about the Emerging-updates mailing list