[Emerging-updates] Daily Ruleset Update Summary 4/10/2012

Matt Jonkman jonkman at emergingthreatspro.com
Tue Apr 10 17:39:52 EDT 2012


3 new Open rules, 15 new Pro Subscriber rules. MS Patch Tuesday and Adobe issues covered. More details on coverage here:

http://www.emergingthreatspro.com/daily-ruleset-update-summary/april-2012-microsoftadobe-patch-tuesday-coverage/


[+++]          Added rules:          [+++]

 2014536 - ET CURRENT_EVENTS Blackhole Java Exploit request to /Klot.jar (current_events.rules)
 2014537 - ET CURRENT_EVENTS Initial Blackhole Landing .prototype.q catch with split (current_events.rules)
 2014538 - ET CURRENT_EVENTS Initial Blackhole Landing Please wait till page (current_events.rules)

Pro Rules:
 2804786 - ETPRO TROJAN Win32/Spy.VB.NJJ Checkin (trojan.rules)
 2804787 - ETPRO TROJAN Win32/AgentBypass.gen!K Checkin (trojan.rules)
 2804788 - ETPRO TROJAN Win32/Pilrurl.A Checkin (trojan.rules)
 2804789 - ETPRO TROJAN Trojan-PSW.Win32.WebMoner.si Checkin (trojan.rules)
 2804790 - ETPRO MALWARE AdWare.BHO.rrv Checkin (malware.rules)
 2804791 - ETPRO WEB_CLIENT Adobe PDF Add Button Dereference Vulnerability Exploit Attempt (web_client.rules)
 2804792 - ETPRO EXPLOIT WinVerifyTrust Signature Validation Bypass Attempt Filetype ZIPSFX (exploit.rules)
 2804793 - ETPRO EXPLOIT WinVerifyTrust Signature Validation Bypass Attempt Filetype RAR (exploit.rules)
 2804794 - ETPRO EXPLOIT WinVerifyTrust Signature Validation Bypass Attempt Filetype Lharc SFX (exploit.rules)
 2804795 - ETPRO WEB_CLIENT Potential Microsoft Internet Explorer Vector Graphics Rendering user-after-free (web_client.rules)
 2804796 - ETPRO WEB_CLIENT Microsoft Rich Text File download with vulnerable ActiveX control flowbit set 1 (web_client.rules)
 2804797 - ETPRO WEB_CLIENT Microsoft Rich Text File download with vulnerable ActiveX control flowbit set 2 (web_client.rules)
 2804798 - ETPRO WEB_CLIENT Microsoft Rich Text File download with vulnerable ActiveX control flowbit set 3 (web_client.rules)
 2804799 - ETPRO WEB_CLIENT Microsoft Rich Text File download with vulnerable ListView ActiveX control (web_client.rules)
 2804800 - ETPRO WEB_CLIENT Microsoft Rich Text File download with vulnerable TreeView ActiveX control 2 (web_client.rules)


[///]     Modified active rules:     [///]

 2007842 - ET MALWARE Softspydelete.com Fake Anti-Spyware Checkin (malware.rules)
 2007843 - ET TROJAN Bzub2 Related RPC/Http Checkin (trojan.rules)
 2010677 - ET MALWARE Suspicious User-Agent (My Session) (malware.rules)
 2014279 - ET CURRENT_EVENTS Blackhole Acrobat 8/9.3 PDF exploit download request 6 (current_events.rules)
 2402000 - ET DROP Dshield Block Listed Source (dshield.rules)


[---]  Disabled and modified rules:  [---]

 2008035 - ET TROJAN System.Poser HTTP Checkin (trojan.rules)


[---]         Removed rules:         [---]

 2007775 - ET TROJAN Krunchy/BZub HTTP Checkin/Update (trojan.rules)
 2009082 - ET TROJAN Password Stealer Reporting - ?a=%NN&b= (trojan.rules)



        2007775 || ET DELETED Krunchy/BZub HTTP Checkin/Update || url,doc.emergingthreats.net/2007775
        2009082 || ET DELETED Password Stealer Reporting - ?a=%NN&b= || url,doc.emergingthreats.net/2009082
        2010677 || ET MALWARE Suspicious User-Agent (My Session) || url,doc.emergingthreats.net/2010677
        2014536 || ET CURRENT_EVENTS Blackhole Java Exploit request to /Klot.jar
        2014537 || ET CURRENT_EVENTS Initial Blackhole Landing .prototype.q catch with split
        2014538 || ET CURRENT_EVENTS Initial Blackhole Landing Please wait till page

        2804786 || ETPRO TROJAN Win32/Spy.VB.NJJ Checkin || md5,ceb041f7c7c6b6ec6e8b4d2205709dd8
        2804787 || ETPRO TROJAN Win32/AgentBypass.gen!K Checkin || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FAgentBypass.gen!K || md5,6c65be2756cd6003bb75623661c6752f
        2804788 || ETPRO TROJAN Win32/Pilrurl.A Checkin || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader%3AWin32%2FPilrurl.A&ThreatID=-2147357065|| md5,ec917a68ec32fb2728fd442d5fe7b30c
        2804789 || ETPRO TROJAN Trojan-PSW.Win32.WebMoner.si Checkin || url,www.nictasoft.com/viruslib/malware/Trojan-PSW.Win32.WebMoner.si || md5,4d168790bcf8ffe82601a94dc2b17be9
        2804790 || ETPRO MALWARE AdWare.BHO.rrv Checkin || md5,a589d8e5bcbf388ef31e2b93c19eca56
        2804791 || ETPRO WEB_CLIENT Adobe PDF Add Button Dereference Vulnerability Exploit Attempt || cve,2012-0775
        2804792 || ETPRO EXPLOIT WinVerifyTrust Signature Validation Bypass Attempt Filetype ZIPSFX || cve,2012-0151
        2804793 || ETPRO EXPLOIT WinVerifyTrust Signature Validation Bypass Attempt Filetype RAR || cve,2012-0151
        2804794 || ETPRO EXPLOIT WinVerifyTrust Signature Validation Bypass Attempt Filetype Lharc SFX || cve,2012-0151
        2804795 || ETPRO WEB_CLIENT Potential Microsoft Internet Explorer Vector Graphics Rendering user-after-free || cve,2012-0172
        2804796 || ETPRO WEB_CLIENT Microsoft Rich Text File download with vulnerable ActiveX control flowbit set 1 || cve,2012-0158
        2804797 || ETPRO WEB_CLIENT Microsoft Rich Text File download with vulnerable ActiveX control flowbit set 2 || cve,2012-0158
        2804798 || ETPRO WEB_CLIENT Microsoft Rich Text File download with vulnerable ActiveX control flowbit set 3 || cve,2012-0158
        2804799 || ETPRO WEB_CLIENT Microsoft Rich Text File download with vulnerable ListView ActiveX control || cve,2012-0158
        2804800 || ETPRO WEB_CLIENT Microsoft Rich Text File download with vulnerable TreeView ActiveX control 2 || cve,2012-0158




----------------------------------------------------
Matt Jonkman
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 866-504-2523 x110
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------



More information about the Emerging-updates mailing list