[Emerging-updates] Daily Ruleset Update Summary 4/13/2012

Will Metcalf wmetcalf at emergingthreatspro.com
Fri Apr 13 19:05:18 EDT 2012


14 new Open rules 4 new Pro rules. Matt and I were both travelling
this week, if we have not published your community submissions I
apologize. I will try to get caught-up over the weekend.

 [***] Results from Oinkmaster started Fri Apr 13 18:51:40 2012 [***]

 [+++]          Added rules:          [+++]

Open:
 2014550 - ET ACTIVEX Possible IBM Tivoli Provisioning Manager Express
Isig.isigCtl.1 ActiveX RunAndUploadFile Method Overflow
(activex.rules)
 2014551 - ET ACTIVEX Possible IBM Tivoli Provisioning Manager Express
Isig.isigCtl.1 ActiveX RunAndUploadFile Method Overflow 2
(activex.rules)
 2014552 - ET ACTIVEX Possible Dell IT Assistant
detectIESettingsForITA.ocx ActiveX Control readRegVal Remote Registry
Dump Vulnerability (activex.rules)
 2014553 - ET ACTIVEX Possible Dell IT Assistant
detectIESettingsForITA.ocx ActiveX Control readRegVal Remote Registry
Dump Vulnerability 2 (activex.rules)
 2014554 - ET WEB_SPECIFIC_APPS WordPress Pretty Link plugin url
Parameter Cross Site Scripting Attempt (web_specific_apps.rules)
 2014555 - ET WEB_SPECIFIC_APPS WordPress flash-album-gallery plugin i
Parameter Cross Site Scripting Attempt (web_specific_apps.rules)
 2014556 - ET WEB_SPECIFIC_APPS wordpress thecartpress plugin loop
parameter Local File Inclusion Attempt (web_specific_apps.rules)
 2014557 - ET WEB_SPECIFIC_APPS Joomla com_bulkenquery controller
parameter Local File Inclusion Attempt (web_specific_apps.rules)
 2014558 - ET WEB_SPECIFIC_APPS Joomla com_br controller parameter
Local File Inclusion Attempt (web_specific_apps.rules)
 2014559 - ET WEB_SPECIFIC_APPS Free PHP photo gallery script path
parameter Remote File inclusion Attempt (web_specific_apps.rules)
 2014560 - ET CURRENT_EVENTS - Modified Metasploit Jar (current_events.rules)
 2014561 - ET CURRENT_EVENTS landing page with malicious Java applet
(current_events.rules)
 2014562 - ET TROJAN - Known Trojan Downloader HTTP Library MSIE 5
Win98 seen with ZeuS (trojan.rules)
 2014563 - ET TROJAN - ZeuS C&C check-in response STATUS-IMPORT-OK
(trojan.rules)

 Pro:
 2804803 - ETPRO TROJAN Trojan-Downloader.Win32.Adload.dats CnC
Traffic (trojan.rules)
 2804804 - ETPRO TROJAN Trojan.Win32.Swisyn.chxm Checkin (trojan.rules)
 2804805 - ETPRO TROJAN Trojan-Downloader.Win32.Homa.exm Checkin (trojan.rules)
 2804806 - ETPRO TROJAN Trojan.Win32/Mutopy.A Checkin (trojan.rules)


 [///]     Modified active rules:     [///]

 2803311 - ETPRO TROJAN Likely Bot Nick in Off Port IRC (trojan.rules)
 2804434 - ETPRO TROJAN Likely Bot Nick in IRC
([country|so_version|computername]) (trojan.rules)


More information about the Emerging-updates mailing list