[Emerging-updates] Daily Ruleset Update Summary 4/17/2012 Part II "The Search For More Rules"

Will Metcalf wmetcalf at emergingthreatspro.com
Tue Apr 17 19:44:17 EDT 2012


 12 new Open rules 7 new Pro rules. A few fixes and tweaks. Enjoy!

 [+++]          Added rules:          [+++]

 Open:
 2014604 - ET TROJAN Trojan.Win32.Yakes.pwo Checkin (trojan.rules)
 2014605 - ET TROJAN W32/GameVance Server Reponse To Client Checkin
(trojan.rules)
 2014606 - ET TROJAN W32/GameVance User-Agent (aw v3) (trojan.rules)
 2014607 - ET CURRENT_EVENTS Nikjju Mass Injection Compromised Site Served
To Local Client (current_events.rules)
 2014608 - ET CURRENT_EVENTS Nikjju Mass Injection Internal WebServer
Compromised (current_events.rules)
 2014609 - ET CURRENT_EVENTS Incognito Exploit Kit Java request to
images.php?t= (current_events.rules)
 2014610 - ET TROJAN W32/Downvision.A Initial Checkin (trojan.rules)
 2014611 - ET CURRENT_EVENTS TDS Sutra - cookie set RULEZ
(current_events.rules)
 2014612 - ET CURRENT_EVENTS TDS Sutra - cookie is set RULEZ
(current_events.rules)
 2014613 - ET CURRENT_EVENTS Jembot PHP Webshell (file upload)
(current_events.rules)
 2014614 - ET CURRENT_EVENTS Jembot PHP Webshell (system command)
(current_events.rules)
 2014615 - ET CURRENT_EVENTS Jembot PHP Webshell (hell.php)
(current_events.rules)

 Pro:
 2804810 - ETPRO TROJAN Win32/Soft32Downloader.A Checkin (trojan.rules)
 2804811 - ETPRO TROJAN P2P-Worm.Win32.Palevo.boxg Checkin (trojan.rules)
 2804812 - ETPRO TROJAN Trojan-Banker.BAT.Banker.m Checkin (trojan.rules)
 2804813 - ETPRO TROJAN PWS.Win32/Simda.gen!B checkin (trojan.rules)
 2804814 - ETPRO TROJAN PWS.Win32/Reveton.A Checkin (trojan.rules)
 2804815 - ETPRO TROJAN Worm.Win32.AutoRun.btdp checkin (trojan.rules)
 2804816 - ETPRO POLICY file request to filebuldog.com (policy.rules)


 [///]     Modified active rules:     [///]

 2011507 - ET WEB_CLIENT PDF With Embedded File (web_client.rules)
 2012682 - ET EXPLOIT HP OpenView NNM snmpviewer.exe CGI Stack Buffer
Overflow 1 (exploit.rules)
 2013439 - ET TROJAN Dirt Jumper/Russkill3 Checkin (trojan.rules)
 2013687 - ET TROJAN Shylock Module Data POST (trojan.rules)
 2014218 - ET TROJAN Zeus POST Request to CnC sk1 and bn1 post parameters
(trojan.rules)
 2014230 - ET TROJAN Karagany/Kazy Obfuscated Payload Download
(trojan.rules)
 2804539 - ETPRO MALWARE W32/DownVision.A.gen Checkin (malware.rules)
 2804765 - ET TROJAN Dirt Jumper/Russkill v5 Checkin (trojan.rules)


 [---]         Removed rules:         [---]

 2804623 - ETPRO TROJAN Trojan.Win32.Yakes.pwo Checkin (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20120417/69f32f36/attachment.html>


More information about the Emerging-updates mailing list