[Emerging-updates] Daily Ruleset Update Summary 4/20/2012

Will Metcalf wmetcalf at emergingthreatspro.com
Fri Apr 20 17:13:34 EDT 2012


12 new Open rules 7 new Pro rules. A few small fixes and tweaks.

 [+++]          Added rules:          [+++]

 Open:
 2014619 - ET ACTIVEX Possible McAfee SaaS MyCioScan ShowReport Method Call
Remote Command Execution (activex.rules)
 2014620 - ET ACTIVEX Possible McAfee SaaS MyCioScan ShowReport Method Call
Remote Command Execution 2 (activex.rules)
 2014621 - ET WEB_SPECIFIC_APPS DokuWiki target parameter Cross-Site
Scripting Attempt (web_specific_apps.rules)
 2014622 - ET WEB_SPECIFIC_APPS WordPress
1-jquery-photo-gallery-slideshow-flash plugin page Cross-Site Scripting
Attempt (web_specific_apps.rules)
 2014623 - ET WEB_SPECIFIC_APPS DirectNews rootpath parameter Remote File
inclusion Attempt (web_specific_apps.rules)
 2014624 - ET WEB_SPECIFIC_APPS DirectNews uploadBigFiles.php Remote File
inclusion Attempt (web_specific_apps.rules)
 2014625 - ET WEB_SPECIFIC_APPS DirectNews remote.php Remote File inclusion
Attempt (web_specific_apps.rules)
 2014626 - ET WEB_SPECIFIC_APPS DirectNews class.panier_article.php Remote
File inclusion Attempt (web_specific_apps.rules)
 2014627 - ET WEB_SPECIFIC_APPS DirectNews menu_layers.php Remote File
inclusion Attempt (web_specific_apps.rules)
 2014628 - ET WEB_SPECIFIC_APPS DirectNews lib.panier.php Remote File
inclusion Attempt (web_specific_apps.rules)
 2014629 - ET CURRENT_EVENTS Possible Blackhole Landing to 8 chr folder
plus js.js (current_events.rules)
 2014630 - ET TROJAN PoisonIvy.Es11 Keepalive to CnC (trojan.rules)

 Pro:
 2802084 - ETPRO TROJAN Backdoor.Win32.Mecklow.A Checkin (trojan.rules)
 2804835 - ETPRO TROJAN Net-Worm.Win32.Bobic.bc Checkin (trojan.rules)
 2804836 - ETPRO TROJAN Trojan-FakeAV.Win32.PrivacyProtection.jl Checkin
(trojan.rules)
 2804837 - ETPRO TROJAN Downloader.Darkmegi Checkin (trojan.rules)
 2804838 - ETPRO TROJAN Savit.A Checkin (trojan.rules)
 2804839 - ETPRO TROJAN Trojan-Dropper.Win32.Injector.dvnk Checkin - SET
(trojan.rules)
 2804840 - ETPRO TROJAN Trojan-Dropper.Win32.Injector.dvnk Checkin
(trojan.rules)


 [///]     Modified active rules:     [///]

 Open:
 2010674 - ET DOS Cisco 4200 Wireless Lan Controller Long Authorisation
Denial of Service Attempt (dos.rules)
 2011912 - ET CURRENT_EVENTS Possible Fake AV Checkin (current_events.rules)
 2014605 - ET MALWARE W32/GameVance Adware Server Reponse To Client Checkin
(malware.rules)
 2014607 - ET CURRENT_EVENTS Nikjju Mass Injection Compromised Site Served
To Local Client (current_events.rules)
 2014608 - ET CURRENT_EVENTS Nikjju Mass Injection Internal WebServer
Compromised (current_events.rules)

 Pro:
 2804736 - ETPRO CURRENT_EVENTS Rogue.Win32/FakePAV Checkin
(current_events.rules)


 [---]         Disabled rules:        [---]

 Open:
 2011853 - ET WEB_SPECIFIC_APPS W-Agora search.php bn Parameter Local File
Inclusion Attempt (web_specific_apps.rules)

 Pro:
 2803100 - ETPRO CURRENT_EVENTS Possible Hostile Compressed SWF file AFTER
vulnerable Flash ActiveX Control (current_events.rules)
 2803103 - ETPRO CURRENT_EVENTS Exploit Specific Potential Adobe Flash
ActiveX Request (current_events.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20120420/7d731bf2/attachment.html>


More information about the Emerging-updates mailing list