[Emerging-updates] Daily Ruleset Update Summary 12/05/2012

Will Metcalf wmetcalf at emergingthreatspro.com
Wed Dec 5 17:11:08 HAST 2012


 [***]          Summary:          [***]

 9 new Open rules. 16 new Pro rules(9/7).  A couple of tweaks, One dupe
disabled.

 2015988 Another CrimeBoss event
 2015989 - 2015990 Current Redkit html/jar URI patterns
 2015992 - 2015996 More Exploit specific coverage for the KingCope MySQL
0-days.
 2015997 Fake Google Chrome EXE being served up by BHEK.
http://www.bluecoat.com/security-blog/2012-12-05/blackhole-kit-doesnt-chrome

 [+++]          Added rules:          [+++]

  Open:
  2015988 - ET CURRENT_EVENTS CrimeBoss - Stats Load Fail
(current_events.rules)
  2015989 - ET CURRENT_EVENTS RedKit - Potential Java Exploit Requested - 3
digit jar (current_events.rules)
  2015990 - ET CURRENT_EVENTS RedKit - Potential Payload Requested -
/2Digit.html (current_events.rules)
  2015992 - ET EXPLOIT MySQL (Linux) Database Privilege Elevation (Exploit
Specific) (exploit.rules)
  2015993 - ET ATTACK_RESPONSE MySQL User Account Enumeration
(attack_response.rules)
  2015994 - ET INFO MySQL Database Query Version OS compile (info.rules)
  2015995 - ET EXPLOIT MySQL Server for Windows Remote SYSTEM Level Exploit
(Stuxnet Techique DUMP INTO executable) (exploit.rules)
  2015996 - ET EXPLOIT MySQL Server for Windows Remote SYSTEM Level Exploit
(Stuxnet Techique) (exploit.rules)
  2015997 - ET CURRENT_EVENTS Fake Google Chrome Update/Install
(current_events.rules)

  Pro:
  2805766 - ETPRO TROJAN Win32/AgentBypass.gen!G Checkin 2 (trojan.rules)
  2805767 - ETPRO TROJAN Win32/Spy.Agent.OBQ / Backdoor.Win32.Nosrawec
Checkin (trojan.rules)
  2805768 - ETPRO TROJAN Unknown Trojan Checkin (trojan.rules)
  2805769 - ETPRO TROJAN Trojan.Win32.Klovbot Checkin (trojan.rules)
  2805770 - ETPRO TROJAN Unknown Trojan Checkin (trojan.rules)
  2805771 - ETPRO TROJAN Taidoor Checkin (trojan.rules)
  2805772 - ETPRO TROJAN Trojan-Ransomware Checkin (trojan.rules)


 [///]     Modified active rules:     [///]

  2014385 - ET DOS Microsoft Remote Desktop (RDP) Syn/Ack Outbound Flowbit
Set (dos.rules)
  2015927 - ET CURRENT_EVENTS RedKit /h***.htm(l) Landing Page - Set
(current_events.rules)

 [---]         Removed rules:         [---]

  2014753 - ET CURRENT_EVENTS probable malicious Glazunov Javascript
injection (current_events.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20121205/63f2507b/attachment.html>


More information about the Emerging-updates mailing list