[Emerging-updates] Daily Ruleset Update Summary 12/19/2012

Will Metcalf wmetcalf at emergingthreatspro.com
Wed Dec 19 15:57:05 HAST 2012


[***]         Summary:          [***]

10 new Open rules. 22 new Pro rules (10/12).

2016057 - 2016060 and 2016066 Updated Detection for CoolEK. Major changes
to this kit recently.
http://malware.dontneedcoffee.com/2012/12/big-update-for-cool-ek.html
2016061 Wordpress Pingback Portscanner
2016062 Linux/Chapro.A Malicious Apache Module c2
2016063 Paypal Phish
2016064 - 2016065 Popads EOT

2805844 - 2805855 Daily Pro Mobile Malware/Trojan/Malware coverage.

[+++]          Added rules:          [+++]

  Open:
  2016057 - ET CURRENT_EVENTS CoolEK Font File Download Dec 18 2012
(current_events.rules)
  2016058 - ET CURRENT_EVENTS CoolEK - New PDF Exploit - Dec 18 2012
(current_events.rules)
  2016059 - ET CURRENT_EVENTS CoolEK - Old PDF Exploit - Dec 18 2012
(current_events.rules)
  2016060 - ET CURRENT_EVENTS CoolEK - Jar - Dec 18 2012
(current_events.rules)
  2016061 - ET WEB_SPECIFIC_APPS Possible WordpressPingbackPortScanner
detected  (web_specific_apps.rules)
  2016062 - ET TROJAN Linux/Chapro.A Malicious Apache Module CnC Beacon
(trojan.rules)
  2016063 - ET CURRENT_EVENTS PHISH PayPal - Account Phished
(current_events.rules)
  2016064 - ET CURRENT_EVENTS Popads Exploit Kit font request 32hex digit
.eot (current_events.rules)
  2016065 - ET CURRENT_EVENTS Embedded Open Type Font file .eot seeing at
Popads Exploit Kit (current_events.rules)
  2016066 - ET CURRENT_EVENTS CoolEK - Landing Page (2)
(current_events.rules)

  Pro:
  2805844 - ETPRO TROJAN Cryp_Xin2/Clicker.Win32.Small.zy Checkin 1 sptr
(trojan.rules)
  2805845 - ETPRO TROJAN Cryp_Xin2/Clicker.Win32.Small.zy Checkin 2 brvc
(trojan.rules)
  2805846 - ETPRO TROJAN Cryp_Xin2/Clicker.Win32.Small.zy Checkin 3 qfa
(trojan.rules)
  2805847 - ETPRO MOBILE_MALWARE Android.Trojan.GGTracker.A Checkin 2
(mobile_malware.rules)
  2805848 - ETPRO MOBILE_MALWARE Exploit.Andr.Lotoor Checkin
(mobile_malware.rules)
  2805849 - ETPRO MOBILE_MALWARE Android/Adware.AirPush.D Checkin
(mobile_malware.rules)
  2805850 - ETPRO MALWARE Mail.ru Downloader Checkin 1 (malware.rules)
  2805851 - ETPRO MALWARE Mail.ru Downloader Checkin 2 (malware.rules)
  2805852 - ETPRO TROJAN Win32/TrojanDownloader.Banload.RPD Checkin
(trojan.rules)
  2805853 - ETPRO MOBILE_MALWARE Trojan/AndroidOS.eee Checkin
(mobile_malware.rules)
  2805854 - ETPRO TROJAN AndroidOS/Cosha.A / Android/Lovetrap.A Checkin
(trojan.rules)
  2805855 - ETPRO MALWARE Porn-Dialer.Win32.Agent.a / DIAL_RAS.IQ Checkin
(malware.rules)

 [---]         Removed rules:         [---]

  2013866 - ET TROJAN Kazy/Kryptor/Cycbot Trojan Checkin 3 (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20121219/9b752de7/attachment.html>


More information about the Emerging-updates mailing list