[Emerging-updates] Daily Ruleset Update Summary 08/06/2013

Will Metcalf wmetcalf at emergingthreatspro.com
Tue Aug 6 15:01:40 HADT 2013


 [***]          Summary:          [***]

19 new Pro rules, 22 new Pro rules (19/3). Struts, OpenX, Blocker.bjat,
IRCBot, etc.


 [+++]          Added rules:          [+++]

  Open:
  2017277 - ET WEB_SERVER Possible Apache Struts OGNL in Dynamic Action
(web_server.rules)
  2017278 - ET WEB_SERVER Possible Apache Struts OGNL Expression Injection
(web_server.rules)
  2017279 - ET TROJAN Win32.Rovnix.I Checkin (trojan.rules)
  2017280 - ET WEB_SERVER Possible OpenX Backdoor Backdoor Access POST to
flowplayer (web_server.rules)
  2017281 - ET TROJAN Trojan-Ransom.Win32.Blocker.bjat (trojan.rules)
  2017282 - ET INFO Microsoft Script Encoder Encoded File (info.rules)
  2017283 - ET TROJAN ATTACKER IRCBot - PRIVMSG Command - net user
(trojan.rules)
  2017284 - ET TROJAN ATTACKER IRCBot - PRIVMSG Command - net localgroup
(trojan.rules)
  2017285 - ET TROJAN ATTACKER IRCBot - PRIVMSG Command - net * /add
(trojan.rules)
  2017286 - ET TROJAN ATTACKER IRCBot - PRIVMSG Command - netsh
(trojan.rules)
  2017287 - ET TROJAN ATTACKER IRCBot - PRIVMSG Command - ipconfig
(trojan.rules)
  2017288 - ET TROJAN ATTACKER IRCBot - PRIVMSG Command - reg (trojan.rules)
  2017289 - ET TROJAN ATTACKER IRCBot - PRIVMSG Response - The command
completed successfully (trojan.rules)
  2017290 - ET TROJAN ATTACKER IRCBot - PRIVMSG Response - Directory
Listing (trojan.rules)
  2017291 - ET TROJAN ATTACKER IRCBot - PRIVMSG Response - net command
output (trojan.rules)
  2017292 - ET TROJAN ATTACKER IRCBot - PRIVMSG Response - ipconfig command
output (trojan.rules)
  2017293 - ET WEB_SERVER - EXE File Uploaded - Hex Encoded
(web_server.rules)
  2017294 - ET INFO Adobe PKG Download Flowbit Set (info.rules)
  2017295 - ET CURRENT_EVENTS Styx iframe with obfuscated Java version
check Jul 04 2013 (current_events.rules)

  Pro:
  2806778 - ETPRO TROJAN Worm.Mydoom spreading via SMTP 19 (trojan.rules)
  2806779 - ETPRO TROJAN Trojan-PSW.Win32.Delf.qc Checkin (trojan.rules)
  2806780 - ETPRO TROJAN TrojanDownloader.Banload.axdq Checkin
(trojan.rules)


 [///]     Modified active rules:     [///]

  2008438 - ET MALWARE Possible Windows executable sent when remote host
claims to send a Text File (malware.rules)
  2014376 - ET CURRENT_EVENTS Possible Zeus .ru CnC Domain Generation
Algorithm (DGA) Lookup Detected (current_events.rules)
  2015475 - ET CURRENT_EVENTS BlackHole TKR Landing Page /last/index.php
(current_events.rules)
  2017114 - ET CURRENT_EVENTS Styx iframe with obfuscated Java version
check Jul 04 2013 (current_events.rules)
  2017265 - ET CURRENT_EVENTS BlackHole EK Non-standard base64 Key
(current_events.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20130806/48a51f4f/attachment.html>


More information about the Emerging-updates mailing list