[Emerging-updates] Daily Ruleset Update Summary 08/14/2013

Will Metcalf wmetcalf at emergingthreatspro.com
Wed Aug 14 13:05:08 HADT 2013


 [***]          Summary:          [***]

 4 new Open rules. 13 Pro rules (9/4). Joomla, Unknown EK, Pirate Browser,
SQLi, etc.

 [+++]          Added rules:          [+++]

  Open:
  2017327 - ET WEB_SERVER Joomla Upload File Filter Bypass
(web_server.rules)
  2017328 - ET CURRENT_EVENTS Unknown EK setSecurityManager hex August 14
2013 (current_events.rules)
  2017329 - ET POLICY Pirate Browser Download (policy.rules)
  2017330 - ET WEB_SERVER SQLi - SELECT and sysobject (web_server.rules)

  Pro:
  2806826 - ETPRO DOS Microsoft Windows ICMPv6 Router Advertisement CVE
2013-3183 (dos.rules)
  2806827 - ETPRO MOBILE_MALWARE Android/Badao.A Checkin
(mobile_malware.rules)
  2806829 - ETPRO MOBILE_MALWARE Trojan-Downloader.AndroidOS.Fav.a Checkin
(mobile_malware.rules)
  2806830 - ETPRO TROJAN njRAT CNC (trojan.rules)
  2806831 - ETPRO TROJAN Trojan-Dropper.Win32.Dapato.czwn Checkin
(trojan.rules)
  2806832 - ETPRO TROJAN Trojan-Dropper.Win32.Dapato.cvfu Checkin
(trojan.rules)
  2806833 - ETPRO TROJAN W32/VBTrojan.Downloader.1D!Maxi Checkin
(trojan.rules)
  2806834 - ETPRO TROJAN Trojan-Dropper.Win32.Injector.iucz Checkin 1
(trojan.rules)
  2806835 - ETPRO TROJAN Trojan-Dropper.Win32.Injector.iucz Checkin 2
(trojan.rules)


 [///]     Modified active rules:     [///]

  2008580 - ET TROJAN Trojan Sinowal/Torpig Phoning Home (trojan.rules)
  2011364 - ET TROJAN Sinowal/sinonet/mebroot/Torpig infected host POSTing
process list (trojan.rules)
  2011365 - ET TROJAN Sinowal/sinonet/mebroot/Torpig infected host checkin
(trojan.rules)
  2015902 - ET TROJAN Win32/Kuluoz.B CnC (trojan.rules)
  2015903 - ET TROJAN Win32/Kuluoz.B CnC 2 (trojan.rules)
  2015904 - ET TROJAN Win32/Kuluoz.B CnC 3 (trojan.rules)
  2017166 - ET CURRENT_EVENTS Sibhost Zip as Applet Archive July 08 2013
(current_events.rules)
  2017319 - ET CURRENT_EVENTS SUSPICIOUS IRC - NICK and 3 Letter Country
Code (current_events.rules)
  2017321 - ET CURRENT_EVENTS SUSPICIOUS IRC - NICK and Possible Windows
XP/7 (current_events.rules)
  2017322 - ET CURRENT_EVENTS SUSPICIOUS IRC - NICK and Win
(current_events.rules)
  2017323 - ET CURRENT_EVENTS SUSPICIOUS IRC - NICK and -PC
(current_events.rules)
  2805030 - ETPRO TROJAN PWS.Win32/Sinowal.gen!Y/Torpig Checkin
(trojan.rules)


 [///]    Modified inactive rules:    [///]

  2806097 - ETPRO TROJAN Sinowal/Torpig checkin (trojan.rules)


 [---]         Removed rules:         [---]

  2007747 - ET TROJAN MBR Trojan (Sinowal/Mebroot/) Phoning Home
(trojan.rules)
  2008520 - ET TROJAN Sinowal/Mebroot Client POST (trojan.rules)
  2804879 - ETPRO MOBILE_MALWARE Java/SmsSy.A Requesting .jar file
(mobile_malware.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20130814/834267f9/attachment.html>


More information about the Emerging-updates mailing list