[Emerging-updates] Daily Ruleset Update Summary 08/19/2013

Will Metcalf wmetcalf at emergingthreatspro.com
Mon Aug 19 17:52:51 HADT 2013


[***]          Summary:          [***]

7 new Open rules. 19 new Pro rules (7/12). Blackhole, SQLi, Proxychecker,
Graftor, etc. Thanks to Kevin Ross!


[+++]          Added rules:          [+++]

  Open:
  2017337 - ET WEB_SERVER ATTACKER SQLi - SELECT and Schema Columns
(web_server.rules)
  2017340 - ET CURRENT_EVENTS Blackhole Exploit Kit Shrift.php Microsoft
OpenType Font Exploit Request (current_events.rules)
  2017341 - ET CURRENT_EVENTS Blackhole Exploit Kit Microsoft OpenType Font
Exploit (current_events.rules)
  2017342 - ET INFO Iframe For IP Address Site (info.rules) (disabled by
default)
  2017343 - ET TROJAN W32/Spy.KeyLogger.OCI CnC Checkin (trojan.rules)
  2017344 - ET TROJAN Proxychecker Lookup (trojan.rules)
  2017345 - ET SHELLCODE Possible UTF-16 u9090 NOP SLED (shellcode.rules)

  Pro:
  2806841 - ETPRO MOBILE_MALWARE Android/SMSstealer.A!tr Checkin 2
(mobile_malware.rules)
  2806842 - ETPRO TROJAN Win32/Agent.UZD Checkin (trojan.rules)
  2806843 - ETPRO TROJAN Trojan.PWS.Qip.105 Checkin (trojan.rules)
  2806844 - ETPRO TROJAN Variant.Kazy.76645 Checkin 1 (trojan.rules)
  2806845 - ETPRO TROJAN Variant.Kazy.76645 Checkin 2 (trojan.rules)
  2806846 - ETPRO TROJAN Stealer sending stolen data via SMTP (trojan.rules)
  2806847 - ETPRO TROJAN WIN32/KOVTER.B Checkin (trojan.rules)
  2806848 - ETPRO TROJAN Trojan.Win32.VB.alto Checkin (trojan.rules)
  2806849 - ETPRO TROJAN Unknown Trojan Checkin (trojan.rules)
  2806850 - ETPRO TROJAN Trojan.Win32.Agent.hfal / Trojan.Win32.Small.byj
Checkin 1 (trojan.rules)
  2806851 - ETPRO TROJAN Trojan.Win32.Agent.hfal / Trojan.Win32.Small.byj
Checkin 2 (trojan.rules)
  2806852 - ETPRO TROJAN Win32/Tearspear.L Checkin (trojan.rules)


 [///]     Modified active rules:     [///]

  2001855 - ET MALWARE Fun Web Products Spyware User-Agent (FunWebProducts)
(malware.rules)
  2007845 - ET MALWARE Errclean.com Related Spyware User-Agent (Locus
NetInstaller) (malware.rules)
  2008212 - ET TROJAN Optix Pro Trojan/Keylogger Reporting Installation via
Email (trojan.rules)
  2011037 - ET WEB_SERVER Possible Attempt to Get SQL Server Version in URI
using SELECT VERSION (web_server.rules)
  2011582 - ET POLICY Vulnerable Java Version 1.6.x Detected (policy.rules)
  2012111 - ET SHELLCODE Possible UTF-16 %u9090 NOP SLED (shellcode.rules)
  2013283 - ET TROJAN DarkComet-RAT init connection (trojan.rules)
  2013284 - ET TROJAN DarkComet-RAT server join acknowledgement
(trojan.rules)
  2013285 - ET TROJAN DarkComet-RAT Client Keepalive (trojan.rules)
  2016193 - ET CURRENT_EVENTS DRIVEBY Unknown - Landing Page Requested -
/?Digit (current_events.rules)
  2016398 - ET TROJAN Variant.Graftor.5628 CnC Traffic (trojan.rules)
  2017308 - ET TROJAN W32/PornoAsset.Ransomware CnC Checkin (trojan.rules)
  2017321 - ET CURRENT_EVENTS SUSPICIOUS IRC - NICK and Possible Windows
XP/7 (current_events.rules)

  Pro:
  2803765 - ETPRO TROJAN Trojan-Downloader.Win32.Mufanom.vha DNS Tunnel
(trojan.rules)
  2806328 - ETPRO MALWARE TornTV Install (malware.rules)
  2806577 - ETPRO TROJAN DarkComet-RAT init connection 2 (trojan.rules)
  2806578 - ETPRO TROJAN DarkComet-RAT server join acknowledgement 2
(trojan.rules)
  2806579 - ETPRO TROJAN DarkComet-RAT init connection 3 (trojan.rules)
  2806580 - ETPRO TROJAN DarkComet-RAT server join acknowledgement 3
(trojan.rules)
  2806581 - ETPRO TROJAN DarkComet-RAT init connection 4 (trojan.rules)
  2806582 - ETPRO TROJAN DarkComet-RAT server join acknowledgement 4
(trojan.rules)
  2806583 - ETPRO TROJAN DarkComet-RAT init connection 5 (trojan.rules)
  2806584 - ETPRO TROJAN DarkComet-RAT server join acknowledgement 5
(trojan.rules)
  2806585 - ETPRO TROJAN DarkComet-RAT init connection 6 (trojan.rules)
  2806587 - ETPRO TROJAN DarkComet-RAT init connection 7 (trojan.rules)
  2806588 - ETPRO TROJAN DarkComet-RAT server join acknowledgement 7
(trojan.rules)
  2806589 - ETPRO TROJAN DarkComet-RAT init connection 8 (trojan.rules)
  2806590 - ETPRO TROJAN DarkComet-RAT server join acknowledgement 8
(trojan.rules)


 [///]    Modified inactive rules:    [///]

  2000419 - ET POLICY PE EXE or DLL Windows file download (policy.rules)
  2003595 - ET POLICY exe download via HTTP - Informational (policy.rules)


 [---]         Removed rules:         [---]

  2803506 - ETPRO MALWARE Arcadeweb LLC User-Agent awi v2. (malware.rules)
  2806787 - ETPRO TROJAN Suspicious User-Agent (SEX/1) (trojan.rules)
  2806806 - ETPRO TROJAN Unknown Trojan Checkin (trojan.rules)
  2806810 - ETPRO TROJAN Trojan-Dropper.Win32.Injector.iucz Checkin
(trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20130819/0d987ee1/attachment.html>


More information about the Emerging-updates mailing list