[Emerging-updates] Daily Ruleset Update Summary 08/20/2013

Will Metcalf wmetcalf at emergingthreatspro.com
Tue Aug 20 14:10:24 HADT 2013


[***]          Summary:          [***]

1 new Open. 19 new Pro rules (18/1) Blackhole, etc.

[+++]          Added rules:          [+++]

  Open:
  2017346 - ET CURRENT_EVENTS Blackhole/Cool obfuscated plugindetect in
charcodes w/o sep Jul 10 2013 (current_events.rules)

  Pro:
  2806853 - ETPRO TROJAN Trojan-PWS.Win32.Nilage Checkin (trojan.rules)
  2806854 - ETPRO TROJAN Worm.Win32/Bagle.gen!C Request (trojan.rules)
  2806855 - ETPRO TROJAN Worm.Win32/Bagle.gen!C CnC Response (trojan.rules)
  2806856 - ETPRO TROJAN Backdoor.MeSub.ey CnC Response (trojan.rules)
  2806857 - ETPRO TROJAN Trojan.Win32.Osmakudan.A Sending info 2
(trojan.rules)
  2806858 - ETPRO TROJAN TrojanSpy.Win32/Mafod!rts Checkin (trojan.rules)
  2806859 - ETPRO TROJAN Worm.Win32/Netsky.P at mm spreading via SMTP 1
(trojan.rules)
  2806860 - ETPRO TROJAN Worm.Win32/Netsky.P at mm spreading via SMTP 2
(trojan.rules)
  2806861 - ETPRO TROJAN Worm.Win32/VB.JN Checkin (trojan.rules)
  2806862 - ETPRO MALWARE Shareman Protocol (malware.rules)
  2806863 - ETPRO TROJAN Win32/Puzlice.A Checkin (trojan.rules)
  2806864 - ETPRO TROJAN Win32/Alureon.GD Checkin (trojan.rules)
  2806865 - ETPRO TROJAN Worm.Win32/Wergimog.A CnC OUTBOUND (trojan.rules)
  2806866 - ETPRO TROJAN Win32/TrojanDropper.Agent.POP Checkin
(trojan.rules)
  2806867 - ETPRO TROJAN WIN32/THETATIC Checkin (trojan.rules)
  2806868 - ETPRO TROJAN Win32.Trojan.Genome-176 (trojan.rules)
  2806869 - ETPRO TROJAN Win32/Pift DNS TXT CnC Lookup ppidn.net(trojan.rules)
  2806870 - ETPRO TROJAN Pift DNS TXT CnC response (trojan.rules)


 [///]     Modified active rules:     [///]

  Open:
  2016155 - ET CURRENT_EVENTS Multi-Exploit Kit (popads|g01pack) - Font
Exploit - 32HexChar.eot (current_events.rules)
  2017321 - ET CURRENT_EVENTS SUSPICIOUS IRC - NICK and Possible Windows
XP/7 (current_events.rules)
  2017344 - ET TROJAN Proxychecker Lookup (trojan.rules)

  Pro:
  2803980 - ETPRO TROJAN Backdoor.Win32.Salamdom!IK Checkin 2 (trojan.rules)
  2804392 - ETPRO TROJAN Trojan.Win32.Webprefix checkin (trojan.rules)
  2804872 - ETPRO TROJAN TrojanDownloader.Win32/Perkesh.F Checkin
(trojan.rules)


 [///]    Modified inactive rules:    [///]

  2017342 - ET INFO Iframe For IP Address Site (info.rules)


 [---]  Disabled and modified rules:  [---]

  2801267 - ETPRO TROJAN Backdoor.Win32.Coofus.RFM Checkin 2 (trojan.rules)


 [---]         Removed rules:         [---]

  Open:
  2012807 - ET EXPLOIT Possible g01pack Exploit Pack Malicious JAR File
Request (exploit.rules)
  2016064 - ET CURRENT_EVENTS Popads Exploit Kit font request 32hex digit
.eot (current_events.rules)

   Pro:
  2803916 - ETPRO TROJAN Likely Proxy Check Request (trojan.rules)
  2804871 - ETPRO TROJAN TrojanDownloader.Win32/Perkesh.F Checkin - SET
(trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20130820/555e6658/attachment.html>


More information about the Emerging-updates mailing list