[Emerging-updates] Daily Ruleset Update Summary 08/23/2013

Will Metcalf wmetcalf at emergingthreatspro.com
Fri Aug 23 12:42:01 HADT 2013


 [***]          Summary:          [***]

 5 new Open rules. 15 new Pro rules (5/10). AutoIT, Bitcoin, Avatar, Fake
IE UA. Some dupes disabled etc. Thanks To Ryan, Kevin, Harry, etc. all..

 [+++]          Added rules:          [+++]

  Open:
  2017365 - ET TROJAN SUSPICIOUS UA (iexplore) (trojan.rules)
  2017367 - ET TROJAN Possible Win32/Napolar.A URL Response (trojan.rules)
  2017368 - ET TROJAN Possible Avatar RootKit Yahoo Group Search
(trojan.rules)
  2017369 - ET TROJAN Bitcoin variant Checkin (trojan.rules)
  2017370 - ET CURRENT_EVENTS AutoIT C&C Check-In 2013-08-23 URL
(current_events.rules)

  Pro:
  2806844 - ETPRO POLICY Online Proxy Service 1 (policy.rules)
  2806845 - ETPRO POLICY Online Proxy Service 2 (policy.rules)
  2806878 - ETPRO TROJAN Trojan.Fraudload-2561 Checkin (trojan.rules)
  2806879 - ETPRO TROJAN Backdoor.Win32.Poison.accz Checkin (trojan.rules)
  2806880 - ETPRO TROJAN Suspicious HTTP Referrer artifact.exe at drive C
(trojan.rules)
  2806881 - ETPRO TROJAN TrojanProxy.Win32/Hioles.B CnC (trojan.rules)
  2806882 - ETPRO TROJAN Trojan.Win32.Agent.btdoqw Checkin (trojan.rules)
  2806883 - ETPRO TROJAN Worm.AutoIt/Renocide.gen!A Checkin (trojan.rules)
  2806885 - ETPRO TROJAN TROJ_VUNDO.SMG Checkin (trojan.rules)
  2806886 - ETPRO TROJAN Trojan/Win32.Infostealer Sending info via FTP
(trojan.rules)


 [///]     Modified active rules:     [///]

  Open:
  2016292 - ET TROJAN Mashigoom/Tranwos/RevProxy ClickFraud - hello
(trojan.rules)

  Pro:
  2804918 - ETPRO TROJAN Backdoor/MSIL.adv Checkin (trojan.rules)
  2805658 - ETPRO TROJAN Win32/Karagany.L Checkin (trojan.rules)


 [---]  Disabled and modified rules:  [---]

  2102091 - GPL WEB_SERVER WEBDAV nessus safe scan attempt
(web_server.rules)


 [---]         Removed rules:         [---]

  Open:
  2014144 - ET TROJAN PoisonIvy.Eks Keepalive to CnC (trojan.rules)
  2016140 - ET TROJAN Suspicious User Agent (iexplorer) (trojan.rules)

  Pro:
  2806844 - ETPRO TROJAN Variant.Kazy.76645 Checkin 1 (trojan.rules)
  2806845 - ETPRO TROJAN Variant.Kazy.76645 Checkin 2 (trojan.rules)
  2806868 - ETPRO TROJAN Win32.Trojan.Genome-176 (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20130823/23f85790/attachment.html>


More information about the Emerging-updates mailing list