[Emerging-updates] Daily Ruleset Update Summary 08/29/2013

Will Metcalf wmetcalf at emergingthreatspro.com
Thu Aug 29 13:31:38 HADT 2013


 [***]          Summary:          [+++]

  3 new Open rules. 13 new Pro rules (3/10). IRC Bot, CoolEK, Apple
CoreText PoC, etc.

 [+++]          Added rules:          [+++]

  Open:
  2017395 - ET TROJAN Likely Bot Nick in IRC ([country|so version|CPU])
(trojan.rules)
  2017396 - ET CURRENT_EVENTS CoolEK Landing Aug 29 2013
 (current_events.rules)
  2017397 - ET DOS Apple CoreText Exploit Specific string (dos.rules)

  Pro:
  2806931 - ETPRO TROJAN Trojan.Agent/Gen-OnlineGames Checkin (blog.163.com)
(trojan.rules)
  2806932 - ETPRO TROJAN Troj/Espion-AC Checkin (trojan.rules)
  2806933 - ETPRO TROJAN Worm.Win32/Mimail.E at mm CnC (TCP) (trojan.rules)
  2806934 - ETPRO TROJAN Worm.Win32/Mimail.E at mm CnC (ICMP) (trojan.rules)
  2806935 - ETPRO TROJAN Win32/Otwycal.A Checkin (trojan.rules)
  2806936 - ETPRO TROJAN win32.troj.shuazuan.a Checkin (trojan.rules)
  2806937 - ETPRO MOBILE_MALWARE Android.Trojan.FakeInst.BL Checkin
(mobile_malware.rules)
  2806938 - ETPRO TROJAN Trojan-Spy.Win32.Zbot.bopd Checkin (trojan.rules)
  2806939 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.c Checkin
(mobile_malware.rules)
  2806940 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Pincer.b Checkin
(mobile_malware.rules)


 [///]     Modified active rules:     [///]

  Open:
  2013744 - ET INFO DYNAMIC_DNS HTTP Request to a no-ip Domain (info.rules)
  2017115 - ET CURRENT_EVENTS Sweet Orange applet July 08 2013
(current_events.rules)

  Pro:
  2806914 - ETPRO TROJAN Worm.VBS.ayr Checkin 1 (trojan.rules)
  2806915 - ETPRO TROJAN Worm.VBS.ayr Checkin 2 (trojan.rules)
  2806923 - ETPRO TROJAN Trojan-Ransom.Win32.Blocker.cbvy IRC JOIN
(trojan.rules)


 [---]         Removed rules:         [---]
  2806910 - ETPRO TROJAN Trojan.Win32.Jorik.Skill.att Checkin (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20130829/e571e8d7/attachment.html>


More information about the Emerging-updates mailing list