[Emerging-updates] Daily Ruleset Update Summary 08/30/2013

Will Metcalf wmetcalf at emergingthreatspro.com
Fri Aug 30 17:02:48 HADT 2013


 [***]          Summary:          [***]

 7 new Open rules. 10 new Pro rules (7/3). Webshell Eval of encoded string,
NjW0rm, etc. Thanks to Kevin Ross and my most favorite heating engineer
Harry Tuttle.

 [+++]          Added rules:          [+++]

  Open:
  2017398 - ET POLICY Internal Host Retrieving External IP via
icanhazip.com- Possible Infection (policy.rules)
  2017399 - ET WEB_SERVER WebShell Generic eval of base64_decode
(web_server.rules)
  2017400 - ET WEB_SERVER WebShell Generic eval of gzinflate
(web_server.rules)
  2017401 - ET WEB_SERVER WebShell Generic eval of str_rot13
(web_server.rules)
  2017402 - ET WEB_SERVER WebShell Generic eval of gzuncompress
(web_server.rules)
  2017403 - ET WEB_SERVER WebShell Generic eval of convert_uudecode
(web_server.rules)
  2017404 - ET WORM W32/Njw0rm CnC Beacon (worm.rules)

  Pro:
  2806941 - ETPRO TROJAN Lethic.B XOR Key 2 (trojan.rules)
  2806942 - ETPRO TROJAN Trojan-Ransom.Win32.PornoAsset Checkin
(trojan.rules)
  2806943 - ETPRO TROJAN Win32/Nefyn.A POST (trojan.rules)


 [///]     Modified active rules:     [///]

  Open:
  2015782 - ET CURRENT_EVENTS Popads/Other Java Exploit Kit 32-32 byte hex
hostile jar (current_events.rules)
  2017115 - ET CURRENT_EVENTS Sweet Orange applet July 08 2013
(current_events.rules)

  Pro:
  2806149 - ETPRO MOBILE_MALWARE AndroidOS.Ansaca.A Checkin
(mobile_malware.rules)
  2806181 - ETPRO TROJAN W32/Jorik_Vobfus.KMJ!tr Checkin (trojan.rules)


 [///]    Modified inactive rules:    [///]

  2804603 - ETPRO TROJAN Lethic.B XOR key 1 (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20130830/7faa3221/attachment.html>


More information about the Emerging-updates mailing list