[Emerging-updates] Daily Ruleset Update Summary 02/04/2013

Will Metcalf wmetcalf at emergingthreatspro.com
Mon Feb 4 07:46:41 HAST 2013


 [***]          Summary:          [***]

7 new Open rules. 12 new Pro rules (7/5) StillSecure, Detection updates for
CoolEK, JDB, Redkit, and Java Vulnerable version. Might have another
release today but wanted to get these detection updates out early.

 [+++]          Added rules:          [+++]

  Open:
  2016334 - ET WEB_SPECIFIC_APPS OSClass file Parameter Remote File Access
Attempt (web_specific_apps.rules)
  2016335 - ET WEB_SPECIFIC_APPS OSClass id parameter data access Attempt 1
(web_specific_apps.rules)
  2016336 - ET WEB_SPECIFIC_APPS OSClass id parameter data access Attempt 2
(web_specific_apps.rules)
  2016337 - ET WEB_SPECIFIC_APPS WordPress Chocolate WP Theme src Cross
Site Scripting Attempt (web_specific_apps.rules)
  2016338 - ET WEB_SPECIFIC_APPS WordPress Chocolate WP Theme src Remote
File Inclusion Attempt (web_specific_apps.rules)
  2016339 - ET WEB_SPECIFIC_APPS CMSQLITE id parameter Cross Site Scripting
Attempt (web_specific_apps.rules)
  2016340 - ET WEB_SPECIFIC_APPS CMSQLITE mediaAdmin.php file Local File
Inclusion Attempt (web_specific_apps.rules)

  Pro:
  2805977 - ETPRO MALWARE Internet Optimizer Checkin (malware.rules)
  2805978 - ETPRO MOBILE_MALWARE Android/AndroidArmour.A Checkin
(mobile_malware.rules)
  2805979 - ETPRO TROJAN W32/Injector.VQV!tr Checkin (trojan.rules)
  2805980 - ETPRO TROJAN jinjin CnC Init (trojan.rules)
  2805981 - ETPRO TROJAN jinjin CnC Init Completed (trojan.rules)


 [///]     Modified active rules:     [///]

  2011582 - ET POLICY Vulnerable Java Version 1.6.x Detected (policy.rules)
  2014297 - ET POLICY Vulnerable Java Version 1.7.x Detected (policy.rules)
  2015858 - ET CURRENT_EVENTS Sakura/RedKit obfuscated URL
(current_events.rules)
  2016057 - ET CURRENT_EVENTS CoolEK Font File Download Dec 18 2012
(current_events.rules)
  2016058 - ET CURRENT_EVENTS CoolEK - New PDF Exploit - Dec 18 2012
(current_events.rules)
  2016059 - ET CURRENT_EVENTS CoolEK - Old PDF Exploit - Dec 18 2012
(current_events.rules)
  2016060 - ET CURRENT_EVENTS CoolEK - Jar - Dec 18 2012
(current_events.rules)
  2016221 - ET CURRENT_EVENTS CoolEK Payload Download (current_events.rules)
  2016278 - ET CURRENT_EVENTS CoolEK - New PDF Exploit - Jan 24 2013
(current_events.rules)
  2016279 - ET CURRENT_EVENTS CoolEK Payload Download (2)
(current_events.rules)
  2016280 - ET CURRENT_EVENTS CoolEK Payload Download (3)
(current_events.rules)
  2016309 - ET CURRENT_EVENTS JDB Exploit Kit JAR Download
(current_events.rules)

 [---]         Removed rules:         [---]

  2002728 - ET TROJAN Ranky or variant backdoor communication ping
(trojan.rules)
  2014189 - ET CURRENT_EVENTS Likely Blackhole Exploit Kit Driveby ?id
Download Secondary Request (current_events.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20130204/b578ee9f/attachment.html>


More information about the Emerging-updates mailing list