[Emerging-updates] Daily Ruleset Update Summary 04/06/2013

Will Metcalf wmetcalf at emergingthreatspro.com
Wed Feb 6 16:37:20 HAST 2013


[***]          Summary:          [***]

9 new Open rules. 11 new Pro rules (9/2). CritiX, Miniupnpd, ZeroAccess,
INFO sig for Java via CLSID (might make a lot of noise depending ENV so
disabled if needed).

 2016356-2016357,2016365 CritiXPack
 2016358 ZeroAccess
 2016359 Fake Postal Receipt making the rounds
 2016360 - 2016361 Java CLSID
 2016363 - 2016364 Miniupnpd vulns

 2805986 - 2805987 Daily Pro WEB_SPECIFC_APPS/TROJAN coverage.

 [+++]          Added rules:          [+++]

  Open:
  2016356 - ET CURRENT_EVENTS CritXPack - Landing Page - Received
(current_events.rules)
  2016357 - ET CURRENT_EVENTS CritXPack - URI - jpfoff.php
(current_events.rules)
  2016358 - ET TROJAN W32/ZeroAccess Counter.img CnC Beacon (trojan.rules)
  2016359 - ET TROJAN Request for fake postal receipt from e-mail link
(trojan.rules)
  2016360 - ET INFO JAVA - ClassID (info.rules)
  2016361 - ET INFO JAVA - ClassID (info.rules)
  2016363 - ET DOS Miniupnpd M-SEARCH Buffer Overflow CVE-2013-0229
(dos.rules)
  2016364 - ET DOS CVE-2013-0230 Miniupnpd SoapAction MethodName Buffer
Overflow (dos.rules)
  2016365 - ET CURRENT_EVENTS CritXPack Jar Request (3)
(current_events.rules)

  Pro:
  2805986 - ETPRO TROJAN Kelihos Fake UA (trojan.rules)
  2805987 - ETPRO WEB_SPECIFIC_APPS CK/FckEditor RCE Attempt
(web_specific_apps.rules)


 [///]     Modified active rules:     [///]

  2000334 - ET P2P BitTorrent peer sync (p2p.rules)
  2013936 - ET POLICY SSH banner detected on TCP 443 likely proxy evasion
(policy.rules)
  2016316 - ET TROJAN W32/StartPage.eba Dropper Checkin (trojan.rules)
  2016343 - ET MOBILE_MALWARE Android TrojanFakeLookout.A
(mobile_malware.rules)
  2016344 - ET MOBILE_MALWARE Android/Fakelash.A!tr.spy Checkin
(mobile_malware.rules)
  2016345 - ET MOBILE_MALWARE DroidKungFu Variant (mobile_malware.rules)

 [---]         Removed rules:         [---]

  2805340 - ETPRO NETBIOS filename argument injection - SMB and SMB-DS
Unicode (netbios.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20130206/8321ede2/attachment.html>


More information about the Emerging-updates mailing list