[Emerging-updates] Daily Ruleset Update Summary 02/15/2013

Will Metcalf wmetcalf at emergingthreatspro.com
Fri Feb 15 18:21:39 HAST 2013


[***]          Summary:          [***]

10 new Open rules 11 new Pro rules (10/1) CoolEK, More Sinkhole sigs,
Vundo, DNS Amplification attack updates etc.

2016414  CoolEK update
2016415 - 2016416 PHP code in User-Agent.
http://blog.spiderlabs.com/2013/02/honeypot-alert-user-agent-field-php-injection-attacks.html
2016417 Vundo
2016418 - 2016423 Various Sinkholes. http://virustracker.info

2806030 Daily Pro Trojan Coverage.

[+++]          Added rules:          [+++]

 Open:
 2016414 - ET CURRENT_EVENTS CoolEK Payload Download (5)
(current_events.rules)
 2016415 - ET WEB_SERVER PHP tag in UA (web_server.rules)
 2016416 - ET WEB_SERVER base64_decode in UA (web_server.rules)
 2016417 - ET TROJAN W32/Vundo.Downloader Reporting User Website Session
Information (trojan.rules)
 2016418 - ET DNS Reply Sinkhole - Dr. Web (dns.rules)
 2016419 - ET DNS Reply Sinkhole - Zinkhole.org (dns.rules)
 2016420 - ET DNS Reply Sinkhole - German Company (dns.rules)
 2016421 - ET DNS Reply Sinkhole - 1and1 Internet AG (dns.rules)
 2016422 - ET DNS Reply Sinkhole - Georgia Tech (1) (dns.rules)
 2016423 - ET DNS Reply Sinkhole - Georgia Tech (2) (dns.rules)

 Pro:
 2806030 - ETPRO TROJAN Trojan-Dropper.Win32.Dapato.azue Checkin
(trojan.rules)


[///]     Modified active rules:     [///]

 2011120 - ET MALWARE User-Agent (Save) (malware.rules)
 2016016 - ET CURRENT_EVENTS DNS Amplification Attack Inbound
(current_events.rules)
 2016017 - ET CURRENT_EVENTS DNS Amplification Attack Outbound
(current_events.rules)


[///]    Modified inactive rules:    [///]

 2804603 - ETPRO TROJAN Lethic.B XOR key (trojan.rules)
 2001293 - ET DELETED Featured-Results.com Agent Reporting Data
(emerging-deleted.rules)

[-+-]         Moved rules:         [-+-]

 New:
 2016424 - ET TROJAN Win32/Vundo.OD Checkin (trojan.rules)

 Old:
 2804187 - ETPRO TROJAN Win32/Vundo.OD Checkin (trojan.rules)


[---]         Removed rules:         [---]

 2001596 - ET POLICY Skype VOIP Reporting Install (emerging-policy.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20130215/c08e65c9/attachment.html>


More information about the Emerging-updates mailing list