[Emerging-updates] Daily Ruleset Update Summary 02/25/2013

Will Metcalf wmetcalf at emergingthreatspro.com
Mon Feb 25 13:04:34 HAST 2013


[***]          Summary:          [***]

14 new Open rules. 18 new Pro rules (14/4).

2016494,2016502-2016505  Java Serialized Applet Activity seen used in
CVE-2013-0431.
2016495,2016506 g01pack Jar updates.
2016496 Gememo Ransomeware
2016497- 2016499 Sytx EK updates
2016500 NicePack EK
2016501 Webshell
2806045 - 2806048 ETPRO Daily TROJAN/MALWARE rules.


[+++]          Added rules:          [+++]

  Open:
  2016494 - ET INFO Serialized Java Applet (Used by some EKs in the Wild)
(info.rules)
  2016495 - ET CURRENT_EVENTS Exploit Kit Java .psd download
(current_events.rules)
  2016496 - ET TROJAN Gimemo Ransomware Checkin (trojan.rules)
  2016497 - ET CURRENT_EVENTS StyX Landing Page (2) (current_events.rules)
  2016498 - ET CURRENT_EVENTS Styx Exploit Kit Landing Applet With Payload
(current_events.rules)
  2016499 - ET CURRENT_EVENTS Styx Exploit Kit Java Payload Download
(current_events.rules)
  2016500 - ET CURRENT_EVENTS Possible Nicepack EK Landing (Anti-VM)
(current_events.rules)
  2016501 - ET WEB_SERVER WebShell - zecmd - Form (web_server.rules)
  2016502 - ET INFO Java Serialized Data via vulnerable client (info.rules)
  2016503 - ET INFO Java Serialized Data (info.rules)
  2016504 - ET INFO Serialized Data request (info.rules)
  2016505 - ET INFO file possibly containing Serialized Data file
(info.rules)
  2016506 - ET CURRENT_EVENTS Exploit Kit Java jpeg download
(current_events.rules)

  Pro:
  2806045 - ETPRO TROJAN Trojan-Dropper.Win32.ZomJoiner.b reporting via ICQ
WWW script (trojan.rules)
  2806046 - ETPRO TROJAN Win32/Ponmocup.GA Checkin (trojan.rules)
  2806047 - ETPRO MALWARE
Win32/Adware.Kraddare.CX<http://adware.kraddare.cx/> Checkin
(malware.rules)
  2806048 - ETPRO TROJAN Hoax.Win32.Renos.vg
<http://hoax.win32.renos.vg/> Checkin
(trojan.rules)


 [///]     Modified active rules:     [///]

  2011582 - ET POLICY Vulnerable Java Version 1.6.x Detected (policy.rules)
  2016333 - ET CURRENT_EVENTS Possible g01pack Landing Page
(current_events.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20130225/4b0f14e6/attachment.html>


More information about the Emerging-updates mailing list