[Emerging-updates] Daily Ruleset Update Summary 02/26/2013

Will Metcalf wmetcalf at emergingthreatspro.com
Tue Feb 26 14:20:00 HAST 2013


[***]          Summary:          [***]

4 new Open rules. 13 new Pro rules (4/9).

W32/Caphaw, Serialized Applet, Zbot Varient, CoolEK/Brobot updates etc.

[+++]          Added rules:          [+++]

  Open:
  2016507 - ET TROJAN W32/Caphaw Requesting Additional Modules From CnC
(trojan.rules)
  2016508 - ET TROJAN W32/Caphaw CnC Configuration File Request
(trojan.rules)
  2016509 - ET CURRENT_EVENTS Unknown Trojan Fake MSIE 6.0 UA
(current_events.rules)
  2016510 - ET INFO Serialized Java Applet (Used by some EKs in the Wild)
(info.rules)

  Pro:
  2806049 - ETPRO TROJAN Trojan-Downloader.Win32.Small.fg Checkin
(trojan.rules)
  2806050 - ETPRO TROJAN W32/Zbot.ANM!tr Checkin (trojan.rules)
  2806051 - ETPRO MALWARE Adware.Statblaster.T Checkin (malware.rules)
  2806052 - ETPRO MALWARE Adware.Shopper.323 Checkin (malware.rules)
  2806053 - ETPRO MALWARE ADWARE/InstallCore.Gen Checkin (malware.rules)
  2806054 - ETPRO MALWARE Adware.AdMatching Checkin (malware.rules)
  2806055 - ETPRO TROJAN Trojan.Win32.Jorik.Zegost.kju Checkin
(trojan.rules)
  2806056 - ETPRO TROJAN Trojan-Downloader.Win32.Small.fg Response
(trojan.rules)
  2806057 - ETPRO POLICY 4shared SSL Certificate detected (policy.rules)


 [///]     Modified active rules:     [///]

  2014726 - ET POLICY Outdated Windows Flash Version IE (policy.rules)
  2014727 - ET POLICY Outdated Mac Flash Version (policy.rules)
  2016058 - ET CURRENT_EVENTS CoolEK - New PDF Exploit - Dec 18 2012
(current_events.rules)
  2016059 - ET CURRENT_EVENTS CoolEK - Old PDF Exploit - Dec 18 2012
(current_events.rules)
  2016212 - ET CURRENT_EVENTS BroBot POST (current_events.rules)
  2016278 - ET CURRENT_EVENTS CoolEK - New PDF Exploit - Jan 24 2013
(current_events.rules)
  2016494 - ET INFO Serialized Java Applet (Used by some EKs in the Wild)
(info.rules)

 [---]         Removed rules:         [---]

  2002765 - ET MALWARE Corpsespyware.net BlackListed Malicious Domain -
google.vc (malware.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20130226/51f55958/attachment.html>


More information about the Emerging-updates mailing list