[Emerging-updates] Daily Ruleset Update Summary 06/05/2013

Will Metcalf wmetcalf at emergingthreatspro.com
Wed Jun 5 17:29:49 HADT 2013


[***]         Summary:          [***]

9 new Open rules. 13 new Pro rules (9/4). Plesk 0-day, PHP config options
in uri, BHEK, CoolEK, etc.

[+++]          Added rules:          [+++]

  Open:
  2016976 - ET CURRENT_EVENTS CoolEK Payload Download (9)
(current_events.rules)
  2016977 - ET WEB_SERVER allow_url_include PHP config option in uri
(web_server.rules)
  2016978 - ET WEB_SERVER safe_mode PHP config option in uri
(web_server.rules)
  2016979 - ET WEB_SERVER suhosin.simulation PHP config option in uri
(web_server.rules)
  2016980 - ET WEB_SERVER disable_functions PHP config option in uri
(web_server.rules)
  2016981 - ET WEB_SERVER open_basedir PHP config option in uri
(web_server.rules)
  2016982 - ET WEB_SERVER auto_prepend_file PHP config option in uri
(web_server.rules)
  2016983 - ET WEB_SERVER Access to /phppath/php Possible Plesk 0-day
Exploit June 05 2013 (web_server.rules)
  2016984 - ET CURRENT_EVENTS BlackHole EK Initial Gate from Linked-In
Mailing Campaign (current_events.rules)

  Pro:
  2806455 - ETPRO MALWARE RiskTool.Win32.IMEStartup.ah Checkin
(malware.rules)
  2806456 - ETPRO TROJAN Win32/Ramnit Checkin (trojan.rules)
  2806457 - ETPRO TROJAN Trojan.Win32.Alyak Checkin (trojan.rules)
  2806458 - ETPRO TROJAN W32/Zbot.ANQ!tr Checkin 2 (trojan.rules)


 [///]     Modified active rules:     [///]

  Open:
  2016060 - ET CURRENT_EVENTS CoolEK - Jar - Jun 05 2013
(current_events.rules)

  Pro:
  2806404 - ETPRO TROJAN Trojan-Banker.Win32.Agent.phl Checkin
(trojan.rules)


 [---]  Disabled and modified rules:  [---]

  2002947 - ET GAMES PunkBuster Server webkey Buffer Overflow (games.rules)


 [---]         Removed rules:         [---]

  Open:
  2012183 - ET SCAN Possible Open SIP Relay scanner Fake Eyebeam User-Agent
Detected (scan.rules)

  Pro:
  2804638 - ETPRO TROJAN Win32.Worm.IM.T CnC traffic (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20130605/8ff96d48/attachment.html>


More information about the Emerging-updates mailing list