[Emerging-updates] Daily Ruleset Update Summary 06/11/2013

Will Metcalf wmetcalf at emergingthreatspro.com
Tue Jun 11 16:58:46 HADT 2013


 [***]          Summary:          [***]

 3 new Open rules. 25 new Pro rules. (3/22). MS Tuesday Coverage, Tobfy,
Kuluoz ,Redkit, etc.

MS Tuesday Coverage:

http://www.emergingthreats.net/2013/06/11/june-2013-microsoft-tuesday-coverage/

 [+++]          Added rules:          [+++]

  Open:
  2017002 - ET CURRENT_EVENTS Kuluoz.B Shipping Label Spam Campaign
(current_events.rules)
  2017003 - ET CURRENT_EVENTS Kuluoz.B Spam Campaign Shipment_Label.exe in
Zip (current_events.rules)
  2017004 - ET TROJAN Win32/Tobfy.S (trojan.rules)

  Pro:
  2806477 - ETPRO CURRENT_EVENTS Possible Microsoft Office PNG overflow
attempt invalid tEXt chunk length (current_events.rules)
  2806478 - ETPRO EXPLOIT CVE-2013-1331 Microft Office PNG Exploit
plugin-detect script access (exploit.rules)
  2806479 - ETPRO EXPLOIT CVE-2013-1331 Microft Office PNG Exploit
plugin-detect script access (exploit.rules)
  2806480 - ETPRO EXPLOIT CVE-2013-1331 Microft Office PNG Exploit Specific
(exploit.rules)
  2806481 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use-After-Free
(web_client.rules)
  2806482 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use-After-Free
(web_client.rules)
  2806483 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use-After-Free
(web_client.rules)
  2806484 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use-After-Free
(web_client.rules)
  2806485 - ETPRO WEB_CLIENT Internet Explorer Double Free CVE-2013-3118
(web_client.rules)
  2806486 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use-After-Free
(web_client.rules)
  2806487 - ETPRO WEB_CLIENT Interent Explorer Use-After-Free CVE-2013-3120
(web_client.rules)
  2806488 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use-After-Free
(web_client.rules)
  2806489 - ETPRO WEB_CLIENT Interent Explorer onscroll CVE-2013-3123
(web_client.rules)
  2806490 - ETPRO WEB_CLIENT Interent Explorer onscroll CVE-2013-3123
(web_client.rules)
  2806491 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use-After-Free
(web_client.rules)
  2806492 - ETPRO TROJAN Win32/TrojanDownloader.Banload.RVP Checkin 1
(trojan.rules)
  2806493 - ETPRO TROJAN Win32/TrojanDownloader.Banload.RVP Checkin 2
(trojan.rules)
  2806494 - ETPRO TROJAN Heur.Bodegun.1 Checkin (trojan.rules)
  2806495 - ETPRO TROJAN Trojan-Downloader.Win32.VB.gzui Checkin
(trojan.rules)
  2806496 - ETPRO TROJAN Unknown checkin (trojan.rules)
  2806497 - ETPRO MALWARE Adware.Ebiz.K checkin (malware.rules)
  2806498 - ETPRO TROJAN Win32/SniperSpy Checkin 2 (trojan.rules)


 [///]     Modified active rules:     [///]

  2003408 - ET TROJAN Zhelatin Variant Checkin (trojan.rules)
  2008523 - ET TROJAN Proxy.Win32.Fackemo.g/Katusha/FakeAlert Checkin
(trojan.rules)
  2012279 - ET CURRENT_EVENTS SpyEye HTTP Library Checkin
(current_events.rules)
  2014726 - ET POLICY Outdated Windows Flash Version IE (policy.rules)
  2014727 - ET POLICY Outdated Mac Flash Version (policy.rules)
  2015808 - ET TROJAN Taidoor Checkin (trojan.rules)
  2016588 - ET CURRENT_EVENTS Redkit Jar Naming Pattern March 03 2013
(current_events.rules)

 [-+-]         Moved rules:         [-+-]

   New:
  2008754 - ET TROJAN Possible Rar'd Malware sent when remote host claims
to send an Image (trojan.rules)
  2009909 - ET TROJAN Possible Windows executable sent when remote host
claims to send HTML/CSS Content (trojan.rules)
  2012707 - ET TROJAN Suspicious double Server Header (trojan.rules)
  2013441 - ET TROJAN EXE Download When Server Claims To Send Audio File -
Must Be Win32 (trojan.rules)
  2806475 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Obad.a Checkin
(mobile_malware.rules)


  Old:
  2008754 - ET MALWARE Possible Rar'd Malware sent when remote host claims
to send an Image (malware.rules)
  2009909 - ET MALWARE Possible Windows executable sent when remote host
claims to send HTML/CSS Content (malware.rules)
  2012707 - ET CURRENT_EVENTS Suspicious double HTTP Header possible botnet
CnC (current_events.rules)
  2013441 - ET MALWARE EXE Download When Server Claims To Send Audio File -
Must Be Win32 (malware.rules)
  2806475 - ETPRO TROJAN Backdoor.AndroidOS.Obad.a Checkin (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20130611/b923ca85/attachment.html>


More information about the Emerging-updates mailing list