[Emerging-updates] Daily Ruleset Update Summary 06/13/2013

Will Metcalf wmetcalf at emergingthreatspro.com
Thu Jun 13 12:22:37 HADT 2013


 [***]          Summary:          [***]

 5 new Pro rules. Updates for BlackHole and Sweet Orange EK's. etc.


 [+++]          Added rules:          [+++]

  Pro:
  2806507 - ETPRO TROJAN Win32/Injector.Autoit.P variant response
(trojan.rules)
  2806508 - ETPRO TROJAN Worm.Mydoom spreading via SMTP 10 (trojan.rules)
  2806509 - ETPRO TROJAN Backdoor.Win32.SdBot.baa CnC at IRC Channel
(trojan.rules)
  2806510 - ETPRO TROJAN Trojan.Heur.VP2.cm0 at aeaegnG Checkin (trojan.rules)
  2806511 - ETPRO TROJAN Win32/Delf.MT Checkin (trojan.rules)


 [///]     Modified active rules:     [///]

  Open:
  2015877 - ET CURRENT_EVENTS Blackhole 16/32-hex/a-z.php Landing Page URI
(current_events.rules)
  2016104 - ET TROJAN DNS Reply for unallocated address space - Potentially
Malicious 1.1.1.0/24 (trojan.rules)
  2016229 - ET CURRENT_EVENTS Blackhole 16/32-hex/a-z.php Jar Download
(current_events.rules)
  2016578 - ET TROJAN Dorkbot Loader Payload Request (trojan.rules)
  2016705 - ET CURRENT_EVENTS Sweet Orange applet with obfuscated URL April
01 2013 (current_events.rules)
  2016860 - ET CURRENT_EVENTS Sweet Orange Landing Page May 16 2013
(current_events.rules)

  Pro:
  2804817 - ETPRO TROJAN Win32/Autoit.NJT Checkin (trojan.rules)
  2806365 - ETPRO TROJAN PWS-Zbot-FEN!C447D364A9DA checkin (trojan.rules)
  2806503 - ETPRO TROJAN Win32/Injector.Autoit.P Checkin (trojan.rules)


 [///]    Modified inactive rules:    [///]

  2010377 - ET POLICY JBOSS/JMX port 80 access from outside (policy.rules)
  2017000 - ET TROJAN Connection to unallocated address space
1.1.1.0/24(trojan.rules)


 [---]  Disabled and modified rules:  [---]

  2010762 - ET WEB_SPECIFIC_APPS Possible Zenoss Cross Site Request Forgery
UserCommand Attempt (web_specific_apps.rules)
  2011881 - ET WEB_SPECIFIC_APPS Open Web Analytics mw_plugin.php IP
Parameter Remote File inclusion Attempt (web_specific_apps.rules)


 [---]         Disabled rules:        [---]

  2016563 - ET CURRENT_EVENTS Blackhole 16-hex/q.php Landing Page/Java
exploit URI (current_events.rules)
  2016564 - ET CURRENT_EVENTS Blackhole 16-hex/q.php Jar Download
(current_events.rules)
  2016971 - ET CURRENT_EVENTS Blackhole 32-hex/a.php Landing Page/Java
exploit URI (current_events.rules)
  2016972 - ET CURRENT_EVENTS Blackhole 32-hex/a.php Jar Download
(current_events.rules)
  2016973 - ET CURRENT_EVENTS Blackhole 16-hex/a.php Landing Page/Java
exploit URI (current_events.rules)
  2016974 - ET CURRENT_EVENTS Blackhole 16-hex/a.php Jar Download
(current_events.rules)


 [---]         Removed rules:         [---]

  2011474 - ET TROJAN FakeAV Checkin (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20130613/337f27c8/attachment.html>


More information about the Emerging-updates mailing list