[Emerging-updates] Daily Ruleset Update Summary 06/25/2013

Will Metcalf wmetcalf at emergingthreatspro.com
Tue Jun 25 12:01:56 HADT 2013


 [***]            Summary              [***]

 2 new Open rules. 8 new Pro rules (2/6). PinkStats/Comisproc  moved from
Pro to Open.  BHEK, CoolEK, Pony, DotkaEK, etc.

 [+++]          Added rules:          [+++]

  Open:
  2017064 - ET CURRENT_EVENTS Cool/BHEK Applet with Alpha-Numeric Encoded
HTML entity (current_events.rules)
  2017065 - ET CURRENT_EVENTS Pony Loader default URI struct
(current_events.rules) (Tks Chris Libby!)

  Pro:
  2806551 - ETPRO TROJAN IRC bot Joining IRC Channel (trojan.rules)
  2806552 - ETPRO TROJAN IRC bot DDoS Command (trojan.rules)
  2806553 - ETPRO TROJAN Variant.Zusy.21790 Checkin (trojan.rules)
  2806554 - ETPRO TROJAN Trojan.Win32.Scar.ccum Checkin (trojan.rules)
  2806555 - ETPRO TROJAN Trojan.Win32.Scar.zfs Checkin (trojan.rules)
  2806557 - ETPRO TROJAN unknown GET Checkin (trojan.rules)


 [///]     Modified active rules:     [///]

  Open:
  2016427 - ET CURRENT_EVENTS CoolEK Possible Java Payload Download
(current_events.rules)
  2016796 - ET CURRENT_EVENTS Possible Java Applet JNLP
applet_ssv_validated in Base64 (current_events.rules)
  2016817 - ET CURRENT_EVENTS Possible Java Applet JNLP
applet_ssv_validated in Base64 2 (current_events.rules)
  2016818 - ET CURRENT_EVENTS Possible Java Applet JNLP
applet_ssv_validated in Base64 3 (current_events.rules)
  2017020 - ET CURRENT_EVENTS Dotka Chef EK exploit/payload URI request
(current_events.rules)

  Pro:
  2804285 - ETPRO TROJAN TrojanSpy.Win32/Bancos.AAI Reporting via SMTP
(trojan.rules)
  2806260 - ETPRO TROJAN Trojan-Downloader.Win32.FraudLoad.xsga Checkin
(trojan.rules)


 [///]    Modified inactive rules:    [///]

  2010762 - ET WEB_SPECIFIC_APPS Possible Zenoss Cross Site Request Forgery
UserCommand Attempt (web_specific_apps.rules)


 [-+-]         Moved rules:        [-+-]

  New:
  2017066 - ET TROJAN Win32/Comisproc Checkin (trojan.rules)
  2017067 - ET USER_AGENTS Suspicious user agent (Google page)
(user_agents.rules)

  Old:
  2802893 - ETPRO USER_AGENTS Suspicious user agent (Google page)
(user_agents.rules)
  2803830 - ETPRO TROJAN Win32/Comisproc Checkin (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20130625/598da457/attachment.html>


More information about the Emerging-updates mailing list