[Emerging-updates] Daily Ruleset Update Summary 06/26/2013

Will Metcalf wmetcalf at emergingthreatspro.com
Wed Jun 26 17:32:30 HADT 2013


 [***]         Summary:          [***]

 5 new Open rules. 8 new Pro rules (5/3). CoolEK, BHEK, Dotka Chef,
Neutrino, etc.

 [+++]          Added rules:          [+++]

  Open:
  2017068 - ET CURRENT_EVENTS Neutrino Exploit Kit Redirector To Landing
Page (current_events.rules) (Tks Kevin Ross)
  2017069 - ET CURRENT_EVENTS Neutrino Exploit Kit Clicker.php TDS
(current_events.rules) (Tks Kevin Ross)
  2017070 - ET CURRENT_EVENTS Applet tag in jjencode as (as seen in Dotka
Chef EK) (current_events.rules)
  2017071 - ET CURRENT_EVENTS Neutrino Exploit Kit XOR decodeURIComponent
(current_events.rules) (Tks Kevin Ross)
  2017072 - ET CURRENT_EVENTS Blackhole/Cool plugindetect in octal Jun 26
2013 (current_events.rules)

  Pro:
  2806558 - ETPRO TROJAN Worm.Win32.Luder.wja spreading via SMTP
(trojan.rules)
  2806559 - ETPRO TROJAN Win32/Virut.Z Checkin (trojan.rules)
  2806560 - ETPRO TROJAN Win32/Agent.PRY Checkin (trojan.rules)


 [///]     Modified active rules:     [///]

  Open:
  2016414 - ET CURRENT_EVENTS CoolEK Payload Download (5)
(current_events.rules)
  2016870 - ET POLICY Unsupported/Fake Internet Explorer Version MSIE 5.
(policy.rules)
  2017055 - ET CURRENT_EVENTS AryaN IRC bot CnC1 (current_events.rules)
  2017058 - ET CURRENT_EVENTS AryaN IRC bot Flood command
(current_events.rules)
  2017059 - ET CURRENT_EVENTS AryaN IRC bot Botkill command
(current_events.rules)

  Pro:
  2805354 - ETPRO  POLICY SUSPICIOUS POST to a zip file (trojan.rules)
  2806343 - ETPRO TROJAN Win32.Coced Reporting via SMTP (trojan.rules)
  2806526 - ETPRO TROJAN Trojan.Win32.Swrort.A Checkin Response
(trojan.rules)
  2806545 - ETPRO TROJAN Win32.Coced Reporting via SMTP 2 (trojan.rules)


 [---]         Moved rules:         [---]

  New:
  2016837 - ET TROJAN Alina Checkin (trojan.rules)
  2016838 - ET TROJAN Alina User-Agent(Alina) (trojan.rules)
  2806469 - ETPRO TROJAN Alina Checkin 2 (trojan.rules)

  Old:
  2016837 - ET MALWARE Alina Checkin (malware.rules)
  2016838 - ET MALWARE Alina User-Agent(Alina) (malware.rules)
  2806469 - ETPRO MALWARE Alina Checkin 2 (malware.rules)

 [---]         Removed rules:         [---]

  2806166 - ETPRO TROJAN Win32/Kanav.F / Win32/Alyak.F Checkin
(trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20130626/5ae13d76/attachment.html>


More information about the Emerging-updates mailing list