[Emerging-updates] Daily Ruleset Update Summary 06/27/2013

Will Metcalf wmetcalf at emergingthreatspro.com
Thu Jun 27 15:59:53 HADT 2013


 [***]          Summary:          [***]

 3 new Open rules. 9 new Pro rules (3/6) Cool EK, Sweet Orange, etc.

 [+++]          Added rules:          [+++]

  Open:
  2017073 - ET CURRENT_EVENTS Cool Exploit Kit iframe with obfuscated Java
version check Jun 26 2013 (current_events.rules)
  2017074 - ET WEB_SPECIFIC_APPS MoinMoin twikidraw Action Traversal File
Upload (web_specific_apps.rules)
  2017075 - ET CURRENT_EVENTS Sweet Orange applet structure June 27 2013
 (current_events.rules)

  Pro:
  2806561 - ETPRO POLICY Ultrasurf Proxy Anonymizer TLS ClientHello Attempt
(policy.rules)
  2806562 - ETPRO MALWARE Win32.Airostor.A Checkin (malware.rules)
  2806563 - ETPRO TROJAN Worm.Win32.Shakblades.pty Checkin (trojan.rules)
  2806564 - ETPRO TROJAN Trojan.Win32.Agent.dxc / BDS/Singu.DY Checkin
(trojan.rules)
  2806565 - ETPRO TROJAN Win32/Reven.B Checkin (trojan.rules)
  2806566 - ETPRO TROJAN Win32/C2Lop.B Download (trojan.rules)


 [///]     Modified active rules:     [///]

  Open:
  2008369 - ET TROJAN Keylogger Crack by bahman (trojan.rules)
  2012136 - ET TROJAN Waledac 2.0/Storm Worm 3.0 GET request detected
(trojan.rules)
  2015482 - ET TROJAN ZeroAccess Outbound udp traffic detected
(trojan.rules)
  2016705 - ET CURRENT_EVENTS Sweet Orange applet with obfuscated URL April
01 2013 (current_events.rules)

  Pro:
  2802979 - ETPRO EXPLOIT HP OpenView NNM nnmRptconfig.exe schdParams and
nameParams Buffer Overflow (exploit.rules)
  2803801 - ETPRO ACTIVEX PIPI Player PIPIWebPlayer ActiveX Control Buffer
Overflow (activex.rules)
  2803968 - ETPRO ACTIVEX Oracle Hyperion Financial Management TList6
ActiveX Control Remote Code Execution (activex.rules)


 [///]    Modified inactive rules:    [///]

  2101378 - GPL FTP wu-ftp bad file completion attempt with brace
(ftp.rules)


 [---]  Disabled and modified rules:  [---]

  Open:
  2010497 - ET CURRENT_EVENTS Facebook Spam Inbound (1)
(current_events.rules)

  Pro:
  2800703 - ETPRO WEB_CLIENT RealNetworks RealPlayer Invalid Chunk Size
Heap Overflow (web_client.rules)
  2800704 - ETPRO WEB_CLIENT RealNetworks RealPlayer Invalid Chunk Size
Heap Overflow (web_client.rules)


 [---]         Disabled rules:        [---]

  2009701 - ET DOS DNS BIND 9 Dynamic Update DoS attempt (dos.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20130627/12163e23/attachment.html>


More information about the Emerging-updates mailing list