[Emerging-updates] Daily Ruleset Update Summary 10/02/2013

Francis Trudeau ftrudeau at emergingthreats.net
Wed Oct 2 15:01:59 HADT 2013


 [***] Summary: [***]

3 new rules.  HiMan, BHEK, DotkaChef.  Thanks to Nathan Fowler and @kafeine.

 [+++]          Added rules:          [+++]

  2017553 - ET CURRENT_EVENTS HiMan EK Reporting Host/Exploit Info
(current_events.rules)
  2017554 - ET CURRENT_EVENTS BHEK Payload Download (java only alternate
method may overlap with 2017454) (current_events.rules)
  2017555 - ET CURRENT_EVENTS DotkaChef EK initial landing from Oct 02
2013 mass-site
compromise EK campaign (current_events.rules)


 [///]     Modified active rules:     [///]

  2004529 - ET WEB_SPECIFIC_APPS AJ Auction SQL Injection Attempt --
subcat.php cate_id SELECT (web_specific_apps.rules)
  2004530 - ET WEB_SPECIFIC_APPS AJ Auction SQL Injection Attempt --
subcat.php cate_id UNION SELECT (web_specific_apps.rules)
  2004531 - ET WEB_SPECIFIC_APPS AJ Auction SQL Injection Attempt --
subcat.php cate_id INSERT (web_specific_apps.rules)
  2004532 - ET WEB_SPECIFIC_APPS AJ Auction SQL Injection Attempt --
subcat.php cate_id DELETE (web_specific_apps.rules)
  2004533 - ET WEB_SPECIFIC_APPS AJ Auction SQL Injection Attempt --
subcat.php cate_id ASCII (web_specific_apps.rules)
  2004534 - ET WEB_SPECIFIC_APPS AJ Auction SQL Injection Attempt --
subcat.php cate_id UPDATE (web_specific_apps.rules)
  2004535 - ET WEB_SPECIFIC_APPS AJDating SQL Injection Attempt --
view_profile.php user_id SELECT (web_specific_apps.rules)
  2004536 - ET WEB_SPECIFIC_APPS AJDating SQL Injection Attempt --
view_profile.php user_id UNION SELECT (web_specific_apps.rules)
  2004537 - ET WEB_SPECIFIC_APPS AJDating SQL Injection Attempt --
view_profile.php user_id INSERT (web_specific_apps.rules)
  2004538 - ET WEB_SPECIFIC_APPS AJDating SQL Injection Attempt --
view_profile.php user_id DELETE (web_specific_apps.rules)
  2004539 - ET WEB_SPECIFIC_APPS AJDating SQL Injection Attempt --
view_profile.php user_id ASCII (web_specific_apps.rules)
  2004540 - ET WEB_SPECIFIC_APPS AJDating SQL Injection Attempt --
view_profile.php user_id UPDATE (web_specific_apps.rules)
  2004541 - ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt --
postingdetails.php postingid SELECT (web_specific_apps.rules)
  2017297 - ET CURRENT_EVENTS Possible CritX/SafePack/FlashPack EXE
Download (current_events.rules)
  2017416 - ET CURRENT_EVENTS BlackHole EK Variant PDF Download
(current_events.rules)
  2017454 - ET CURRENT_EVENTS BlackHole EK Payload Download Sep 11 2013
(current_events.rules)
  2017552 - ET CURRENT_EVENTS Cushion Redirection (current_events.rules)
  2402000 - ET DROP Dshield Block Listed Source (dshield.rules)


 [---]  Disabled and modified rules:  [---]

  2017076 - ET CURRENT_EVENTS BlackHole EK Variant Payload Download
(current_events.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20131002/4ab57c23/attachment.html>


More information about the Emerging-updates mailing list