[Emerging-updates] Daily Ruleset Update Summary 10/17/2013

Francis Trudeau ftrudeau at emergingthreats.net
Thu Oct 17 12:46:04 HADT 2013


[***]          Summary:          [***]

Added 5 pro and 13 open rules.  Several EK, ActiveX and vBulletin sigs.

[+++]          Added rules:          [+++]

Pro:

  2807124 - ETPRO TROJAN Win32/Linfo.A Checkin (trojan.rules)
  2807125 - ETPRO ACTIVEX Possible Siemens Solid Edge ST4 SEListCtrlX
ActiveX Remote Code Execution 1 (activex.rules)
  2807126 - ETPRO ACTIVEX Possible Siemens Solid Edge ST4 SEListCtrlX
ActiveX Remote Code Execution 2 (activex.rules)
  2807127 - ETPRO ACTIVEX Possible Siemens Solid Edge ST4 SEListCtrlX
ActiveX Remote Code Execution 3 (activex.rules)
  2807128 - ETPRO ACTIVEX Possible Siemens Solid Edge ST4 SEListCtrlX
ActiveX Remote Code Execution 4 (activex.rules)

Open:

  2017601 - ET CURRENT_EVENTS Nuclear EK CVE-2013-2551 IE Exploit URI
Struct (current_events.rules)
  2017602 - ET CURRENT_EVENTS Magnitude EK - Landing Page - Java ClassID
and 32/32 archive Oct 16 2013 (current_events.rules)
  2017603 - ET CURRENT_EVENTS Magnitude EK (formerly Popads) Java Exploit
32-32 byte hex java payload request Oct 16 2013 (current_events.rules)
  2017604 - ET WEB_SERVER PHP WebShell Embedded In GIF (OUTBOUND)
(web_server.rules)
  2017605 - ET WEB_SERVER PHP WebShell Embedded In JPG (OUTBOUND)
(web_server.rules)
  2017606 - ET WEB_SERVER PHP WebShell Embedded In PNG (OUTBOUND)
(web_server.rules)
  2017607 - ET WEB_SERVER PHP WebShell Embedded In GIF (INBOUND)
(web_server.rules)
  2017608 - ET WEB_SERVER PHP WebShell Embedded In JPG (INBOUND)
(web_server.rules)
  2017609 - ET WEB_SERVER PHP WebShell Embedded In PNG (INBOUND)
(web_server.rules)
  2017610 - ET WEB_SERVER vBulletin Administrator Injection Attempt
(web_server.rules)
  2017611 - ET WEB_SPECIFIC_APPS Oracle JSF2 Path Traversal Attempt
(web_specific_apps.rules)
  2017612 - ET TROJAN Kelihos p2p traffic detected via byte_test
(trojan.rules)
  2017613 - ET CURRENT_EVENTS Possible Magnitude EK (formerly Popads) IE
Exploit with IE UA Oct 16 2013 (current_events.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20131017/c048c680/attachment.html>


More information about the Emerging-updates mailing list