[Emerging-updates] Daily Ruleset Update Summary 09/17/2013

Will Metcalf wmetcalf at emergingthreatspro.com
Wed Sep 18 14:24:15 HADT 2013


[***]          Summary:          [***]

2 new Open. 6 new Pro (2/4). BHEK updates. Styx/BHEK redirects. Popads EK
sigs renamed to Magnitude EK "pop pop" due to the fact that Popads being a
legit ad network.  Thanks Eoin, @kafeine, all.

[+++]          Added rules:          [+++]

 Open:
  2017481 - ET CURRENT_EVENTS BlackHole initial landing/gate
(current_events.rules)
  2017482 - ET CURRENT_EVENTS DRIVEBY Styx - TDS - Redirect To Landing Page
(current_events.rules)

  Pro:
  2807044 - ETPRO TROJAN Win32/Banker.AKE Checkin (trojan.rules)
  2807045 - ETPRO TROJAN Trojan.Win32.Agent.aapnf Report via SMTP
(trojan.rules)
  2807046 - ETPRO TROJAN Worm.Win32/Chiviper.C Checkin (trojan.rules)
  2807047 - ETPRO TROJAN Backdoor.Win32.GF.13x.A Response (trojan.rules)


 [///]     Modified active rules:     [///]

  Open:
  2005322 - ET MALWARE Spylocked Fake Anti-Spyware User-Agent (SpyLocked)
(malware.rules)
  2015482 - ET TROJAN ZeroAccess Outbound udp traffic detected
(trojan.rules)
  2015782 - ET CURRENT_EVENTS Magnitude EK (formerly Popads) Other Java
Exploit Kit 32-32 byte hex hostile jar (current_events.rules)
  2015888 - ET CURRENT_EVENTS Magnitude EK (formerly Popads) Java Exploit
Kit 32-32 byte hex java payload request (current_events.rules)
  2015901 - ET CURRENT_EVENTS Magnitude EK (formerly Popads) - Landing Page
- Java ClassID and 32HexChar.jar (current_events.rules)
  2016065 - ET CURRENT_EVENTS Magnitude EK (formerly Popads) Embedded Open
Type Font file .eot (current_events.rules)
  2016155 - ET CURRENT_EVENTS Magnitude EK (formerly Popads) - Font Exploit
- 32HexChar.eot (current_events.rules)
  2016798 - ET CURRENT_EVENTS Magnitude EK (formerly Popads) Java JNLP
Requested (current_events.rules)
  2016799 - ET CURRENT_EVENTS Magnitude EK (formerly Popads) Flash Exploit
Requested (current_events.rules)
  2017140 - ET CURRENT_EVENTS Possible Blackhole EK Jar Download URI Struct
(current_events.rules)
  2017454 - ET CURRENT_EVENTS BlackHole EK Payload Download Sep 11 2013
(current_events.rules)

  Pro:
  2807024 - ETPRO TROJAN Wauchos.la/Andromeda/Balbatun.9713 Checkin
(trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20130918/cfa50cab/attachment.html>


More information about the Emerging-updates mailing list