[Emerging-updates] Daily Ruleset Update Summary 09/17/2013

Will Metcalf wmetcalf at emergingthreatspro.com
Wed Sep 18 14:26:23 HADT 2013


Forgot to thank shadow for the BHEK sig. Thanks!


On Wed, Sep 18, 2013 at 6:24 PM, Will Metcalf <
wmetcalf at emergingthreatspro.com> wrote:

> [***]          Summary:          [***]
>
> 2 new Open. 6 new Pro (2/4). BHEK updates. Styx/BHEK redirects. Popads EK
> sigs renamed to Magnitude EK "pop pop" due to the fact that Popads being a
> legit ad network.  Thanks Eoin, @kafeine, all.
>
> [+++]          Added rules:          [+++]
>
>  Open:
>   2017481 - ET CURRENT_EVENTS BlackHole initial landing/gate
> (current_events.rules)
>   2017482 - ET CURRENT_EVENTS DRIVEBY Styx - TDS - Redirect To Landing
> Page (current_events.rules)
>
>   Pro:
>   2807044 - ETPRO TROJAN Win32/Banker.AKE Checkin (trojan.rules)
>   2807045 - ETPRO TROJAN Trojan.Win32.Agent.aapnf Report via SMTP
> (trojan.rules)
>   2807046 - ETPRO TROJAN Worm.Win32/Chiviper.C Checkin (trojan.rules)
>   2807047 - ETPRO TROJAN Backdoor.Win32.GF.13x.A Response (trojan.rules)
>
>
>  [///]     Modified active rules:     [///]
>
>   Open:
>   2005322 - ET MALWARE Spylocked Fake Anti-Spyware User-Agent (SpyLocked)
> (malware.rules)
>   2015482 - ET TROJAN ZeroAccess Outbound udp traffic detected
> (trojan.rules)
>   2015782 - ET CURRENT_EVENTS Magnitude EK (formerly Popads) Other Java
> Exploit Kit 32-32 byte hex hostile jar (current_events.rules)
>   2015888 - ET CURRENT_EVENTS Magnitude EK (formerly Popads) Java Exploit
> Kit 32-32 byte hex java payload request (current_events.rules)
>   2015901 - ET CURRENT_EVENTS Magnitude EK (formerly Popads) - Landing
> Page - Java ClassID and 32HexChar.jar (current_events.rules)
>   2016065 - ET CURRENT_EVENTS Magnitude EK (formerly Popads) Embedded Open
> Type Font file .eot (current_events.rules)
>   2016155 - ET CURRENT_EVENTS Magnitude EK (formerly Popads) - Font
> Exploit - 32HexChar.eot (current_events.rules)
>   2016798 - ET CURRENT_EVENTS Magnitude EK (formerly Popads) Java JNLP
> Requested (current_events.rules)
>   2016799 - ET CURRENT_EVENTS Magnitude EK (formerly Popads) Flash Exploit
> Requested (current_events.rules)
>   2017140 - ET CURRENT_EVENTS Possible Blackhole EK Jar Download URI
> Struct (current_events.rules)
>   2017454 - ET CURRENT_EVENTS BlackHole EK Payload Download Sep 11 2013
> (current_events.rules)
>
>   Pro:
>   2807024 - ETPRO TROJAN Wauchos.la/Andromeda/Balbatun.9713 Checkin
> (trojan.rules)
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20130918/70756eb8/attachment.html>


More information about the Emerging-updates mailing list