[Emerging-updates] Daily Ruleset Update Summary 09/20/2013

Will Metcalf wmetcalf at emergingthreatspro.com
Fri Sep 20 13:40:08 HADT 2013


 [***]          Summary:          [***]

 8 New Open. 26 new Open (8/18). Gh0st, Generic detection for various JS
evil. etc.

 [+++]          Added rules:          [+++]

  Open:
  2017498 - ET CURRENT_EVENTS Blatantly Evil JS Function
(current_events.rules)
  2017499 - ET CURRENT_EVENTS Probably Evil Long Unicode string only string
and unescape 1 (current_events.rules)
  2017500 - ET CURRENT_EVENTS Probably Evil Long Unicode string only string
and unescape 2 (current_events.rules)
  2017501 - ET CURRENT_EVENTS Probably Evil Long Unicode string only string
and unescape 3 (current_events.rules)
  2017502 - ET CURRENT_EVENTS Probably Evil Long Unicode string only string
and unescape 3 (current_events.rules)
  2017503 - ET CURRENT_EVENTS Unknown EK Used in various watering hole
attacks (current_events.rules)
  2017504 - ET CURRENT_EVENTS DRIVEBY Generic - *.com.exe HTTP Attachment
(current_events.rules)
  2017505 - ET TROJAN Gh0st Trojan CnC 2 (trojan.rules)

  Pro:
  2807051 - ETPRO TROJAN DoS DirtJumper bot DDOS attack (trojan.rules)
  2807052 - ETPRO TROJAN Backdoor.Win32.zegost Checkin (trojan.rules)
  2807053 - ETPRO TROJAN Win32/Spy.Banker.ZWK Checkin (trojan.rules)
  2807054 - ETPRO TROJAN Win32/Ransom.FL Checkin (trojan.rules)
  2807055 - ETPRO TROJAN RemoteAdmin.Win32.NetWindow.118.b Checkin
(trojan.rules)
  2807056 - ETPRO TROJAN Win32.Kryptik.BJWG 1 (trojan.rules)
  2807057 - ETPRO TROJAN Win32.Kryptik.BJWG 2 (trojan.rules)
  2807058 - ETPRO TROJAN Win32.Kryptik.BJWG 3 (trojan.rules)
  2807059 - ETPRO TROJAN Win32.Kryptik.BJWG 4 (trojan.rules)
  2807060 - ETPRO TROJAN Win32.Kryptik.BJWG 5 (trojan.rules)
  2807061 - ETPRO TROJAN Win32/Rbot SSL checkin 1 (trojan.rules)
  2807062 - ETPRO TROJAN Win32/Rbot SSL checkin 2 (trojan.rules)
  2807063 - ETPRO TROJAN Win32/Rbot SSL checkin 4 (trojan.rules)
  2807064 - ETPRO TROJAN Win32/Rbot SSL checkin 5 (trojan.rules)
  2807065 - ETPRO TROJAN Win32/Rbot SSL checkin 6 (trojan.rules)
  2807066 - ETPRO TROJAN Win32/Rbot SSL checkin 7 (trojan.rules)
  2807067 - ETPRO TROJAN Win32/Rbot SSL checkin 8 (trojan.rules)
  2807068 - ETPRO TROJAN Win32/Rbot SSL checkin 9 (trojan.rules)


 [///]     Modified active rules:     [///]

  Open:
  2010241 - ET TROJAN WindowsEnterpriseSuite FakeAV check-in GET
(trojan.rules)

  Pro:
  2804436 - ETPRO TROJAN Win32/Vaxpy.A Checkin (trojan.rules)
  2805220 - ETPRO MALWARE Win-Adware/KorAd.138208 Checkin (malware.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20130920/29a17280/attachment.html>


More information about the Emerging-updates mailing list