[Emerging-updates] Daily Ruleset Update Summary 08/12/2014

Francis Trudeau ftrudeau at emergingthreats.net
Tue Aug 12 18:42:23 EDT 2014


 [***] Summary: [***]

 17 new Pro rules.  Patch Tuesday, Rovnix, Tofsee, Various Android.

 Thanks:  Nathan Fowler, Jake Warren and @kafeine

 More Patch Tuesday coverage info here:
http://emergingthreats.net/august-2014-microsoft-patch-tuesday-coverage/


 [+++]          Added rules:          [+++]

 Pro:

  2808539 - ETPRO WEB_CLIENT Possible Internet Explorer Use-After-Free
CVE-2014-2820 1 (web_client.rules)
  2808540 - ETPRO WEB_CLIENT Possible Internet Explorer Use-After-Free
CVE-2014-2820 2 (web_client.rules)
  2808541 - ETPRO WEB_CLIENT Possible Internet Explorer Use-After-Free
CVE-2014-2823 (web_client.rules)
  2808542 - ETPRO WEB_CLIENT Possible Internet Explorer Use-After-Free
CVE-2014-4050 (web_client.rules)
  2808543 - ETPRO WEB_CLIENT Possible Internet Explorer Use-After-Free
CVE-2014-4057 1 (web_client.rules)
  2808544 - ETPRO WEB_CLIENT Possible Internet Explorer Use-After-Free
CVE-2014-4057 2 (web_client.rules)
  2808545 - ETPRO WEB_CLIENT Possible Internet Explorer Use-After-Free
CVE-2014-4063 (web_client.rules)
  2808546 - ETPRO TROJAN Backdoor.MSIL/Parama.A Checkin (trojan.rules)
  2808547 - ETPRO TROJAN Win32/Ursnif Connectivity Check (trojan.rules)
  2808548 - ETPRO TROJAN Trojan.Win32.Yakes.fdph SSL Cert (trojan.rules)
  2808549 - ETPRO TROJAN Win32/Rovnix Variant Config Download (trojan.rules)
  2808550 - ETPRO TROJAN Win32/Tofsee.av Loader Checkin (trojan.rules)
  2808551 - ETPRO TROJAN Trojan.Win32.Agent.cralxq Checkin (trojan.rules)
  2808552 - ETPRO TROJAN Backdoor.Win32/Banito.D Checkin (trojan.rules)
  2808553 - ETPRO MOBILE_MALWARE Android.Monitor.SMSUploader.A Checkin
(mobile_malware.rules)
  2808554 - ETPRO MOBILE_MALWARE Android.Trojan.Vmvol.A Checkin
(mobile_malware.rules)
  2808555 - ETPRO MOBILE_MALWARE Android.Trojan.Vmvol.A Checkin 2
(mobile_malware.rules)


 [///]     Modified active rules:     [///]

  2012612 - ET TROJAN Hiloti Style GET to PHP with invalid terse MSIE
headers (trojan.rules)
  2014726 - ET POLICY Outdated Windows Flash Version IE (policy.rules)
  2014727 - ET POLICY Outdated Mac Flash Version (policy.rules)
  2017314 - ET TROJAN PRISM Backdoor (trojan.rules)
  2017938 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic
(OUTBOUND) 13 (trojan.rules)
  2018915 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
certificate detected (KINS C2) (trojan.rules)
  2018916 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
certificate detected (KINS C2) (trojan.rules)
  2800575 - ETPRO ACTIVEX Microsoft Access ActiveX Control Code
Execution 2 (activex.rules)
  2801468 - ETPRO WEB_CLIENT Insecure Library Loading Request (.dll)
(web_client.rules)
  2807199 - ETPRO WEB_CLIENT SUSPICIOUS WordPerfect Document with .doc
extension 2 (web_client.rules)
  2807716 - ETPRO MOBILE_MALWARE AndroidOS/Sumzand.A Checkin
(mobile_malware.rules)


 [///]    Modified inactive rules:    [///]

  2017346 - ET CURRENT_EVENTS Blackhole/Cool obfuscated plugindetect
in charcodes w/o sep Jul 10 2013 (current_events.rules)


 [---]  Disabled and modified rules:  [---]

  2016341 - ET CURRENT_EVENTS Blackhole Java applet with obfuscated
URL Feb 04 2012 (current_events.rules)
  2806979 - ETPRO WEB_CLIENT Microsoft Internet Explorer
Use-After-Free CVE-2013-3208 (web_client.rules)
  2807103 - ETPRO WEB_CLIENT Microsoft Internet Explorer
Use-After-Free CVE-2013-3885 (web_client.rules)
  2807212 - ETPRO WEB_CLIENT Microsoft Internet Explorer
Use-After-Free (CVE-2013-3917) (web_client.rules)


 [---]         Removed rules:         [---]

  2018921 - ET TROJAN Trojan-Spy.Win32.HavexSysinfo Response (trojan.rules)
  2808432 - ETPRO TROJAN Backdoor.Korplug!gen6 Checkin (HTTP) (trojan.rules)
  2808433 - ETPRO TROJAN Backdoor.Korplug!gen6 Checkin (UDP) (trojan.rules)


More information about the Emerging-updates mailing list