[Emerging-updates] Daily Ruleset Update Summary 08/20/2014

Francis Trudeau ftrudeau at emergingthreats.net
Wed Aug 20 18:18:57 EDT 2014


 [***] Summary: [***]

 11 new Open signatures, 21 new Pro.  Wordpress Vuln, OneLouder,
Various AndroidOS, Wetware.

 Thanks:  Jake Warren, rmkml, tdzmont, @kafeine and @EKwatcher

 [+++]          Added rules:          [+++]

 Open:

  2018965 - ET CURRENT_EVENTS Malvertising Leading to EK Aug 19 2014
M3 (current_events.rules)
  2018966 - ET CURRENT_EVENTS Malvertising Leading to EK Aug 19 2014
M1 (current_events.rules)
  2018967 - ET CURRENT_EVENTS Malvertising Leading to EK Aug 19 2014
M2 (current_events.rules)
  2018968 - ET TROJAN Python.Ragua Checkin (trojan.rules)
  2018969 - ET WEB_CLIENT DRIVEBY Social Engineering Toolkit JAR
Download (web_client.rules)
  2018970 - ET WEB_CLIENT DRIVEBY Social Engineering Toolkit JAR
filename detected (web_client.rules)
  2018971 - ET CURRENT_EVENTS Probable OneLouder downloader (Zeus P2P)
(current_events.rules)
  2018972 - ET WEB_CLIENT DRIVEBY Social Engineering Toolkit Web Clone
code detected (web_client.rules)
  2018973 - ET CURRENT_EVENTS Possible Dyre SSL Cert Aug 20 2014 D1
(current_events.rules)
  2018974 - ET CURRENT_EVENTS Possible Dyre SSL Cert Aug 20 2014 D2
(current_events.rules)
  2018975 - ET WEB_SPECIFIC_APPS Wordpress Custom Contact Forms DB
Upload/Download Auth Bypass (web_specific_apps.rules)

 Pro:

  2808589 - ETPRO MOBILE_MALWARE Android/Maver.A Checkin (mobile_malware.rules)
  2808590 - ETPRO MOBILE_MALWARE AndroidOS/Tetus.A Checkin 4
(mobile_malware.rules)
  2808591 - ETPRO MALWARE PUP.Optional.OneMoreGame.A checkin (malware.rules)
  2808592 - ETPRO MALWARE PUP.Optional.Soft32.A .exe Download (malware.rules)
  2808593 - ETPRO MOBILE_MALWARE Android/FakeTimer.A Checkin 2
(mobile_malware.rules)
  2808594 - ETPRO MALWARE PUA.Plush Checkin (malware.rules)
  2808595 - ETPRO MALWARE W32/VBInject.CC Checkin (malware.rules)
  2808596 - ETPRO TROJAN Win32/Tiny.o Checkin (trojan.rules)
  2808597 - ETPRO MALWARE Win32/Adware.MultiPlug.J Checkin (malware.rules)
  2808598 - ETPRO TROJAN Wetware Bot Checkin (trojan.rules)


 [///]     Modified active rules:     [///]

  2015653 - ET TROJAN Rogue.Win32/Winwebsec Install (trojan.rules)
  2016932 - ET TROJAN Spy/Infostealer.Win32.Embed.A Client Traffic
(trojan.rules)
  2018748 - ET TROJAN PE downloaded malicious SSL certificate (CZ
Solutions) (trojan.rules)
  2804635 - ETPRO TROJAN W32/LockScreen Scareware User-Agent (MSlE
6.0) (trojan.rules)
  2804656 - ETPRO TROJAN Win32/TrojanDownloader.Banload.QOT Checkin
(trojan.rules)
  2804717 - ETPRO TROJAN Backdoor.Win32.Koutodoor.aihc Checkin (trojan.rules)
  2804737 - ETPRO TROJAN Trojan.Win32.Pincav.cemf Checkin (trojan.rules)
  2804919 - ETPRO TROJAN Win32.Swisyn.cioi Checkin (trojan.rules)
  2804933 - ETPRO TROJAN Win32/Virut.BN Checkin 2 (trojan.rules)
  2805191 - ETPRO TROJAN Win32/TrojanDownloader.Banload.QYE Checkin
(trojan.rules)
  2805382 - ETPRO TROJAN Trojan-Dropper.Win32.Daws.atjm Checkin (trojan.rules)
  2805496 - ETPRO TROJAN Win32/Uosproy.A Checkin (hello) (trojan.rules)
  2805515 - ETPRO GAMES User-Agent (Thor Patcher) (games.rules)
  2805718 - ETPRO TROJAN Win32/Mitglieder.BN Checkin (trojan.rules)
  2805747 - ETPRO TROJAN Win32/Zegost.B CnC (trojan.rules)
  2805852 - ETPRO TROJAN Win32/TrojanDownloader.Banload.RPD Checkin
(trojan.rules)


 [///]    Modified inactive rules:    [///]

  2014348 - ET TROJAN RevProxy ClientHello (trojan.rules)


 [---]         Removed rules:         [---]

  2804827 - ETPRO TROJAN Win32/TrojanDownloader.Banload.QYE Checkin
(trojan.rules)
  2805991 - ETPRO TROJAN Win32.Dapato.bsyi Checkin (trojan.rules)


More information about the Emerging-updates mailing list