[Emerging-updates] Daily Ruleset Update Summary 01/14/2014

Francis Trudeau ftrudeau at emergingthreats.net
Tue Jan 14 12:32:49 HAST 2014


 [***] Summary: [***]

 3 new Open rules, 8 Pro (3/5).  Miniduke, Dokstormac, Netgear
passwordrecovered.cgi vuln, Daceluw.

Thanks to: rmkml.

 Emerging Threats will continue researching vulnerabilities relating to the
Microsoft patches from today. As of now we will not be releasing signatures
related to patch Tuesday as the information we have only pertain to local
vulnerabilities.

 [+++]          Added rules:          [+++]

 Open:

  2017968 - ET INFO Suspicious Possible Process Dump in POST body
(info.rules)
  2017969 - ET CURRENT_EVENTS Netgear N150 passwordrecovered.cgi attempt
(current_events.rules)
  2017970 - ET TROJAN PWS.Win32/Daceluw.A Checkin (trojan.rules)

 Pro:

  2807470 - ETPRO TROJAN Win32/Dokstormac.B Checkin 2 (trojan.rules)
  2807471 - ETPRO TROJAN Worm.Win32.Luder.bebt Download (trojan.rules)
  2807472 - ETPRO TROJAN Win32/Bervod.A (trojan.rules)
  2807473 - ETPRO TROJAN Trojan.Win32.Remko.m Checkin (trojan.rules)
  2807474 - ETPRO TROJAN Miniduke Checkin 2 (trojan.rules)


 [///]     Modified active rules:     [///]

  2011582 - ET POLICY Vulnerable Java Version 1.6.x Detected (policy.rules)
  2011857 - ET TROJAN SpyEye C&C Check-in URI (trojan.rules)
  2014297 - ET POLICY Vulnerable Java Version 1.7.x Detected (policy.rules)
  2014726 - ET POLICY Outdated Windows Flash Version IE (policy.rules)
  2014727 - ET POLICY Outdated Mac Flash Version (policy.rules)
  2017548 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 3
(trojan.rules)
  2017917 - ET TROJAN W32/Ferret DDOS Bot CnC Beacon 2 (trojan.rules)
  2017922 - ET TROJAN Win32.Morix.B checkin (trojan.rules)
  2017967 - ET TROJAN StartPage jsp checkin (trojan.rules)
  2804347 - ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dynamicDNS.biz
Domain (info.rules)


 [---]         Removed rules:         [---]

  2010789 - ET TROJAN SpyEye Bot Checkin (trojan.rules)
  2807465 - ETPRO TROJAN PWS.Win32/Daceluw.A Checkin (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20140114/1c9d70ce/attachment.html>


More information about the Emerging-updates mailing list