[Emerging-updates] Daily Ruleset Update Summary 06/10/2014

Will Metcalf wmetcalf at emergingthreatspro.com
Tue Jun 10 18:34:04 EDT 2014


 [***]          Summary:          [***]

 3 new Open rules. 26 new Pro (3/23). MS Tuesday, Putter Panda, Pandemiya,
etc. Thanks to @CrowdStrike, @rmkml, @jaimeblascob, James Lay

 MS Tuesday coverage can be found here:

http://www.emergingthreats.net/2014/06/10/june-2014-microsoft-patch-tuesday-coverage/

 [+++]          Added rules:          [+++]

  Open:
  2018553 - ET TROJAN Pandemiya User-Agent (trojan.rules)
  2018554 - ET TROJAN Putter Panda CnC HTTP Request (trojan.rules)
  2018555 - ET TROJAN Putter Panda 3PARA RAT initial beacon (trojan.rules)

  Pro:
  2808142 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free
(CVE-2014-0282) (web_client.rules)
  2808143 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free
(CVE-2014-1762) (web_client.rules)
  2808144 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free
(CVE-2014-1766) (web_client.rules)
  2808145 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free 1
(CVE-2014-1785) (web_client.rules)
  2808146 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free 2
(CVE-2014-1785) (web_client.rules)
  2808147 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free
(CVE-2014-1789) (web_client.rules)
  2808148 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free
(CVE-2014-1791) (web_client.rules)
  2808149 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free
(CVE-2014-1795) (web_client.rules)
  2808150 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free
(CVE-2014-1797) (web_client.rules)
  2808151 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free
(CVE-2014-1800) (web_client.rules)
  2808152 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free
(CVE-2014-1802) (web_client.rules)
  2808153 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free
(CVE-2014-1804) (web_client.rules)
  2808154 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free
(CVE-2014-1804) 2 (web_client.rules)
  2808155 - ETPRO WEB_SERVER Microsoft Lync Server XSS attempt
(CVE-2014-1823) (web_server.rules)
  2808156 - ETPRO WEB_CLIENT Internet Explorer Use-After-Free CVE-2014-1805
(web_client.rules) (disabled by default)
  2808157 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.ep Checkin
(mobile_malware.rules)
  2808158 - ETPRO MOBILE_MALWARE RemoteAdmin.AndroidOS.Unfawa.a Checkin
(mobile_malware.rules)
  2808159 - ETPRO MALWARE AdWare.Win32.WhiteSmoke Checkin (malware.rules)
  2808160 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Opfake.a Checkin 8
(mobile_malware.rules)
  2808161 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Opfake.a Checkin 9
(mobile_malware.rules)
  2808162 - ETPRO TROJAN Trojan-Downloader.JS.Small.ps Checkin
(trojan.rules)
  2808163 - ETPRO TROJAN Trojan-Downloader.JS.Small.ps Checkin 2
(trojan.rules)
  2808164 - ETPRO TROJAN Win32/Meredrop Checkin (trojan.rules)


 [///]     Modified active rules:     [///]

  Open:
  2014726 - ET POLICY Outdated Windows Flash Version IE (policy.rules)
  2014727 - ET POLICY Outdated Mac Flash Version (policy.rules)
  2018326 - ET WEB_SPECIFIC_APPS JCE Joomla Extension
(web_specific_apps.rules)
  2018358 - ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake
Browser 1 (info.rules)
  2018548 - ET TROJAN EtumBot Command Status Message (trojan.rules)
  2018550 - ET TROJAN EtumBot GET File Initial Response (trojan.rules)
  2018551 - ET TROJAN EtumBot GET File Data Upload (trojan.rules)

  Pro:
  2807690 - ETPRO TROJAN W32/VBCheMan.A!tr Checkin (trojan.rules)
  2808053 - ETPRO MOBILE_MALWARE Android/SmsSend.ET Checkin
(mobile_malware.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20140610/6e5a3cc3/attachment.html>


More information about the Emerging-updates mailing list