[Emerging-updates] Daily Ruleset Update Summary 06/19/2014

Francis Trudeau ftrudeau at emergingthreats.net
Thu Jun 19 18:12:37 EDT 2014


 [***] Summary: [***]

 3 new Open signatures, 8 new Pro (3+5).  Boaxxe, Sweet Orange,
Safe/Critx/FlashPack, Various Android.

 [+++]          Added rules:          [+++]

 Open:

  2018582 - ET TROJAN Miuref/Boaxxe Checkin (trojan.rules)
  2018583 - ET CURRENT_EVENTS Sweet Orange EK Common Java Exploit
(current_events.rules)
  2018584 - ET MOBILE_MALWARE Andr/com.sdwiurse (mobile_malware.rules)

 Pro:

  2808212 - ETPRO CURRENT_EVENTS Safe/Critx/FlashPack URI Struct June 19,
2014 1 (current_events.rules)
  2808213 - ETPRO CURRENT_EVENTS Safe/Critx/FlashPack URI Struct June 19,
2014 2 (current_events.rules)
  2808214 - ETPRO MOBILE_MALWARE Android.Riskware.Agent.XAB Checkin
(mobile_malware.rules)
  2808215 - ETPRO MOBILE_MALWARE Andr/SMSReg (mobile_malware.rules)
  2808216 - ETPRO P2P BTmagnat/BTStorm Client User-Agent (BTStorm)
(p2p.rules)


 [///]     Modified active rules:     [///]

  2003384 - ET MALWARE SpamBlockerUtility Fake Anti-Spyware User-Agent
(SpamBlockerUtility x.x.x) (malware.rules)
  2009521 - ET TROJAN Win32/Nubjub.A HTTP Check-in  (trojan.rules)
  2012246 - ET USER_AGENTS W32/Goolbot.E Checkin UA Detected iamx
(user_agents.rules)
  2012620 - ET TROJAN Win32.FakeAV.chhq Checkin (trojan.rules)
  2012629 - ET USER_AGENTS Optimum Installer User-Agent IE6 on Windows XP
(user_agents.rules)
  2013206 - ET TROJAN Win32.FakeAV POST datan.php (trojan.rules)
  2014705 - ET CURRENT_EVENTS Bleeding Life 2 GPLed Exploit Pack exploit
request (current_events.rules)
  2014706 - ET CURRENT_EVENTS Bleeding Life 2 GPLed Exploit Pack payload
request (exploit successful!) (current_events.rules)
  2014707 - ET CURRENT_EVENTS Bleeding Life 2 GPLed Exploit Pack payload
download (current_events.rules)
  2801400 - ETPRO TROJAN Win32.Vilsel.awhu Checkin via Email Form
(trojan.rules)
  2801401 - ETPRO TROJAN Win32.Vilsel.awhu Checkin via Email Form Inbound
(trojan.rules)
  2803554 - ETPRO TROJAN Win32/Fosniw.B Dropper Checkin (trojan.rules)
  2804185 - ETPRO TROJAN Win32/Dluca.AN Checkin (trojan.rules)
  2804240 - ETPRO TROJAN TrojanDownloader.Win32/Delf.NK (trojan.rules)
  2804683 - ETPRO TROJAN FakeCloudAV2012 Checkin (trojan.rules)
  2804821 - ETPRO TROJAN Win32.Jeefo.A Checkin (trojan.rules)
  2805716 - ETPRO TROJAN Win32.Doldow Trojan Checkin (trojan.rules)
  2805734 - ETPRO TROJAN Win32.Virtob Trojan Checkin (trojan.rules)
  2805768 - ETPRO TROJAN Win32/Spy.KeyLogger.OLD Checkin (trojan.rules)
  2805770 - ETPRO TROJAN Backdoor.Hallifez.A Trojan Checkin (trojan.rules)
  2805838 - ETPRO TROJAN .Win32.Vobfus Trojan UA ????[A-F] (trojan.rules)
  2806120 - ETPRO TROJAN Variant.Strictor Trojan Selfupdate (exe.zip)
(trojan.rules)
  2806294 - ETPRO TROJAN Win32.Banload Trojan Checkin (trojan.rules)
  2806557 - ETPRO TROJAN Trojan-Downloader.Win32.VB.gznp Checkin
(trojan.rules)
  2806849 - ETPRO TROJAN Win32.Agent Trojan Checkin (trojan.rules)
  2807016 - ETPRO TROJAN  Win32.Agent Trojan Checkin (trojan.rules)
  2807188 - ETPRO TROJAN Trojan.BHO Checkin (trojan.rules)
  2807599 - ETPRO TROJAN Trojan.Downloader.gen.h Checkin (trojan.rules)
  2807629 - ETPRO TROJAN IRCBot.nih Trojan Checkin (trojan.rules)
  2807930 - ETPRO TROJAN Win32.Boaxxe Trojan Checkin (trojan.rules)
  2808030 - ETPRO TROJAN Win32.IRCBot Checkin (trojan.rules)
  2808199 - ETPRO MOBILE_MALWARE Android.Trojan.FakeInst.DZ Checkin
(mobile_malware.rules)


 [///]    Modified inactive rules:    [///]

  2801698 - ETPRO SCADA_SPECIAL DNP3 Cold Restart From Unauthorized Client
(scada_special.rules)
  2805371 - ETPRO TROJAN Email-Worm.Win32.Mimail.l ICMP Timestamp Request
(trojan.rules)


 [---]         Removed rules:         [---]

  2008770 - ET P2P Unknown Trojan P2P Data Download (p2p.rules)
  2008771 - ET P2P Unknown Trojan P2P Download Request (p2p.rules)
  2008772 - ET P2P Unknown Trojan P2P Request (p2p.rules)
  2012250 - ET TROJAN Unknown Web Backdoor Keep-Alive (trojan.rules)
  2804241 - ETPRO TROJAN Unknown Trojan Checkin id= mac= (trojan.rules)
  2805357 - ETPRO TROJAN Unknown Trojan Checkin (trojan.rules)
  2805499 - ETPRO TROJAN Unknown Trojan Keepalive (trojan.rules)
  2805672 - ETPRO TROJAN Unknown Trojan Checkin (trojan.rules)
  2806241 - ETPRO TROJAN Unknown Trojan Checkin (trojan.rules)
  2806746 - ETPRO TROJAN Unknown Trojan Checkin (trojan.rules)
  2807245 - ETPRO TROJAN Variant.Zusy.71154 Checkin (trojan.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20140619/0475c97e/attachment.html>


More information about the Emerging-updates mailing list