[Emerging-updates] Daily Ruleset Update Summary 11/13/2014

Will Metcalf wmetcalf at emergingthreatspro.com
Thu Nov 13 22:19:20 EST 2014


[***]          Summary:          [***]

2 New open. 25 New Pro (23+2) MS SChannel 2014-6321, CVE-2014-6332. Tks
@rmkml.

[+++]          Added rules:          [+++]

  Open:
  2019706 - ET WEB_CLIENT Possible Internet Explorer VBscript failure to
handle error case information disclosure CVE-2014-6332 (web_client.rules)
  2019707 - ET WEB_CLIENT GENERIC VB ShellExecute Function Inside of
VBSCRIPT tag (web_client.rules)

  Pro:
  2809176 - ETPRO EXPLOIT DTLS Pre 1.0 HelloVerifyRequest CookieSize Heap
Overflow CVE-2014-6321 (exploit.rules)
  2809177 - ETPRO EXPLOIT DTLS 1.0 HelloVerifyRequest CookieSize Heap
Overflow CVE-2014-6321 (exploit.rules)
  2809178 - ETPRO EXPLOIT DTLS 1.2 HelloVerifyRequest CookieSize Heap
Overflow CVE-2014-6321 (exploit.rules)
  2809179 - ETPRO EXPLOIT DTLS Pre 1.0 HelloVerifyRequest Schannel OOB Read
CVE-2014-6321 (exploit.rules)
  2809180 - ETPRO EXPLOIT DTLS 1.0 HelloVerifyRequest Schannel OOB Read
CVE-2014-6321 (exploit.rules)
  2809181 - ETPRO EXPLOIT DTLS 1.2 HelloVerifyRequest Schannel OOB Read
CVE-2014-6321 (exploit.rules)
  2809182 - ETPRO MALWARE Win32.Adware.MediaGet.A Checkin (malware.rules)
  2809183 - ETPRO MOBILE_MALWARE AndroidOS/SMSPay.BF Checkin
(mobile_malware.rules)
  2809184 - ETPRO TROJAN Backdoor.Korplug!gen6 Checkin (UDP) (trojan.rules)
  2809185 - ETPRO TROJAN Win32.Troj.Reconyc Sending Screenshots and
Keystrokes Via SMTP (trojan.rules)
  2809186 - ETPRO TROJAN PUA.KwMusic Checkin (trojan.rules)
  2809187 - ETPRO TROJAN BACKDOOR.MSIL/CALIEROT.A CnC Checkin (trojan.rules)
  2809189 - ETPRO TROJAN Win32/Tarcloin.G Connectivity Check (trojan.rules)
  2809190 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.MTK.f Checkin
(mobile_malware.rules)
  2809191 - ETPRO MALWARE PUP.Optional.Wajam Checkin (malware.rules)
  2809192 - ETPRO EXPLOIT SChannel Possible Heap Overflow DSAWithSHA1
CVE-2014-6321 (exploit.rules)
  2809193 - ETPRO EXPLOIT SChannel Possible Heap Overflow DSAWithSHA224
CVE-2014-6321 (exploit.rules)
  2809194 - ETPRO EXPLOIT SChannel Possible Heap Overflow DSAWithSHA256
CVE-2014-6321 (exploit.rules)
  2809195 - ETPRO EXPLOIT SChannel Possible Heap Overflow ECDSAWithSHA1
CVE-2014-6321 (exploit.rules)
  2809196 - ETPRO EXPLOIT SChannel Possible Heap Overflow ECDSAWithSHA224
CVE-2014-6321 (exploit.rules)
  2809197 - ETPRO EXPLOIT SChannel Possible Heap Overflow ECDSAWithSHA256
CVE-2014-6321 (exploit.rules)
  2809198 - ETPRO EXPLOIT SChannel Possible Heap Overflow ECDSAWithSHA384
CVE-2014-6321 (exploit.rules)
  2809199 - ETPRO EXPLOIT SChannel Possible Heap Overflow ECDSAWithSHA512
CVE-2014-6321 (exploit.rules)


 [///]     Modified active rules:     [///]

  2013935 - ET TROJAN Win32.Zbot.chas/Unruy.H Covert DNS CnC Channel TXT
Response (trojan.rules)
  2018228 - ET TROJAN Possible PlugX Common Header Struct (trojan.rules)

 [---]  Disabled and modified rules:  [---]

  2017793 - ET CURRENT_EVENTS HiMan EK - Payload Requested
(current_events.rules)


 [---]         Removed rules:         [---]

  2809147 - ETPRO WEB_CLIENT Possible Internet Explorer VBscript failure to
handle error case information disclosure CVE-2014-6332 (web_client.rules)
  2809172 - ETPRO WEB_CLIENT GENERIC VB ShellExecute Function Inside of
VBSCRIPT tag (web_client.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20141113/b40a3f31/attachment.html>


More information about the Emerging-updates mailing list