[Emerging-updates] Daily Ruleset Update Summary 2015/01/06

Francis Trudeau ftrudeau at emergingthreats.net
Tue Jan 6 22:01:57 EST 2015


[***] Summary: [***]

6 new Open signatures, 16 new Pro (6 + 10). Misfortune Cookie,
1337w0rm, Fujacks.A, Asus WRT LAN vulnerability.

Thanks: Kevin Ross, Eoin Miller and @rmkml.

[+++] Added rules: [+++]

Open:

2020096 - ET WEB_SERVER ATTACKER WebShell - 1337w0rm - Landing Page
(web_server.rules)
2020097 - ET WEB_SERVER ATTACKER WebShell - 1337w0rm - cPanel Cracker
(web_server.rules)
2020099 - ET WEB_CLIENT Internet Explorer execCommand function Use
after free Vulnerability 0day Metasploit 2 (web_client.rules)
2020100 - ET EXPLOIT Possible Misfortune Cookie - SET (exploit.rules)
2020101 - ET EXPLOIT Possible Misfortune Cookie RomPager Server banner
(exploit.rules)
2020102 - ET WEB_SERVER PHP System Command in HTTP POST (web_server.rules)

Pro:

2809442 - ETPRO TROJAN Win32/Filecoder Variant .onion Proxy Domain
(trojan.rules)
2809443 - ETPRO USER_AGENTS NateOn User Agent Likely Hostile (user_agents.rules)
2809444 - ETPRO EXPLOIT Possible Asus WRT LAN Backdoor Command
Execution (exploit.rules)
2809445 - ETPRO TROJAN Win32/Cuepilini.A Checkin (trojan.rules)
2809446 - ETPRO MOBILE_MALWARE AndroidOS/Fujacks.A Checkin
(mobile_malware.rules)
2809447 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.gl Checkin 2
(mobile_malware.rules)
2809448 - ETPRO MOBILE_MALWARE Adware.AndroidOS.AirPush.a Checkin 2
(mobile_malware.rules)
2809449 - ETPRO TROJAN Win32/Induc.A Checkin 2 (trojan.rules)
2809450 - ETPRO TROJAN Trojan.Win32.Yakes Variant Checkin (trojan.rules)
2809451 - ETPRO MOBILE_MALWARE Android/AdDisplay.AirPush.M Checkin
(mobile_malware.rules)
2809452 - ETPRO MALWARE PUP Win32/SearchSuite Checkin (malware.rules)


[///] Modified active rules: [///]

2013962 - ET CURRENT_EVENTS Possible Exploit Kit Delivering Executable
to Client (current_events.rules)
2019785 - ET CURRENT_EVENTS PHISH PayPal - Landing Page (current_events.rules)
2020095 - ET TROJAN Steam Stealer (trojan.rules)
2806014 - ETPRO WEB_CLIENT Microsoft Internet Explorer CObjectElement
Use After Free (web_client.rules)
2806107 - ETPRO WEB_CLIENT Microsoft Internet Explorer OnResize Use
After Free (web_client.rules)
2809026 - ETPRO TROJAN Ransom.Win32.Cryakl Checkin (trojan.rules)


[---] Disabled rules: [---]

2003237 - ET VOIP MultiTech SIP UDP Overflow (voip.rules)


[---] Removed rules: [---]

2809391 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.AHS Checkin
(mobile_malware.rules)
2809426 - ETPRO MALWARE AdWare.AirPush checkin (malware.rules)


More information about the Emerging-updates mailing list