[Emerging-updates] Daily Ruleset Update Summary 2015/01/28

Francis Trudeau ftrudeau at emergingthreats.net
Wed Jan 28 17:57:22 EST 2015


 [***] Summary: [***]

 9 new Open sigs, 32 new Pro (9 + 23).  Job314/Neutrino, CVE-2015-0235
Exim vuln, Wordpress PingBack GHOST.

 Thanks:Pierre Schweitzer, Kevin Ross, @abuse_ch, and UT Austin
Information Security Office.

 [+++]          Added rules:          [+++]

 Open:

  2020320 - ET CURRENT_EVENTS Job314/Neutrino Reboot EK Landing Jan 27
2015 (current_events.rules)
  2020321 - ET CURRENT_EVENTS Job314/Neutrino Reboot EK Landing Jan 27
2015 (current_events.rules)
  2020322 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
detected (KINS CnC) (trojan.rules)
  2020323 - ET WEB_SERVER Heimdallbot Attack Tool Inbound (web_server.rules)
  2020324 - ET POLICY Onion2Web Tor Proxy Cookie (policy.rules)
  2020325 - ET EXPLOIT CVE-2015-0235 Exim Buffer Overflow Attempt
(HELO) (exploit.rules)
  2020326 - ET EXPLOIT CVE-2015-0235 Exim Buffer Overflow Attempt
(HELO) (exploit.rules)
  2020327 - ET WEB_SPECIFIC_APPS Wordpress PingBack Possbile GHOST
attempt (web_specific_apps.rules)
  2020328 - ET CURRENT_EVENTS Possible Dridex Campaign Download Jan 28
2014 (current_events.rules)

 Pro:

  2809601 - ETPRO TROJAN Backdoor.W32.Agobot Checkin (trojan.rules)
  2809602 - ETPRO MALWARE Adware.Popdeals HTTP Request (malware.rules)
  2809603 - ETPRO MALWARE PUP Win32/Toolbar.Conduit Leaking Client
Info (malware.rules)
  2809604 - ETPRO MOBILE_MALWARE Android/FakeTimer.B Checkin
(mobile_malware.rules)
  2809605 - ETPRO P2P uTorrent Hydra Client (p2p.rules)
  2809606 - ETPRO TROJAN PWS.WIN32/BZUB DNS Query to CNAME related to
cyber espionage 1 (trojan.rules)
  2809607 - ETPRO TROJAN PWS.WIN32/BZUB DNS Query to CNAME related to
cyber espionage 2 (trojan.rules)
  2809608 - ETPRO TROJAN PWS.WIN32/BZUB DNS Query to CNAME related to
cyber espionage 3 (trojan.rules)
  2809609 - ETPRO TROJAN Retrieving file from bluefile.biz likely
malicious (trojan.rules)
  2809610 - ETPRO TROJAN Win32/ChkBot Variant IRC Checkin (trojan.rules)
  2809611 - ETPRO MOBILE_MALWARE Android/SMSreg.PO Checkin
(mobile_malware.rules)
  2809612 - ETPRO TROJAN Critroni Variant .onion Proxy Domain (trojan.rules)
  2809613 - ETPRO TROJAN Critroni Variant .onion Proxy Domain (trojan.rules)
  2809614 - ETPRO MOBILE_MALWARE Android/FakeTimer.A Checkin 3
(mobile_malware.rules)
  2809615 - ETPRO TROJAN Critroni Likely Malicious Tor Proxy Cookie
(trojan.rules)
  2809616 - ETPRO TROJAN Critroni Variant .onion Proxy Domain (trojan.rules)
  2809617 - ETPRO TROJAN Critroni Variant .onion Proxy Domain (trojan.rules)
  2809618 - ETPRO POLICY External IP Lookup ipinfodb.com (policy.rules)
  2809619 - ETPRO POLICY External IP Lookup software77.net (policy.rules)
  2809620 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.dy
Checkin (mobile_malware.rules)
  2809621 - ETPRO MOBILE_MALWARE Trojan-FakeAV.AndroidOS.Andef.b
Checkin (mobile_malware.rules)
  2809622 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Perkel.c Checkin
(mobile_malware.rules)
  2809623 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Perkel.c Checkin
2 (mobile_malware.rules)


 [///]     Modified active rules:     [///]

  2804785 - ETPRO TROJAN Likely Bot User Joining IRC (trojan.rules)


 [---]         Removed rules:         [---]

  2809597 - ETPRO EXPLOIT CVE-2015-0235 Exim Buffer Overflow Attempt
(EHLO) (exploit.rules)
  2809598 - ETPRO EXPLOIT CVE-2015-0235 Exim Buffer Overflow Attempt
(HELO) (exploit.rules)


More information about the Emerging-updates mailing list