[Emerging-updates] Daily Ruleset Update Summary 2015/01/28

Francis Trudeau ftrudeau at emergingthreats.net
Wed Jan 28 18:11:14 EST 2015


All,

We realize 2020325 is duped with 2020326.  We changed 2020326 and
pushing out the the new set now.  Fixed set should be live in
approximately 20 minutes.

Thanks.




On Wed, Jan 28, 2015 at 3:57 PM, Francis Trudeau
<ftrudeau at emergingthreats.net> wrote:
>  [***] Summary: [***]
>
>  9 new Open sigs, 32 new Pro (9 + 23).  Job314/Neutrino, CVE-2015-0235
> Exim vuln, Wordpress PingBack GHOST.
>
>  Thanks:Pierre Schweitzer, Kevin Ross, @abuse_ch, and UT Austin
> Information Security Office.
>
>  [+++]          Added rules:          [+++]
>
>  Open:
>
>   2020320 - ET CURRENT_EVENTS Job314/Neutrino Reboot EK Landing Jan 27
> 2015 (current_events.rules)
>   2020321 - ET CURRENT_EVENTS Job314/Neutrino Reboot EK Landing Jan 27
> 2015 (current_events.rules)
>   2020322 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate
> detected (KINS CnC) (trojan.rules)
>   2020323 - ET WEB_SERVER Heimdallbot Attack Tool Inbound (web_server.rules)
>   2020324 - ET POLICY Onion2Web Tor Proxy Cookie (policy.rules)
>   2020325 - ET EXPLOIT CVE-2015-0235 Exim Buffer Overflow Attempt
> (HELO) (exploit.rules)
>   2020326 - ET EXPLOIT CVE-2015-0235 Exim Buffer Overflow Attempt
> (HELO) (exploit.rules)
>   2020327 - ET WEB_SPECIFIC_APPS Wordpress PingBack Possbile GHOST
> attempt (web_specific_apps.rules)
>   2020328 - ET CURRENT_EVENTS Possible Dridex Campaign Download Jan 28
> 2014 (current_events.rules)
>
>  Pro:
>
>   2809601 - ETPRO TROJAN Backdoor.W32.Agobot Checkin (trojan.rules)
>   2809602 - ETPRO MALWARE Adware.Popdeals HTTP Request (malware.rules)
>   2809603 - ETPRO MALWARE PUP Win32/Toolbar.Conduit Leaking Client
> Info (malware.rules)
>   2809604 - ETPRO MOBILE_MALWARE Android/FakeTimer.B Checkin
> (mobile_malware.rules)
>   2809605 - ETPRO P2P uTorrent Hydra Client (p2p.rules)
>   2809606 - ETPRO TROJAN PWS.WIN32/BZUB DNS Query to CNAME related to
> cyber espionage 1 (trojan.rules)
>   2809607 - ETPRO TROJAN PWS.WIN32/BZUB DNS Query to CNAME related to
> cyber espionage 2 (trojan.rules)
>   2809608 - ETPRO TROJAN PWS.WIN32/BZUB DNS Query to CNAME related to
> cyber espionage 3 (trojan.rules)
>   2809609 - ETPRO TROJAN Retrieving file from bluefile.biz likely
> malicious (trojan.rules)
>   2809610 - ETPRO TROJAN Win32/ChkBot Variant IRC Checkin (trojan.rules)
>   2809611 - ETPRO MOBILE_MALWARE Android/SMSreg.PO Checkin
> (mobile_malware.rules)
>   2809612 - ETPRO TROJAN Critroni Variant .onion Proxy Domain (trojan.rules)
>   2809613 - ETPRO TROJAN Critroni Variant .onion Proxy Domain (trojan.rules)
>   2809614 - ETPRO MOBILE_MALWARE Android/FakeTimer.A Checkin 3
> (mobile_malware.rules)
>   2809615 - ETPRO TROJAN Critroni Likely Malicious Tor Proxy Cookie
> (trojan.rules)
>   2809616 - ETPRO TROJAN Critroni Variant .onion Proxy Domain (trojan.rules)
>   2809617 - ETPRO TROJAN Critroni Variant .onion Proxy Domain (trojan.rules)
>   2809618 - ETPRO POLICY External IP Lookup ipinfodb.com (policy.rules)
>   2809619 - ETPRO POLICY External IP Lookup software77.net (policy.rules)
>   2809620 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.dy
> Checkin (mobile_malware.rules)
>   2809621 - ETPRO MOBILE_MALWARE Trojan-FakeAV.AndroidOS.Andef.b
> Checkin (mobile_malware.rules)
>   2809622 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Perkel.c Checkin
> (mobile_malware.rules)
>   2809623 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Perkel.c Checkin
> 2 (mobile_malware.rules)
>
>
>  [///]     Modified active rules:     [///]
>
>   2804785 - ETPRO TROJAN Likely Bot User Joining IRC (trojan.rules)
>
>
>  [---]         Removed rules:         [---]
>
>   2809597 - ETPRO EXPLOIT CVE-2015-0235 Exim Buffer Overflow Attempt
> (EHLO) (exploit.rules)
>   2809598 - ETPRO EXPLOIT CVE-2015-0235 Exim Buffer Overflow Attempt
> (HELO) (exploit.rules)


More information about the Emerging-updates mailing list