Login  |  Register
Emerging Threats

Daily Ruleset Update Summary 3/27/2012

1 new Open rule. 4 new Pro rules.  A lot of fixes and tweaks (thanks Rmkml).  Compacted the RDP MaxChannel DoS sigs and made them more accurate. If you want to test coverage for CVE-2012-0002, we have shared some pcaps of us using the Metasploit module. See notes.txt.

http://rules.emergingthreats.net/research/PMarinho-WMetcalf-CVE-2012-0002/

[***] Results from Oinkmaster started Tue Mar 27 17:18:32 2012 [***]

[+++]          Added rules:          [+++]

2014435 – ET TROJAN Infostealer.Banprox Proxy.pac Download (trojan.rules)
2804709 – ETPRO TROJAN Backdoor.IRC.ZGQ Install (trojan.rules)
2804710 – ETPRO TROJAN Trojan-Banker.Win32.Banz.jpb Checkin 1 (trojan.rules)
2804711 – ETPRO TROJAN Trojan-Banker.Win32.Banz.jpb Checkin 2 (trojan.rules)
2804712 – ETPRO TROJAN Win32/Haxdoor.N Checkin (trojan.rules)

[+++]  Enabled and modified rules:   [+++]

2014384 – ET DOS Microsoft Remote Desktop (RDP) Syn then Reset 30 Second DoS Attempt (dos.rules)

[///]     Modified active rules:     [///]

2009807 – ET MALWARE 2020search/PowerSearch Toolbar Adware/Spyware – GET (malware.rules)
2010920 – ET WEB_SERVER Exploit Suspected PHP Injection Attack (cmd=) (web_server.rules)
2012735 – ET POLICY Babylon User-Agent (Translation App Observed in PPI MALWARE) (policy.rules)
2013467 – ET WEB_SPECIFIC_APPS Joomla Community component userid parameter SELECT FROM SQL Injection Attempt (web_specific_apps.rules)
2013569 – ET WEB_SPECIFIC_APPS University Of Vermont intro Parameter Remote File inclusion Attempt (web_specific_apps.rules)
2013768 – ET TROJAN Win32.Dropper.Wlock Checkin (trojan.rules)
2014431 – ET DOS Microsoft Remote Desktop Protocol (RDP) maxChannelIds DoS Attempt (dos.rules)
2101603 – GPL WEB_SERVER DELETE attempt (web_server.rules)
2402000 – ET DROP Dshield Block Listed Source (dshield.rules)

[---]         Removed rules:         [---]

2014432 – ET DOS Microsoft Remote Desktop Protocol (RDP) maxChannelIds DoS Attempt 2 byte (dos.rules)
2014433 – ET DOS Microsoft Remote Desktop Protocol (RDP) maxChannelIds DoS Attempt 3 byte (dos.rules)
2014434 – ET DOS Microsoft Remote Desktop Protocol (RDP) maxChannelIds DoS Attempt 4 byte (dos.rules)
2804591 – ETPRO TROJAN Infostealer.Banprox Proxy.pac Download (trojan.rules)