Emerging Threats

  • Increase font size
  • Default font size
  • Decrease font size

Weekly New SignaturesNovember 15 2008

Monday, 17 November 2008 09:35 Matt Jonkman
E-mail Print PDF

[+++] Added rules: [+++]

2008740 - ET TROJAN Ligats/DR.Ilomo Agent Post (emerging-virus.rules)
2008741 - ET CURRENT_EVENTS CVE-2008-2992 Adobe Reader PDF Exploit Related Malware Checkin (emerging.rules)
2008742 - ET MALWARE Suspicious User Agent - Possible Admoke Admware (bdwinrun) (emerging-malware.rules)
2008743 - ET MALWARE Suspicious User Agent - Possible Admoke Admware (bdsclk) (emerging-malware.rules)
2008744 - ET POLICY Possible External FreeGate DNS Query (emerging-policy.rules)
2008745 - ET POLICY Possible External FreeGate DNS Query (emerging-policy.rules)
2008746 - ET POLICY Possible External FreeGate DNS Query (emerging-policy.rules)
2008747 - ET POLICY Possible External FreeGate DNS Query (emerging-policy.rules)
2008748 - ET POLICY Possible External FreeGate DNS Query (emerging-policy.rules)
2008749 - ET MALWARE Suspicious User-Agent (checkonline) (emerging-malware.rules)
2008750 - ET TROJAN Buzus FTP Log Upload (emerging-virus.rules)
2008751 - ET TROJAN Alureon Checkin (Post) (emerging-virus.rules)
2008752 - ET TROJAN AdWare.Win32.Yokbar User-Agent Detected (YOK Agent) (emerging-virus.rules)
2008753 - ET TROJAN AdWare.Win32.Yokbar Checkin URL (emerging-virus.rules)
2008754 - ET MALWARE Possible Rar'd Malware sent when remote host claims to send an Image (emerging-malware.rules)
2008755 - ET TROJAN Autorun.qvi Related HTTP Get on Off Port (emerging-virus.rules)
2008756 - ET MALWARE Suspicious User-Agent (Kvadrlson 1.0) (emerging-malware.rules)
2008757 - ET MALWARE Zenosearch Malware Checkin HTTP POST (emerging-malware.rules)
2008758 - ET TROJAN Mcboo.com/Bundlext.com related Trojan Checkin URL (emerging-virus.rules)
2008759 - ET MALWARE Matcash Trojan Related Spyware Code Download (emerging-malware.rules)
2008760 - ET TROJAN Insidebar.co.kr Related Infection Checkin (emerging-virus.rules)
2008765 - ET TROJAN Brontok/Joseray User-Agent Detected (Joseray.A3 Browser) (emerging-virus.rules)
2008766 - ET TROJAN Generic Downloader Checkin Url Detected (emerging-virus.rules)
2008767 - ET TROJAN Kangkio User-Agent (lsosss) (emerging-virus.rules)
2008768 - ET CURRENT_EVENTS Unknown Trojan P2P Initial Checkin (emerging.rules)
2008769 - ET CURRENT_EVENTS Unknown Trojan P2P Initial Checkin Response (emerging.rules)
2008770 - ET CURRENT_EVENTS Unknown Trojan P2P Data Download (emerging.rules)
2008771 - ET CURRENT_EVENTS Unknown Trojan P2P Download Request (emerging.rules)
2008772 - ET CURRENT_EVENTS Unknown Trojan P2P Request (emerging.rules)
2008773 - ET CURRENT_EVENTS Recovery KEYS for your account Trojan Email Trojan Inbound (emerging.rules)
2008774 - ET CURRENT_EVENTS Recovery KEYS for your account Trojan Email Trojan Inbound (2) (emerging.rules)
2008775 - ET CURRENT_EVENTS Recovery KEYS for your account Trojan Email Trojan Inbound (2) (emerging.rules)
2008776 - ET EXPLOIT GuildFTPd CWD and LIST Command Heap Overflow - POC-1 (emerging-exploit.rules)
2008777 - ET EXPLOIT GuildFTPd CWD and LIST Command Heap Overflow - POC-2 (emerging-exploit.rules)
2008778 - ET TROJAN Ligats/DR.Ilomo Agent Post (2) (emerging-virus.rules)
2008779 - ET CURRENT_EVENTS Unknown Keepalive up (emerging.rules)
2008780 - ET CURRENT_EVENTS Unknown Keepalive down (emerging.rules)
2008781 - ET POLICY Set flow on rar file get (emerging-policy.rules)
2008782 - ET POLICY Possible Trojan File Download bad rar file header (not a valid rar file) (emerging-policy.rules)
2008783 - ET POLICY Possible Trojan File Download - Rar Requested but not received (emerging-policy.rules)


[///] Modified active rules: [///]

2000536 - ET SCAN NMAP -sO (emerging-scan.rules)
2000537 - ET SCAN NMAP -sS (emerging-scan.rules)
2000538 - ET SCAN NMAP -sA (1) (emerging-scan.rules)
2000540 - ET SCAN NMAP -sA (2) (emerging-scan.rules)
2000543 - ET SCAN NMAP -f -sF (emerging-scan.rules)
2000544 - ET SCAN NMAP -f -sN (emerging-scan.rules)
2000545 - ET SCAN NMAP -f -sS (emerging-scan.rules)
2000546 - ET SCAN NMAP -f -sX (emerging-scan.rules)
2003607 - ET MALWARE Cnzz.com/Baidu Related Spyware Stat Reporting (emerging-malware.rules)
2008675 - ET TROJAN Backdoor.Win32.Assasin.20.C Control Session Start (emerging-virus.rules)
2008676 - ET TROJAN Backdoor.Win32.Assasin.20.C Control Session Server Reply (emerging-virus.rules)
2008677 - ET TROJAN Backdoor.Win32.Assasin.20.C Control Channel Client Reply (emerging-virus.rules)
2008735 - ET MALWARE Suspicious User Agent (FTP) (emerging-malware.rules)
2008737 - ET CURRENT_EVENTS KernelBot/MS08-067 related Trojan Checkin (emerging.rules)
2008739 - ET CURRENT_EVENTS MS08-067 Worm Traffic Outbound (emerging.rules)

 

 
< Prev   Next >
 

Stay Up to Date!

Stay Connected to the ET Community and Updates

 http://lists.emergingthreats.net/mailman/listinfo/

 Or connect to admins and users on Freenode IRC in #emerging-threats