Emerging Threats

  • Increase font size
  • Default font size
  • Decrease font size

Weekly New SignaturesNovember 15 2008

Monday, 17 November 2008 09:35 Matt Jonkman
E-mail Print PDF

[+++] Added rules: [+++]

2008740 - ET TROJAN Ligats/DR.Ilomo Agent Post (emerging-virus.rules)
2008741 - ET CURRENT_EVENTS CVE-2008-2992 Adobe Reader PDF Exploit Related Malware Checkin (emerging.rules)
2008742 - ET MALWARE Suspicious User Agent - Possible Admoke Admware (bdwinrun) (emerging-malware.rules)
2008743 - ET MALWARE Suspicious User Agent - Possible Admoke Admware (bdsclk) (emerging-malware.rules)
2008744 - ET POLICY Possible External FreeGate DNS Query (emerging-policy.rules)
2008745 - ET POLICY Possible External FreeGate DNS Query (emerging-policy.rules)
2008746 - ET POLICY Possible External FreeGate DNS Query (emerging-policy.rules)
2008747 - ET POLICY Possible External FreeGate DNS Query (emerging-policy.rules)
2008748 - ET POLICY Possible External FreeGate DNS Query (emerging-policy.rules)
2008749 - ET MALWARE Suspicious User-Agent (checkonline) (emerging-malware.rules)
2008750 - ET TROJAN Buzus FTP Log Upload (emerging-virus.rules)
2008751 - ET TROJAN Alureon Checkin (Post) (emerging-virus.rules)
2008752 - ET TROJAN AdWare.Win32.Yokbar User-Agent Detected (YOK Agent) (emerging-virus.rules)
2008753 - ET TROJAN AdWare.Win32.Yokbar Checkin URL (emerging-virus.rules)
2008754 - ET MALWARE Possible Rar'd Malware sent when remote host claims to send an Image (emerging-malware.rules)
2008755 - ET TROJAN Autorun.qvi Related HTTP Get on Off Port (emerging-virus.rules)
2008756 - ET MALWARE Suspicious User-Agent (Kvadrlson 1.0) (emerging-malware.rules)
2008757 - ET MALWARE Zenosearch Malware Checkin HTTP POST (emerging-malware.rules)
2008758 - ET TROJAN Mcboo.com/Bundlext.com related Trojan Checkin URL (emerging-virus.rules)
2008759 - ET MALWARE Matcash Trojan Related Spyware Code Download (emerging-malware.rules)
2008760 - ET TROJAN Insidebar.co.kr Related Infection Checkin (emerging-virus.rules)
2008765 - ET TROJAN Brontok/Joseray User-Agent Detected (Joseray.A3 Browser) (emerging-virus.rules)
2008766 - ET TROJAN Generic Downloader Checkin Url Detected (emerging-virus.rules)
2008767 - ET TROJAN Kangkio User-Agent (lsosss) (emerging-virus.rules)
2008768 - ET CURRENT_EVENTS Unknown Trojan P2P Initial Checkin (emerging.rules)
2008769 - ET CURRENT_EVENTS Unknown Trojan P2P Initial Checkin Response (emerging.rules)
2008770 - ET CURRENT_EVENTS Unknown Trojan P2P Data Download (emerging.rules)
2008771 - ET CURRENT_EVENTS Unknown Trojan P2P Download Request (emerging.rules)
2008772 - ET CURRENT_EVENTS Unknown Trojan P2P Request (emerging.rules)
2008773 - ET CURRENT_EVENTS Recovery KEYS for your account Trojan Email Trojan Inbound (emerging.rules)
2008774 - ET CURRENT_EVENTS Recovery KEYS for your account Trojan Email Trojan Inbound (2) (emerging.rules)
2008775 - ET CURRENT_EVENTS Recovery KEYS for your account Trojan Email Trojan Inbound (2) (emerging.rules)
2008776 - ET EXPLOIT GuildFTPd CWD and LIST Command Heap Overflow - POC-1 (emerging-exploit.rules)
2008777 - ET EXPLOIT GuildFTPd CWD and LIST Command Heap Overflow - POC-2 (emerging-exploit.rules)
2008778 - ET TROJAN Ligats/DR.Ilomo Agent Post (2) (emerging-virus.rules)
2008779 - ET CURRENT_EVENTS Unknown Keepalive up (emerging.rules)
2008780 - ET CURRENT_EVENTS Unknown Keepalive down (emerging.rules)
2008781 - ET POLICY Set flow on rar file get (emerging-policy.rules)
2008782 - ET POLICY Possible Trojan File Download bad rar file header (not a valid rar file) (emerging-policy.rules)
2008783 - ET POLICY Possible Trojan File Download - Rar Requested but not received (emerging-policy.rules)


[///] Modified active rules: [///]

2000536 - ET SCAN NMAP -sO (emerging-scan.rules)
2000537 - ET SCAN NMAP -sS (emerging-scan.rules)
2000538 - ET SCAN NMAP -sA (1) (emerging-scan.rules)
2000540 - ET SCAN NMAP -sA (2) (emerging-scan.rules)
2000543 - ET SCAN NMAP -f -sF (emerging-scan.rules)
2000544 - ET SCAN NMAP -f -sN (emerging-scan.rules)
2000545 - ET SCAN NMAP -f -sS (emerging-scan.rules)
2000546 - ET SCAN NMAP -f -sX (emerging-scan.rules)
2003607 - ET MALWARE Cnzz.com/Baidu Related Spyware Stat Reporting (emerging-malware.rules)
2008675 - ET TROJAN Backdoor.Win32.Assasin.20.C Control Session Start (emerging-virus.rules)
2008676 - ET TROJAN Backdoor.Win32.Assasin.20.C Control Session Server Reply (emerging-virus.rules)
2008677 - ET TROJAN Backdoor.Win32.Assasin.20.C Control Channel Client Reply (emerging-virus.rules)
2008735 - ET MALWARE Suspicious User Agent (FTP) (emerging-malware.rules)
2008737 - ET CURRENT_EVENTS KernelBot/MS08-067 related Trojan Checkin (emerging.rules)
2008739 - ET CURRENT_EVENTS MS08-067 Worm Traffic Outbound (emerging.rules)

 

 
< Prev   Next >
 

Contribute to ET! Try SIDReporter

SIDReporter is ready for Prime Time! Try it out and contribute anonymous statistics about the rulesets, get in depth analysis of your events vs global trends, and help make the ET Rulesets better!

Statistics now online!

http://www.emergingthreats.net/index.php/sidreporter-statistics.html

Code here!

http://doc.emergingthreats.net/bin/view/Main/SidReporter