Emerging Threats

  • Increase font size
  • Default font size
  • Decrease font size

Weekly New Signatures November 30 2008

Sunday, 30 November 2008 08:20 Matt Jonkman
E-mail Print PDF

[+++] Added rules: [+++]

2002171 - ET WEB_ACTIVEX COM Object Instantiation Memory Corruption Vulnerability (group 1) (emerging-web.rules)
2002172 - ET WEB_ACTIVEX COM Object Instantiation Memory Corruption Vulnerability (group 2) (emerging-web.rules)
2002173 - ET WEB_ACTIVEX COM Object Instantiation Memory Corruption Vulnerability (group 3) (emerging-web.rules)
2002174 - ET WEB_ACTIVEX CLSID Pattern Matched (emerging-web.rules)
2002308 - ET WEB_ACTIVEX Internet Explorer Vulnerable CLSID (Msdds.dll) (emerging-web.rules)
2002491 - ET WEB_ACTIVEX COM Object MS05-052 (group 1) (emerging-web.rules)
2002492 - ET WEB_ACTIVEX COM Object MS05-052 (group 2) (emerging-web.rules)
2002493 - ET WEB_ACTIVEX COM Object MS05-052 (group 3) (emerging-web.rules)
2002674 - ET WEB_ACTIVEX Sony DRM Reporting 2 (emerging-web.rules)
2002675 - ET WEB_ACTIVEX Sony DRM Reporting 1 (emerging-web.rules)
2002679 - ET WEB_ACTIVEX Sony DRM Related - CodeSupport ActiveX Attempt (emerging-web.rules)
2002680 - ET WEB_ACTIVEX Sony DRM - Uninstaller CLSID (emerging-web.rules)
2002724 - ET WEB_ACTIVEX MciWndx ActiveX Control (emerging-web.rules)
2002725 - ET WEB_ACTIVEX COM Object Instantiation Memory Corruption Vulnerability MS05-054 (emerging-web.rules)
2002861 - ET WEB_ACTIVEX Danim.dll and Dxtmsft.dll COM Objects (emerging-web.rules)
2002971 - ET WEB_ACTIVEX Wmm2fxa.dll COM Object Instantiation Memory Corruption (emerging-web.rules)
2003077 - ET WEB_ACTIVEX COM Object MS06-042 (group 1) (emerging-web.rules)
2003078 - ET WEB_ACTIVEX COM Object MS06-042 (group 2) (emerging-web.rules)
2003079 - ET WEB_ACTIVEX COM Object MS06-042 (group 3) (emerging-web.rules)
2003080 - ET WEB_ACTIVEX COM Object MS06-042 (group 4) (emerging-web.rules)
2003102 - ET WEB_ACTIVEX Microsoft Multimedia Controls - ActiveX control's spline function call CLSID (emerging-web.rules)
2003103 - ET WEB_ACTIVEX Microsoft Multimedia Controls - ActiveX control's spline function call Object (emerging-web.rules)
2003104 - ET WEB_ACTIVEX Microsoft Multimedia Controls - ActiveX control's KeyFrame function call CSLID (emerging-web.rules)
2003105 - ET WEB_ACTIVEX Microsoft Multimedia Controls - ActiveX control's KeyFrame function call Object (emerging-web.rules)
2003158 - ET WEB_ACTIVEX Microsoft WMIScriptUtils.WMIObjectBroker object call CSLID (emerging-web.rules)
2003159 - ET WEB_ACTIVEX Microsoft VsmIDE.DTE object call CSLID (emerging-web.rules)
2003160 - ET WEB_ACTIVEX Microsoft DExplore.AppObj.8.0 object call CSLID (emerging-web.rules)
2003161 - ET WEB_ACTIVEX Microsoft VisualStudio.DTE.8.0 object call CSLID (emerging-web.rules)
2003162 - ET WEB_ACTIVEX Microsoft Microsoft.DbgClr.DTE.8.0 object call CSLID (emerging-web.rules)
2003163 - ET WEB_ACTIVEX Microsoft VsaIDE.DTE object call CSLID (emerging-web.rules)
2003164 - ET WEB_ACTIVEX Microsoft Business Object Factory object call CSLID (emerging-web.rules)
2003165 - ET WEB_ACTIVEX Microsoft Outlook Data Object object call CSLID (emerging-web.rules)
2003166 - ET WEB_ACTIVEX Microsoft Outlook.Application object call CSLID (emerging-web.rules)
2003231 - ET WEB_ACTIVEX Possible Microsoft IE Install Engine Inseng.dll Arbitrary Code Execution (emerging-web.rules)
2003232 - ET WEB_ACTIVEX Possible Microsoft IE Install Engine Inseng.dll Arbitrary Code Execution (2) (emerging-web.rules)
2003233 - ET WEB_ACTIVEX Possible Microsoft IE Shell.Application ActiveX Arbitrary Command Execution (emerging-web.rules)
2003234 - ET WEB_ACTIVEX Possible Microsoft IE Shell.Application ActiveX Arbitrary Command Execution (2) (emerging-web.rules)
2003328 - ET WEB_ACTIVEX NCTAudioFile2 ActiveX SetFormatLikeSample() Buffer Overflow (emerging-web.rules)
2003514 - ET WEB_ACTIVEX Possible Microsoft Internet Explorer ADODB.Redcordset Double Free Memory Exploit - MS07-009 (emerging-web.rules)
2007850 - ET WEB_ACTIVEX Move Networks Media Player QMPUpgrade.dll ActiveX Control Buffer Overflow Vulnerability (emerging-web.rules)
2007852 - ET WEB_ACTIVEX Gateway Weblaunch2.ocx ActiveX Control Insecure Method Exploit (emerging-web.rules)
2007853 - ET WEB_ACTIVEX ImageShack Toolbar ImageShackToolbar.dll ActiveX Control Insecure Method Vulnerability (emerging-web.rules)
2007904 - ET WEB_ACTIVEX RTSP MPEG4 SP Control ActiveX Control Url Property Buffer Overflow Vulnerability (emerging-web.rules)
2007907 - ET WEB_ACTIVEX Move Networks Quantum Streaming Player Control UploadLogs() BOF (emerging-web.rules)
2007931 - ET WEB_ACTIVEX IncrediMail IMMenuShellExt ActiveX Control Buffer Overflow Vulnerability (emerging-web.rules)
2007932 - ET WEB_ACTIVEX Symantec BackupExec Calendar Control (PVCalendar.ocx) BoF Vulnerability (emerging-web.rules)
2008099 - ET WEB_ACTIVEX ChilkatHttp ActiveX 2.3 Arbitrary Files Overwrite (emerging-web.rules)
2008607 - ET WEB_ACTIVEX Chilkat IMAP ActiveX File Execution and IE DoS (emerging-web.rules)
2008612 - ET WEB_ACTIVEX Autodesk Design Review DWF Viewer ActiveX Control SaveAs Insecure Method (emerging-web.rules)
2008613 - ET WEB_ACTIVEX GdPicture Pro ActiveX control SaveAsPDF Insecure Method (emerging-web.rules)
2008618 - ET WEB_ACTIVEX IAS Helper COM Component iashlpr.dll activex remote DOS (emerging-web.rules)
2008619 - ET WEB_ACTIVEX Novell ZENWorks for Desktops Remote Heap-Based Buffer Overflow (emerging-web.rules)
2008620 - ET WEB_ACTIVEX Internet Information Service iisext.dll activex setpassword Insecure Method (emerging-web.rules)
2008621 - ET WEB_ACTIVEX Internet Information Service adsiis.dll activex remote DOS (emerging-web.rules)
2008673 - ET WEB_ACTIVEX Microsoft PicturePusher ActiveX Cross Site File Upload Attack (emerging-web.rules)
2008678 - ET WEB_ACTIVEX Hummingbird Deployment Wizard 2008 ActiveX Insecure Methods (emerging-web.rules)
2008683 - ET WEB_ACTIVEX Dart Communications PowerTCP FTP for ActiveX DartFtp.dll Control Buffer Overflow (emerging-web.rules)
2008792 - ET WEB_ACTIVEX Microsoft DebugDiag CrashHangExt.dll ActiveX Control Remote Denial of Service (emerging-web.rules)
2008796 - ET CURRENT_EVENTS Mac DNS Changer Trojan UA Detected (emerging.rules)
2008797 - ET MALWARE Suspicious User-Agent (miip) (emerging-malware.rules)
2008798 - ET MALWARE Zenosearch Malware Checkin HTTP POST (2) (emerging-malware.rules)
2008799 - ET CURRENT_EVENTS Win32.Kernelbot Second Stage Infection Download (emerging.rules)
2008800 - ET CURRENT_EVENTS Conficker-A Worm Download Attempt From 1st December 2008 (emerging.rules)
2008801 - ET CURRENT_EVENTS Conficker-A Worm Download Attempt From Dates 25/11-01/12 2008 (emerging.rules)


[///] Modified active rules: [///]

2007705 - ET WEB Neosploit 1.5.x URL Loader (emerging-web.rules)
2007878 - ET WEB_ACTIVEX Apple QuickTime <= 7.4.1 QTPlugin.ocx Multiple Remote Stack Overflow (emerging-web.rules)
2007998 - ET WEB_ACTIVEX Rediff Bol Downloader ActiveX Control Remote Code Execution (emerging-web.rules)
2008062 - ET WEB_ACTIVEX Univeral HTTP File Upload Remote File Deletetion (emerging-web.rules)
2008126 - ET WEB_ACTIVEX IBiz E-Banking Integrator V2 ActiveX Edition Insecure Method (emerging-web.rules)
2008127 - ET WEB_ACTIVEX Data Dynamics ActiveBar ActiveX Control (Actbar3.ocx 3.2) Multiple Inscure Methods (emerging-web.rules)
2008128 - ET WEB_ACTIVEX Tumbleweed SecureTransport FileTransfer ActiveX BOF Exploit (emerging-web.rules)
2008129 - ET WEB_ACTIVEX LEADTOOLS Multimedia Toolkit 15 Arbitrary Files Overwrite (emerging-web.rules)
2008173 - ET WEB_ACTIVEX PPStream PowerPlayer.DLL ActiveX Control BoF Vulnerability (emerging-web.rules)
2008225 - ET WEB_ACTIVEX Possible Universal HTTP Image/File Upload ActiveX Remote File Deletion Exploit (emerging-web.rules)
2008226 - ET WEB_ACTIVEX Microsoft Works 7 WkImgSrv.dll ActiveX Remote BOF Exploit (emerging-web.rules)
2008227 - ET WEB_ACTIVEX Possible Secure File Delete Wizard ActiveX Insecure Methods Exploit (emerging-web.rules)
2008405 - ET TROJAN Obitel trojan calling home (emerging-virus.rules)
2008690 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (1) (emerging-exploit.rules)
2008691 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (2) (emerging-exploit.rules)
2008692 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (3) (emerging-exploit.rules)
2008693 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (4) (emerging-exploit.rules)
2008694 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (5) (emerging-exploit.rules)
2008695 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (6) (emerging-exploit.rules)
2008696 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (7) (emerging-exploit.rules)
2008697 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (8) (emerging-exploit.rules)
2008698 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (9) (emerging-exploit.rules)
2008699 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (10) (emerging-exploit.rules)
2008700 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 - Known Exploit Instance (emerging-exploit.rules)
2008701 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (11) (emerging-exploit.rules)
2008702 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (12) (emerging-exploit.rules)
2008703 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (13) (emerging-exploit.rules)
2008704 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (14) (emerging-exploit.rules)
2008705 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (15) (emerging-exploit.rules)
2008706 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (16) (emerging-exploit.rules)
2008707 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (17) (emerging-exploit.rules)
2008708 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (18) (emerging-exploit.rules)
2008709 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (19) (emerging-exploit.rules)
2008710 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (20) (emerging-exploit.rules)
2008711 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (21) (emerging-exploit.rules)
2008712 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (22) (emerging-exploit.rules)
2008713 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (23) (emerging-exploit.rules)
2008714 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (24) (emerging-exploit.rules)
2008715 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (25) (emerging-exploit.rules)
2008716 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (26) (emerging-exploit.rules)
2008717 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (27) (emerging-exploit.rules)
2008718 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (28) (emerging-exploit.rules)
2008719 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (29) (emerging-exploit.rules)
2008720 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (30) (emerging-exploit.rules)
2008721 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 - Known Exploit Instance (2) (emerging-exploit.rules)
2008783 - ET POLICY Possible Trojan File Download - Rar Requested but not received (emerging-policy.rules)

 

 

 

< Prev   Next >
 

Contribute to ET! Try SIDReporter

SIDReporter is ready for Prime Time! Try it out and contribute anonymous statistics about the rulesets, get in depth analysis of your events vs global trends, and help make the ET Rulesets better!

Statistics now online!

http://www.emergingthreats.net/index.php/sidreporter-statistics.html

Code here!

http://doc.emergingthreats.net/bin/view/Main/SidReporter