Emerging Threats

  • Increase font size
  • Default font size
  • Decrease font size

Weekly New Signatures November 30 2008

Sunday, 30 November 2008 08:20 Matt Jonkman
E-mail Print PDF

[+++] Added rules: [+++]

2002171 - ET WEB_ACTIVEX COM Object Instantiation Memory Corruption Vulnerability (group 1) (emerging-web.rules)
2002172 - ET WEB_ACTIVEX COM Object Instantiation Memory Corruption Vulnerability (group 2) (emerging-web.rules)
2002173 - ET WEB_ACTIVEX COM Object Instantiation Memory Corruption Vulnerability (group 3) (emerging-web.rules)
2002174 - ET WEB_ACTIVEX CLSID Pattern Matched (emerging-web.rules)
2002308 - ET WEB_ACTIVEX Internet Explorer Vulnerable CLSID (Msdds.dll) (emerging-web.rules)
2002491 - ET WEB_ACTIVEX COM Object MS05-052 (group 1) (emerging-web.rules)
2002492 - ET WEB_ACTIVEX COM Object MS05-052 (group 2) (emerging-web.rules)
2002493 - ET WEB_ACTIVEX COM Object MS05-052 (group 3) (emerging-web.rules)
2002674 - ET WEB_ACTIVEX Sony DRM Reporting 2 (emerging-web.rules)
2002675 - ET WEB_ACTIVEX Sony DRM Reporting 1 (emerging-web.rules)
2002679 - ET WEB_ACTIVEX Sony DRM Related - CodeSupport ActiveX Attempt (emerging-web.rules)
2002680 - ET WEB_ACTIVEX Sony DRM - Uninstaller CLSID (emerging-web.rules)
2002724 - ET WEB_ACTIVEX MciWndx ActiveX Control (emerging-web.rules)
2002725 - ET WEB_ACTIVEX COM Object Instantiation Memory Corruption Vulnerability MS05-054 (emerging-web.rules)
2002861 - ET WEB_ACTIVEX Danim.dll and Dxtmsft.dll COM Objects (emerging-web.rules)
2002971 - ET WEB_ACTIVEX Wmm2fxa.dll COM Object Instantiation Memory Corruption (emerging-web.rules)
2003077 - ET WEB_ACTIVEX COM Object MS06-042 (group 1) (emerging-web.rules)
2003078 - ET WEB_ACTIVEX COM Object MS06-042 (group 2) (emerging-web.rules)
2003079 - ET WEB_ACTIVEX COM Object MS06-042 (group 3) (emerging-web.rules)
2003080 - ET WEB_ACTIVEX COM Object MS06-042 (group 4) (emerging-web.rules)
2003102 - ET WEB_ACTIVEX Microsoft Multimedia Controls - ActiveX control's spline function call CLSID (emerging-web.rules)
2003103 - ET WEB_ACTIVEX Microsoft Multimedia Controls - ActiveX control's spline function call Object (emerging-web.rules)
2003104 - ET WEB_ACTIVEX Microsoft Multimedia Controls - ActiveX control's KeyFrame function call CSLID (emerging-web.rules)
2003105 - ET WEB_ACTIVEX Microsoft Multimedia Controls - ActiveX control's KeyFrame function call Object (emerging-web.rules)
2003158 - ET WEB_ACTIVEX Microsoft WMIScriptUtils.WMIObjectBroker object call CSLID (emerging-web.rules)
2003159 - ET WEB_ACTIVEX Microsoft VsmIDE.DTE object call CSLID (emerging-web.rules)
2003160 - ET WEB_ACTIVEX Microsoft DExplore.AppObj.8.0 object call CSLID (emerging-web.rules)
2003161 - ET WEB_ACTIVEX Microsoft VisualStudio.DTE.8.0 object call CSLID (emerging-web.rules)
2003162 - ET WEB_ACTIVEX Microsoft Microsoft.DbgClr.DTE.8.0 object call CSLID (emerging-web.rules)
2003163 - ET WEB_ACTIVEX Microsoft VsaIDE.DTE object call CSLID (emerging-web.rules)
2003164 - ET WEB_ACTIVEX Microsoft Business Object Factory object call CSLID (emerging-web.rules)
2003165 - ET WEB_ACTIVEX Microsoft Outlook Data Object object call CSLID (emerging-web.rules)
2003166 - ET WEB_ACTIVEX Microsoft Outlook.Application object call CSLID (emerging-web.rules)
2003231 - ET WEB_ACTIVEX Possible Microsoft IE Install Engine Inseng.dll Arbitrary Code Execution (emerging-web.rules)
2003232 - ET WEB_ACTIVEX Possible Microsoft IE Install Engine Inseng.dll Arbitrary Code Execution (2) (emerging-web.rules)
2003233 - ET WEB_ACTIVEX Possible Microsoft IE Shell.Application ActiveX Arbitrary Command Execution (emerging-web.rules)
2003234 - ET WEB_ACTIVEX Possible Microsoft IE Shell.Application ActiveX Arbitrary Command Execution (2) (emerging-web.rules)
2003328 - ET WEB_ACTIVEX NCTAudioFile2 ActiveX SetFormatLikeSample() Buffer Overflow (emerging-web.rules)
2003514 - ET WEB_ACTIVEX Possible Microsoft Internet Explorer ADODB.Redcordset Double Free Memory Exploit - MS07-009 (emerging-web.rules)
2007850 - ET WEB_ACTIVEX Move Networks Media Player QMPUpgrade.dll ActiveX Control Buffer Overflow Vulnerability (emerging-web.rules)
2007852 - ET WEB_ACTIVEX Gateway Weblaunch2.ocx ActiveX Control Insecure Method Exploit (emerging-web.rules)
2007853 - ET WEB_ACTIVEX ImageShack Toolbar ImageShackToolbar.dll ActiveX Control Insecure Method Vulnerability (emerging-web.rules)
2007904 - ET WEB_ACTIVEX RTSP MPEG4 SP Control ActiveX Control Url Property Buffer Overflow Vulnerability (emerging-web.rules)
2007907 - ET WEB_ACTIVEX Move Networks Quantum Streaming Player Control UploadLogs() BOF (emerging-web.rules)
2007931 - ET WEB_ACTIVEX IncrediMail IMMenuShellExt ActiveX Control Buffer Overflow Vulnerability (emerging-web.rules)
2007932 - ET WEB_ACTIVEX Symantec BackupExec Calendar Control (PVCalendar.ocx) BoF Vulnerability (emerging-web.rules)
2008099 - ET WEB_ACTIVEX ChilkatHttp ActiveX 2.3 Arbitrary Files Overwrite (emerging-web.rules)
2008607 - ET WEB_ACTIVEX Chilkat IMAP ActiveX File Execution and IE DoS (emerging-web.rules)
2008612 - ET WEB_ACTIVEX Autodesk Design Review DWF Viewer ActiveX Control SaveAs Insecure Method (emerging-web.rules)
2008613 - ET WEB_ACTIVEX GdPicture Pro ActiveX control SaveAsPDF Insecure Method (emerging-web.rules)
2008618 - ET WEB_ACTIVEX IAS Helper COM Component iashlpr.dll activex remote DOS (emerging-web.rules)
2008619 - ET WEB_ACTIVEX Novell ZENWorks for Desktops Remote Heap-Based Buffer Overflow (emerging-web.rules)
2008620 - ET WEB_ACTIVEX Internet Information Service iisext.dll activex setpassword Insecure Method (emerging-web.rules)
2008621 - ET WEB_ACTIVEX Internet Information Service adsiis.dll activex remote DOS (emerging-web.rules)
2008673 - ET WEB_ACTIVEX Microsoft PicturePusher ActiveX Cross Site File Upload Attack (emerging-web.rules)
2008678 - ET WEB_ACTIVEX Hummingbird Deployment Wizard 2008 ActiveX Insecure Methods (emerging-web.rules)
2008683 - ET WEB_ACTIVEX Dart Communications PowerTCP FTP for ActiveX DartFtp.dll Control Buffer Overflow (emerging-web.rules)
2008792 - ET WEB_ACTIVEX Microsoft DebugDiag CrashHangExt.dll ActiveX Control Remote Denial of Service (emerging-web.rules)
2008796 - ET CURRENT_EVENTS Mac DNS Changer Trojan UA Detected (emerging.rules)
2008797 - ET MALWARE Suspicious User-Agent (miip) (emerging-malware.rules)
2008798 - ET MALWARE Zenosearch Malware Checkin HTTP POST (2) (emerging-malware.rules)
2008799 - ET CURRENT_EVENTS Win32.Kernelbot Second Stage Infection Download (emerging.rules)
2008800 - ET CURRENT_EVENTS Conficker-A Worm Download Attempt From 1st December 2008 (emerging.rules)
2008801 - ET CURRENT_EVENTS Conficker-A Worm Download Attempt From Dates 25/11-01/12 2008 (emerging.rules)


[///] Modified active rules: [///]

2007705 - ET WEB Neosploit 1.5.x URL Loader (emerging-web.rules)
2007878 - ET WEB_ACTIVEX Apple QuickTime <= 7.4.1 QTPlugin.ocx Multiple Remote Stack Overflow (emerging-web.rules)
2007998 - ET WEB_ACTIVEX Rediff Bol Downloader ActiveX Control Remote Code Execution (emerging-web.rules)
2008062 - ET WEB_ACTIVEX Univeral HTTP File Upload Remote File Deletetion (emerging-web.rules)
2008126 - ET WEB_ACTIVEX IBiz E-Banking Integrator V2 ActiveX Edition Insecure Method (emerging-web.rules)
2008127 - ET WEB_ACTIVEX Data Dynamics ActiveBar ActiveX Control (Actbar3.ocx 3.2) Multiple Inscure Methods (emerging-web.rules)
2008128 - ET WEB_ACTIVEX Tumbleweed SecureTransport FileTransfer ActiveX BOF Exploit (emerging-web.rules)
2008129 - ET WEB_ACTIVEX LEADTOOLS Multimedia Toolkit 15 Arbitrary Files Overwrite (emerging-web.rules)
2008173 - ET WEB_ACTIVEX PPStream PowerPlayer.DLL ActiveX Control BoF Vulnerability (emerging-web.rules)
2008225 - ET WEB_ACTIVEX Possible Universal HTTP Image/File Upload ActiveX Remote File Deletion Exploit (emerging-web.rules)
2008226 - ET WEB_ACTIVEX Microsoft Works 7 WkImgSrv.dll ActiveX Remote BOF Exploit (emerging-web.rules)
2008227 - ET WEB_ACTIVEX Possible Secure File Delete Wizard ActiveX Insecure Methods Exploit (emerging-web.rules)
2008405 - ET TROJAN Obitel trojan calling home (emerging-virus.rules)
2008690 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (1) (emerging-exploit.rules)
2008691 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (2) (emerging-exploit.rules)
2008692 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (3) (emerging-exploit.rules)
2008693 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (4) (emerging-exploit.rules)
2008694 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (5) (emerging-exploit.rules)
2008695 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (6) (emerging-exploit.rules)
2008696 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (7) (emerging-exploit.rules)
2008697 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (8) (emerging-exploit.rules)
2008698 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (9) (emerging-exploit.rules)
2008699 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (10) (emerging-exploit.rules)
2008700 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 - Known Exploit Instance (emerging-exploit.rules)
2008701 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (11) (emerging-exploit.rules)
2008702 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (12) (emerging-exploit.rules)
2008703 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (13) (emerging-exploit.rules)
2008704 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (14) (emerging-exploit.rules)
2008705 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (15) (emerging-exploit.rules)
2008706 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (16) (emerging-exploit.rules)
2008707 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (17) (emerging-exploit.rules)
2008708 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (18) (emerging-exploit.rules)
2008709 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (19) (emerging-exploit.rules)
2008710 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (20) (emerging-exploit.rules)
2008711 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (21) (emerging-exploit.rules)
2008712 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (22) (emerging-exploit.rules)
2008713 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (23) (emerging-exploit.rules)
2008714 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (24) (emerging-exploit.rules)
2008715 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (25) (emerging-exploit.rules)
2008716 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (26) (emerging-exploit.rules)
2008717 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (27) (emerging-exploit.rules)
2008718 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (28) (emerging-exploit.rules)
2008719 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (29) (emerging-exploit.rules)
2008720 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (30) (emerging-exploit.rules)
2008721 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 - Known Exploit Instance (2) (emerging-exploit.rules)
2008783 - ET POLICY Possible Trojan File Download - Rar Requested but not received (emerging-policy.rules)

 

 

 

< Prev   Next >
 

OISF Founded
The Open Information Security Foundation has been founded. More at http://www.openinfosecfoundation.org