Emerging Threats

  • Increase font size
  • Default font size
  • Decrease font size

Weekly New Signatures July 26 2008

Saturday, 26 July 2008 13:03 Matt Jonkman
E-mail Print PDF

 

 

[***] Results from Oinkmaster started Sat Jul 26 18:00:08 2008 [***]

[+++] Added rules: [+++]

2008446 - ET CURRENT_EVENTS Excessive DNS Responses with 1 or more RR's (100+ in 10 seconds) - possible Cache Poisoning Attempt (emerging.rules)
2008447 - ET CURRENT_EVENTS DNS Query Responses with 3 RR's set (50+ in 2 seconds) - possible NS RR Cache Poisoning Attempt (emerging.rules)
2008450 - ET TROJAN Buzus.lyz Connect to CnC (emerging-virus.rules)
2008451 - ET TROJAN Buzus.lyz Report to CnC (emerging-virus.rules)
2008452 - ET TROJAN Downloader.uxk checkin (emerging-virus.rules)
2008453 - ET SCAN Tomcat Auth Brute Force attempt (admin) (emerging-scan.rules)
2008454 - ET SCAN Tomcat Auth Brute Force attempt (tomcat) (emerging-scan.rules)
2008455 - ET SCAN Tomcat Auth Brute Force attempt (manager) (emerging-scan.rules)
2008456 - ET MALWARE PCPrivacyCleaner Rougue Secuirty App GET Checkin (emerging-malware.rules)
2008457 - ET MALWARE Deepdo Toolbar User-Agent (FavUpdate) (emerging-malware.rules)
2008458 - ET TROJAN Downloader UserAgent(AutoDL\/1.0) (emerging-virus.rules)
2008460 - ET MALWARE Suspicious User-Agent (hacker) (emerging-malware.rules)
2008461 - ET TROJAN Rouge Security Software Win32.BHO.egw (emerging-virus.rules)
2008462 - ET TROJAN Downloader.Agent.ZHO CnC Commands (emerging-virus.rules)
2008463 - ET MALWARE Suspicious User-Agent (ieguideupdate) (emerging-malware.rules)
2008464 - ET MALWARE Suspicious User-Agent (adsntD) (emerging-malware.rules)
2008465 - ET TROJAN Backdoor Possible Backdoor.Cow Varient (Backdoor.Win32.Agent.lam) C&C traffic (emerging-virus.rules)
2008467 - ET WEB Possible SQL Injection Attempt Danmec related (declare) (emerging-web.rules)
2008468 - ET TROJAN LDPinch Checkin Flowbit set (emerging-virus.rules)
2008469 - ET TROJAN LDPinch Checkin v2 (emerging-virus.rules)
2008470 - ET CURRENT_EVENTS Excessive NXDOMAIN responses - Possible DNS Poisoning Attempt Backscatter (emerging.rules)
2008471 - ET TROJAN HotLan.C Spambot C&C download command (emerging-virus.rules)
2008472 - ET POLICY Netviewer.com Remote Control Proxy Test (emerging-policy.rules)
2008473 - ET TROJAN HotLan.C Spambot Trojan Activity (emerging-virus.rules)
2008474 - ET MALWARE Adware.Look2Me Activity (emerging-malware.rules)
2008475 - ET CURRENT_EVENTS DNS Query Responses with 3 RR's set (50+ in 2 seconds) - possible A RR Cache Poisoning Attempt (emerging.rules)
2008476 - ET EXPLOIT Foofus.net Password dumping, dll injection (emerging-exploit.rules)


[///] Modified active rules: [///]

2001852 - ET MALWARE 404Search Spyware User Agent (emerging-malware.rules)
2001853 - ET MALWARE Easy Search Bar Spyware User Agent (emerging-malware.rules)
2001854 - ET MALWARE EZULA Spyware User Agent (emerging-malware.rules)
2001869 - ET MALWARE Sidesearch Spyware User Agent (emerging-malware.rules)
2002776 - ET TROJAN SickleBot Reporting User Activity (emerging-virus.rules)
2008034 - ET TROJAN LDPinch SMTP Password Report (emerging-virus.rules)
2008077 - ET CURRENT_EVENTS Possible Storm Worm EXE Request (postcard.exe) (emerging.rules)
2008175 - ET WEB Possible SQL Injection (varchar) (emerging-web.rules)
2008176 - ET WEB Possible SQL Injection (exec) (emerging-web.rules)
2008371 - ET MALWARE Likely Ad-ware installation phoning home (success and NSISDL User-Agent) (emerging-malware.rules)
2008372 - ET MALWARE Adsincontext.com Related Spyware User-Agent (Connector v1.2) (emerging-malware.rules)
2008374 - ET MALWARE Suspicious User-Agent (InetURL) (emerging-malware.rules)
2008378 - ET MALWARE Suspicious User-Agent (ErrCode) (emerging-malware.rules)
2008387 - ET CURRENT_EVENTS Possible ASPROX Hostile JS Being Served by a Local Webserver (/ngg.js) (emerging.rules)
2008388 - ET CURRENT_EVENTS Possible ASPROX Hostile JS Being Served by a Local Webserver (/b.js) (emerging.rules)
2008391 - ET MALWARE Suspicious User-Agent (svchost) (emerging-malware.rules)
2008400 - ET MALWARE Suspicious User-Agent (ReadFileURL) (emerging-malware.rules)
2008411 - ET TROJAN LDPinch SMTP Password Report with mail client The Bat! (emerging-virus.rules)
2008413 - ET MALWARE Suspicious User-Agent (PcPcUpdater) (emerging-malware.rules)
2008422 - ET MALWARE Suspicious User-Agent (Inet_read) (emerging-malware.rules)
2008423 - ET MALWARE Suspicious User-Agent (CFS Agent) (emerging-malware.rules)
2008424 - ET MALWARE Suspicious User-Agent (CFS_DOWNLOAD) (emerging-malware.rules)
2008427 - ET MALWARE Suspicious User-Agent (AdiseExplorer) (emerging-malware.rules)
2008428 - ET MALWARE Suspicious User-Agent (HTTP Downloader) (emerging-malware.rules)
2008429 - ET MALWARE Suspicious User-Agent (HttpDownload) (emerging-malware.rules)

2008440 - ET MALWARE Suspicious User-Agent (Download App) (emerging-malware.rules)

 

< Prev   Next >
Last Updated ( Saturday, 26 July 2008 13:04 )  

Stay Up to Date!

Stay Connected to the ET Community and Updates

 http://lists.emergingthreats.net/mailman/listinfo/

 Or connect to admins and users on Freenode IRC in #emerging-threats