Emerging Threats

  • Increase font size
  • Default font size
  • Decrease font size

ET Lanyards are in!

Monday, 19 October 2009 10:35 Matt Jonkman

We have the Lanyards in!!

They are heavy duty but soft 3/4" nylon with a very strong metal clasp. Great for the 37 ID badges most of us have to carry these days. They'll keep your neck warm in the datacenter as well! 

Lanyard

And don't forget about the tshirts which are also available, all proceeds going to support the project's infrastructure and hardware needs.

http://www.emergingthreats.net/index.php/support-et-and-buy-et-schwag.html

Coffee mugs were delayed, had to change companies because of a bad order. They'll be available in November.

We appreciate everyone's support of the project, and that you're willing to show off the ET logo when you're out and about. It pays off, we get new community members every day!

Matt

Last Updated ( Monday, 19 October 2009 10:38 )
 

Weekly New Signatures October 10, 2009

Monday, 12 October 2009 08:12 Matt Jonkman

[+++] Added rules: [+++]

2009154 - ET USER_AGENTS Automated Injection Tool User-Agent (AutoGetColumn) (emerging-user_agents.rules)
2010035 - ET WEB_CLIENT ACTIVEX Possible EMC Captiva PixTools Distributed Imaging ActiveX Control Vulnerable WriteToLog Method Arbitrary File Creation/Overwrite Attempt (emerging-web_client.rules)
2010036 - ET WEB_CLIENT ACTIVEX Possible EMC Captiva PixTools Distributed Imaging ActiveX Control Vulnerable SetLogLevel/SetLogFileName Method Arbitrary File Creation/Overwrite Attempt (emerging-web_client.rules)
2010037 - ET WEB_SERVER Possible SQL Injection INTO OUTFILE Arbitrary File Write Attempt (emerging-web_server.rules)
2010038 - ET WEB_SERVER Possible INTO OUTFILE Arbitrary File Write SQL Injection In Cookie (emerging-web_server.rules)
2010039 - ET WEB_ACTIVEX Possible AOL SuperBuddy ActiveX Control Remote Code Execution Attempt (emerging-web_client.rules)
2010040 - ET WEB_SPECIFIC_APPS Joomla! CB Resume Builder 'group_id' Parameter SELECT FROM SQL Injection (emerging-web_specific_apps.rules)
2010041 - ET WEB_SPECIFIC_APPS Joomla! CB Resume Builder 'group_id' Parameter DELETE FROM SQL Injection (emerging-web_specific_apps.rules)
2010042 - ET WEB_SPECIFIC_APPS Joomla! CB Resume Builder 'group_id' Parameter UNION SELECT SQL Injection (emerging-web_specific_apps.rules)
2010043 - ET WEB_SPECIFIC_APPS Joomla! CB Resume Builder 'group_id' Parameter INSERT INTO SQL Injection (emerging-web_specific_apps.rules)
2010044 - WEB_SPECIFIC_APPS Joomla! CB Resume Builder 'group_id' Parameter UPDATE SET SQL Injection (emerging-web_specific_apps.rules)
2010045 - ET WEB_SPECIFIC_APPS Joomla! Soundset Component 'cat_id' Parameter SELECT FROM SQL Injection (emerging-web_specific_apps.rules)
2010046 - ET WEB_SPECIFIC_APPS Joomla! Soundset Component 'cat_id' Parameter DELETE FROM SQL Injection (emerging-web_specific_apps.rules)
2010047 - ET WEB_SPECIFIC_APPS Joomla! Soundset Component 'cat_id' Parameter UNION SELECT SQL Injection (emerging-web_specific_apps.rules)
2010048 - ET WEB_SPECIFIC_APPS Joomla! Soundset Component 'cat_id' Parameter INSERT INTO SQL Injection (emerging-web_specific_apps.rules)
2010049 - ET CURRENT_EVENTS MALWARE Likely Rogue Antivirus Download - installer_1.exe (emerging-current_events.rules)
2010050 - ET CURRENT_EVENTS MALWARE Likely Rogue Antivirus Download - Antivirus_21.exe (emerging-current_events.rules)
2010051 - ET CURRENT_EVENTS MALWARE Likely Rogue Antivirus Download - ws.exe (emerging-current_events.rules)
2010052 - ET CURRENT_EVENTS MALWARE Likely Rogue Antivirus Download - ws.zip (emerging-current_events.rules)
2010053 - ET CURRENT_EVENTS TROJAN Likely FakeRean Download (emerging-current_events.rules)
2010054 - ET CURRENT_EVENTS TROJAN Likely TDSS Download (codex.exe) (emerging-current_events.rules)
2010055 - ET CURRENT_EVENTS TROJAN Likely TDSS Download (pcdef.exe) (emerging-current_events.rules)
2010056 - ET CURRENT_EVENTS TROJAN Likely TDSS Download (197.exe) (emerging-current_events.rules)
2010057 - ET CURRENT_EVENTS MALWARE Likely Rogue Antivirus Download - installpv.exe (emerging-current_events.rules)
2010058 - ET CURRENT_EVENTS MALWARE Likely Unknown Trojan Download (emerging-current_events.rules)
2010059 - ET CURRENT_EVENTS TROJAN Likely Unknown Trojan Infostealer Download (emerging-current_events.rules)
2010060 - ET CURRENT_EVENTS TROJAN Likely Possible Rogue A/V Win32/FakeXPA Download (emerging-current_events.rules)
2010061 - ET CURRENT_EVENTS MALWARE Likely Rogue Antivirus Download - InternetAntivirusPro.exe (emerging-current_events.rules)
2010062 - ET CURRENT_EVENTS MALWARE Likely Rogue Antivirus Download - AntivirusPlus.exe (emerging-current_events.rules)
2010063 - ET WEB_CLIENT Possible Google Apps 'googleapps.url.mailto' Handler IE Command Injection Attempt (emerging-web_client.rules)
2010064 - ET MALWARE Buzus Posting Data (emerging-virus.rules)
2010065 - ET TROJAN SafeFighter Fake Scanner Installation in Progress (emerging-virus.rules)
2010066 - ET TROJAN Data POST to an image file (gif) (emerging-virus.rules)
2010067 - ET TROJAN Data POST to an image file (jpg) (emerging-virus.rules)
2010068 - ET TROJAN Data POST to an image file (jpeg) (emerging-virus.rules)
2010069 - ET TROJAN Data POST to an image file (bmp) (emerging-virus.rules)
2010070 - ET TROJAN Data POST to an image file (png) (emerging-virus.rules)
2010071 - ET TROJAN Bredolab Infection - checkin (emerging-virus.rules)
2010072 - ET TROJAN Bredolab Infection - Windows Key (emerging-virus.rules)

 

Weekly New Signatures October 3 2009

Monday, 05 October 2009 08:09 Matt Jonkman

[+++] Added rules: [+++]

2002947 - ET GAMES PunkBuster Server webkey Buffer Overflow (emerging-game.rules)
2009998 - ET TROJAN Smilebox Spyware Download (emerging-malware.rules)
2009999 - ET EXPLOIT xp_servicecontrol access (emerging-exploit.rules)
2010000 - ET EXPLOIT xp_fileexist access (emerging-exploit.rules)
2010001 - ET EXPLOIT xp_enumerrorlogs access (emerging-exploit.rules)
2010002 - ET EXPLOIT xp_readerrorlogs access (emerging-exploit.rules)
2010003 - ET EXPLOIT xp_enumdsn access (emerging-exploit.rules)
2010007 - ET TROJAN Potential Gemini Malware Download (emerging-virus.rules)
2010008 - ET P2P Octoshape P2P streaming media (emerging-p2p.rules)
2010019 - ET SCAN Tomcat Web Application Manager scanning (emerging-scan.rules)
2010030 - ET POLICY Exchange 2003 OWA plain-text E-Mail message access, not SSL (emerging-policy.rules)


[///] Modified active rules: [///]

2009967 - ET P2P eMule KAD Network Connection Request (emerging-p2p.rules)
2009968 - ET P2P eMule KAD Network Connection Request(2) (emerging-p2p.rules)
2009969 - ET P2P eMule KAD Network Firewalled Request (emerging-p2p.rules)
2009970 - ET P2P eMule Kademlia Hello Request (emerging-p2p.rules)
2009971 - ET P2P eMule KAD Network Hello Request (2) (emerging-p2p.rules)
2009972 - ET P2P eMule KAD Network Server Status Request (emerging-p2p.rules)
2009973 - ET P2P eMule KAD Network Send Username (emerging-p2p.rules)
2009976 - ET EXPLOIT Siemens Gigaset SE361 WLAN Data Flood Denial of Service Vulnerability (emerging-exploit.rules)
2009981 - ET SCAN Possible FTP Daemon Username SELECT FROM SQL Injection Attempt (emerging-scan.rules)
2009982 - ET SCAN Possible FTP Daemon Username DELETE FROM SQL Injection Attempt (emerging-scan.rules)
2009983 - ET SCAN Possible FTP Daemon Username INSERT INTO SQL Injection Attempt (emerging-scan.rules)
2009984 - ET SCAN Possible FTP Daemon Username UPDATE SET SQL Injection Attempt (emerging-scan.rules)
2009985 - ET SCAN Possible FTP Daemon Username UNION SELECT SQL Injection Attempt (emerging-scan.rules)
2009986 - ET P2P Octoshape UDP Session (emerging-p2p.rules)

 

Note: Truncated because of the major ruleset changes. Changes not listed above were name only.

 
More Articles...


Page 7 of 66