Daily Ruleset Update Summary 5/17/2012
Blog

Daily Ruleset Update Summary 2/14/2012

MS Patch Tuesday coverage detail here:

http://www.emergingthreatspro.com/uncategorized/microsoft-patch-tuesday-coverage-february-2012/

 

 

[+++]          Added rules:          [+++]

 

2014221 – ET TROJAN Unknown HTTP CnC Checkin (trojan.rules)

2014222 – ET TROJAN QDIGIT Trojan Protocol detected (trojan.rules)

2014223 – ET TROJAN UPDATE Protocol Trojan Communication detected on http ports (trojan.rules)

2014224 – ET TROJAN UPDATE Protocol Trojan Communication detected on non-http ports (trojan.rules)

2014225 – ET TROJAN LURK Trojan Communication Protocol detected (trojan.rules)

2014226 – ET TROJAN IP2B Trojan Communication Protocol detected (trojan.rules)

2014227 – ET TROJAN BB Trojan Communication Protocol detected (trojan.rules)

2014228 – ET TROJAN X-Shell 601 Trojan Communication Protocol detected (trojan.rules)

 

Pro:

2804494 – ETPRO TROJAN Trojan-PWS.Win32.Papras!IK Checkin (trojan.rules)

2804495 – ETPRO TROJAN Virus.Win32/Sality.T Checkin (trojan.rules)

2804496 – ETPRO TROJAN Backdoor.Graybird Checkin (trojan.rules)

2804497 – ETPRO TROJAN Trojan.Win32.Sasfis Checkin (trojan.rules)

2804498 – ETPRO MALWARE Adware.Win32.Ivelog.A Checkin (malware.rules)

2804499 – ETPRO MALWARE Adware.iBryte.B Install (malware.rules)

2804500 – ETPRO TROJAN Win32/Spy.SpyEye.B Checkin (trojan.rules)

2804501 – ETPRO MALWARE PAK_Generic.001 Checkin (malware.rules)

2804502 – ETPRO TROJAN Trojan.Win32.Agent.hprd Checkin (trojan.rules)

2804503 – ETPRO POLICY InstallIQ Updater Software request (policy.rules)

2804504 – ETPRO MALWARE rogue anti-spyware Soft-Cop (malware.rules)

2804505 – ETPRO MALWARE Riskware/Cheathappens Checkin (malware.rules)

2804506 – ETPRO TROJAN Worm.Win32/Taterf.B Checkin (trojan.rules)

2804507 – ETPRO WEB_CLIENT Microsoft .NET Framework and the Silverlight Framework remote code execution (web_client.rules)

2804508 – ETPRO WEB_CLIENT Microsoft .NET Framework System.Uri.ReCreateParts method remote code execution – SET (web_client.rules)

2804509 – ETPRO WEB_CLIENT Microsoft .NET Framework System.Uri.ReCreateParts method remote code execution (web_client.rules)

2804510 – ETPRO WEB_CLIENT Microsoft Windows 7 Professional 64-bit arbitrary code via a large height attribute in an IFRAME (web_client.rules)

2804511 – ETPRO WEB_CLIENT Microsoft Internet Explorer style.position use-after-free (web_client.rules)

2804512 – ETPRO WEB_SERVER Microsoft SharePoint Server XSS attempt 1 (web_server.rules)

2804513 – ETPRO WEB_SERVER Microsoft SharePoint Server XSS attempt 2 (web_server.rules)

2804514 – ETPRO WEB_SERVER Microsoft SharePoint Server XSS attempt 3 (web_server.rules)

2804515 – ETPRO WEB_CLIENT C Run-Time Library of Windows (mscvrt.dll) memory corruption (web_client.rules)

2804516 – ETPRO NETBIOS Microsoft Color Control Panel STI.dll Insecure Library Loading – SMB-DS Unicode (netbios.rules)

2804517 – ETPRO NETBIOS Microsoft Color Control Panel STI.dll Insecure Library Loading – SMB-DS ASCII (netbios.rules)

2804518 – ETPRO NETBIOS Microsoft Color Control Panel STI.dll Insecure Library Loading – SMB Unicode (netbios.rules)

2804519 – ETPRO NETBIOS Microsoft Color Control Panel STI.dll Insecure Library Loading – SMB ASCII (netbios.rules)

2804520 – ETPRO WEB_CLIENT Microsoft Color Control Panel STI.dll Insecure Library Loading (web_client.rules)

2804521 – ETPRO WEB_CLIENT Microsoft Internet Explorer 9 Null Byte Information Disclosure (web_client.rules)

 

 

[///]     Modified active rules:     [///]

 

2011582 – ET POLICY Vulnerable Java Version 1.6.x Detected (policy.rules)

2013138 – ET MOBILE_MALWARE XML Style POST Of IMEI International Mobile Equipment Identity (mobile_malware.rules)

 

2801600 – ETPRO NETBIOS Microsoft Windows Indeo Filter iacenc.dll Insecure Library Loading – SMB-DS Unicode (netbios.rules)

2801601 – ETPRO NETBIOS Microsoft Windows Indeo Filter iacenc.dll Insecure Library Loading – SMB-DS ASCII (netbios.rules)

2801602 – ETPRO NETBIOS Microsoft Windows Indeo Filter iacenc.dll Insecure Library Loading – SMB Unicode (netbios.rules)

2801603 – ETPRO NETBIOS Microsoft Windows Indeo Filter iacenc.dll Insecure Library Loading – SMB ASCII (netbios.rules)

2801604 – ETPRO WEB_CLIENT Microsoft Windows Indeo Filter iacenc.dll Insecure Library Loading (web_client.rules)

2804447 – ETPRO TROJAN Win32.Pamesg/ArchSMS.HL Checkin (trojan.rules)

 

 

[---]         Disabled rules:        [---]

 

2011970 – ET CURRENT_EVENTS SWF served from /tmp/  (current_events.rules)

 

Leave a Reply

Blog Archive

RSS

Categories

Twitter Updates