Emerging Threats

  • Increase font size
  • Default font size
  • Decrease font size

Signature Contest!

Tuesday, 30 June 2009 19:32 Matt Jonkman

By popular demand we've begun a signature contest!!! Users who submit signatures will be eligible to win a "Top Signature Writer" Emerging Threats T-Shirt (images of the shirts coming soon, still at the printers shop). 

This should be a lot of fun, but it's a friendly competition lets remember!!  The rules for the contest are available here:

http://www.emergingthreats.net/index.php/signature-contest.html

The contest starts TONIGHT at midnight US Eastern time. About three hours from now. 

Best of luck to everyone. We'll start a leaders board shortly and have that on the website.

Game on!!

 

Matt

 

 

Weekly New Signatures June 28 2009

Sunday, 28 June 2009 15:18 Matt Jonkman

[+++] Added rules: [+++]

2009415 - ET WEB_SPECIFIC PhpBlock basicfogfactory.class.php PATH_TO_CODE Parameter Remote File Inclusion (emerging-web_sql_injection.rules)
2009416 - ET WEB_SPECIFIC txtSQL startup.php CFG Parameter Remote File Inclusion (emerging-web_sql_injection.rules)
2009417 - ET WEB_SPECIFIC Blogplus block_center_down.php Local File Inclusion (emerging-web_sql_injection.rules)
2009418 - ET WEB_SPECIFIC Blogplus block_center_top.php Local File Inclusion (emerging-web_sql_injection.rules)
2009420 - ET WEB_SPECIFIC Blogplus block_left.php Local File Inclusion (emerging-web_sql_injection.rules)
2009421 - ET WEB_SPECIFIC Blogplus block_right.php Local File Inclusion (emerging-web_sql_injection.rules)
2009422 - ET WEB_SPECIFIC Blogplus window_down.php Local File Inclusion (emerging-web_sql_injection.rules)
2009423 - ET WEB_SPECIFIC Blogplus window_top.php Local File Inclusion (emerging-web_sql_injection.rules)
2009424 - ET WEB_SPECIFIC AjaxPortal ajaxp_backend.php page Parameter SQL Injection (emerging-web_sql_injection.rules)
2009425 - ET WEB BaoFeng Storm ActiveX Control OnBeforeVideoDownload Method Buffer Overflow (emerging-web.rules)
2009427 - ET WEB_SPECIFIC Grape Web Statistics functions.php location Parameter Remote File Inclusion (emerging-web_sql_injection.rules)
2009428 - ET WEB_SPECIFIC ExBB threadstop.php exbb Parameter Local File Inclusion (emerging-web_sql_injection.rules)
2009429 - ET WEB_SPECIFIC CAT2 spaw_control.class.php spaw_root Parameter Local File Inclusion (emerging-web_sql_injection.rules)
2009430 - ET WEB_SPECIFIC Mole viewsource.php fname Parameter Local File Inclusion (emerging-web_sql_injection.rules)
2009431 - ET WEB_SPECIFIC NewsOffice news_show.php newsoffice_directory Parameter Local File Inclusion (emerging-web_sql_injection.rules)
2009432 - ET WEB_SPECIFIC NewsOffice news_show.php newsoffice_directory Parameter Remote File Inclusion (emerging-web_sql_injection.rules)
2009434 - ET WEB_ACTIVEX Sun Java Runtime Environment ActiveX Control Multiple Remote Buffer Overflow (emerging-web.rules)
2009435 - ET WEB_SPECIFIC e107 123 FlashChat Module 123flashchat.php e107path Parameter Remote File Inclusion (emerging-web_sql_injection.rules)
2009436 - ET WEB_SPECIFIC e107 123 FlashChat Module 123flashchat.php e107path Parameter Local File Inclusion (emerging-web_sql_injection.rules)
2009437 - ET WEB_SPECIFIC Mole viewsource.php dirn Parameter Local File Inclusion (emerging-web_sql_injection.rules)
2009438 - ET MALWARE Suspicious User Agent (Mozilla/4.8 [ru]) (emerging-malware.rules)
2009439 - ET MALWARE Suspicious User Agent (HelpSrvc) (emerging-malware.rules)
2009440 - ET MALWARE Suspicious User Agent (Internet Antivirus Pro) (emerging-malware.rules)
2009441 - ET TROJAN Swizzor Family GET (emerging-virus.rules)
2009442 - ET MALWARE Generic Trojan Checkin (2) (emerging-virus.rules)
2009443 - ET TROJAN NoBo Downloader Dropper GET (emerging-virus.rules)
2009444 - ET TROJAN Virut Family GET (emerging-virus.rules)
2009445 - ET MALWARE Suspicious User Agent (AgavaDwnl) (emerging-malware.rules)
2009446 - ET MALWARE Suspicious User Agent (Macrovision_DM) (emerging-malware.rules)
2009447 - ET TROJAN TSPY_BANKER.IDV/Infostealer.Bancos Module Download (emerging-virus.rules)



[///] Modified active rules: [///]

2001933 - ET VIRUS PWS Banker Trojan Sending Report of Infection (emerging-virus.rules)
2008350 - ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile (emerging-policy.rules)
2009374 - ET TROJAN Virut Counter/Check-in (emerging-virus.rules)
2009410 - ET TROJAN Gozi check-in / update (emerging-virus.rules)
2009411 - ET WEB_ACTIVEX McAfee ePolicy Orchestrator naPolicyManager.dll Arbitrary Data Write Attempt (emerging-web.rules)
2009412 - ET MALWARE Generic Trojan Checkin (emerging-virus.rules)
2009413 - ET DOS Possible Slowloris Tool HTTP/Proxy Denial Of Service Attempt (emerging-dos.rules)
2009414 - ET DOS Large amount of TCP ZeroWindow - Possible Nkiller2 DDos attack (emerging-dos.rules)

 

Weekly New Signatures June 20 2009

Saturday, 20 June 2009 17:07 Matt Jonkman

[+++] Added rules: [+++]

2009408 - ET TROJAN Patcher/Bankpatch Communication with Controller (emerging-virus.rules)
2009409 - ET TROJAN Patcher/Bankpatch Module Download Request (emerging-virus.rules)
2009410 - ET TROJAN Gozi check-in / update (emerging-virus.rules)
2009411 - ET WEB_ACTIVEX McAfee ePolicy Orchestrator naPolicyManager.dll Arbitrary Data Write Attempt (emerging-web.rules)
2009412 - ET MALWARE Generic Trojan Checkin (emerging-virus.rules)
2009413 - ET DOS Possible Slowloris Tool HTTP/Proxy Denial Of Service Attempt (emerging-dos.rules)
2009414 - ET DOS Large amount of TCP ZeroWindow - Possible Nkiller2 DDos attack (emerging-dos.rules)


[///] Modified active rules: [///]

2007936 - ET WEB Netwin Webmail SurgeMail Mail Server Format String Vulnerability (emerging-web.rules)
2008452 - ET TROJAN Downloader.uxk checkin (emerging-virus.rules)
2009374 - ET TROJAN Virut Counter/Check-in (emerging-virus.rules)

 
More Articles...
  • «
  •  Start 
  •  Prev 
  •  1 
  •  2 
  •  3 
  •  4 
  •  5 
  •  6 
  •  7 
  •  8 
  •  9 
  •  10 
  •  Next 
  •  End 
  • »
Page 1 of 51