Quantcast
Channel: Blog
Viewing all articles
Browse latest Browse all 489

Daily Ruleset Update Summary 05/23/2013

May 23, 2013, 5:39 pm
$
0
0

+++] Summary: [+++]

3 new Open rules. 8 new Pro rules (3/5). Apache Struts, Malicious Redirect, Fake/Old UA thresholding changed to limit 2,60 from threshold of the same value we were missing some one shot requests. Again depending on your env you may need to tweak/turn these off. NGINX chunked sig, modified to look for any chunk greater than a 32 bit signed int. etc.

[+++] Added rules: [+++]

Open:
2016919 – ET CURRENT_EVENTS Malicious Redirect URL (current_events.rules)
2016920 – ET WEB_SERVER Apache Struts Possible xwork Disable Method Execution (web_server.rules)
2016921 – ET INFO Suspicious Mozilla UA with no Space after colon (info.rules)

Pro:
2806387 – ETPRO TROJAN Win32/TrojanDropper.Agent.PYN Checkin (trojan.rules)
2806388 – ETPRO TROJAN Trojan.Win32.Agent.vldg Checkin (trojan.rules)
2806389 – ETPRO MALWARE Win32/TrojanDownloader.Banload.SCN (malware.rules)
2806390 – ETPRO MALWARE Win32/TrojanDownloader.Banload.SCN 2 (malware.rules)
2806391 – ETPRO MALWARE Win32/Vog Request (malware.rules)

[///] Modified active rules: [///]

2016870 – ET POLICY Unsupported/Fake Internet Explorer Version MSIE 5. (policy.rules)
2016871 – ET POLICY Unsupported/Fake Internet Explorer Version MSIE 4. (policy.rules)
2016872 – ET POLICY Unsupported/Fake Internet Explorer Version MSIE 3. (policy.rules)
2016873 – ET POLICY Unsupported/Fake Internet Explorer Version MSIE 2. (policy.rules)
2016874 – ET POLICY Unsupported/Fake Internet Explorer Version MSIE 1. (policy.rules)
2016875 – ET POLICY Unsupported/Fake FireFox Version 0. (policy.rules)
2016876 – ET POLICY Unsupported/Fake FireFox Version 1. (policy.rules)
2016877 – ET POLICY Unsupported/Fake FireFox Version 2. (policy.rules)
2016878 – ET POLICY Unsupported/Fake Windows NT Version 4. (policy.rules)
2016879 – ET POLICY Unsupported/Fake Windows NT Version 5.0 (policy.rules)
2016897 – ET TROJAN Possible Win32/Gapz MSIE 9 on Windows NT 5 (trojan.rules)
2016898 – ET INFO Suspicious MSIE 10 on Windows NT 5 (info.rules)
2016918 – ET WEB_SERVER Possible NGINX Overflow CVE-2013-2028 Exploit Specific (web_server.rules)

Search
Viewing all articles
Browse latest Browse all 489
Search