Daily Ruleset Update Summary 05/01/2013
[***] Summary: [***] 5 new Open rules. 13 new Pro rules (5/8). Urausy, SofosFO,Sibhost, Tor2web, etc. [+++] Added rules: [+++] Open: 2016806 – ET CURRENT_EVENTS Tor2Web .onion Proxy Service SSL Cert...
View ArticleDaily Ruleset Update Summary 05/02/2013
[***] Summary: [***] 5 new Open 8 new Pro (5/3). No longer relevant BHEK sigs DELETED, Perf tweaks, cdorked, greencat, Redkit, BHEK, etc. [+++] Added rules: [+++] Open: 2016811 – ET CURRENT_EVENTS –...
View ArticleDaily Ruleset Update Summary 05/03/2013
[***] Summary: [***] 6 new Open rules. 14 new Pro rules (6/8). Refactor of JNLP click to run bypass, unknown trojan, etc. [+++] Added rules: [+++] Open: 2016816 – ET TROJAN Unknown Checkin...
View ArticleDaily Ruleset Update Summary 05/04/2013 (Weekend Edition)
[***] Summary: [***] 2 new rules. IE 0-day CVE-2013-1347, Sirefef, HTML+TIME EIP Control. [+++] Added rules: [+++] 2016822 – ET WEB_CLIENT Possible CVE-2013-1347 IE 0-day used in DOL attack...
View ArticleDaily Ruleset Update Summary 05/06/2013
[***] Summary: [***] 4 new Open rules. 8 new Pro rules (4/4). Metasploit mstime_malloc, Base64 encoded CollectGarbage etc. [+++] Added rules: [+++] Open: 2016824 – ET EXPLOIT Metasploit mstime_malloc...
View ArticleDaily Ruleset Update Summary 05/07/2013
5 new Open rules. 11 new Pro rules (5/6). Sweet Orange, Unknown EK, iframe injection leading to EK, Unknown Trojan, etc. [+++] Added rules: [+++] Open: 2016828 – ET CURRENT_EVENTS Unknown EK Requsting...
View ArticleDaily Ruleset Update Summary 05/08/2013
[***] Summary: [***] 4 new Open. 10 new Pro (4/6). Unknown EK, Exim/Dovecot, Coldfusion, etc. [+++] Added rules: [+++] Open: 2016833 – ET CURRENT_EVENTS IE HTML+TIME ANIMATECOLOR with eval as seen in...
View ArticleDaily Ruleset Update Summary 05/09/2013
[***] Summary: [***] 5 new Open rules. 6 new Pro (1/5). FlimKit EK, Alina, Coldfusion, etc. [+++] Added rules: [+++] Open: 2016837 – ET MALWARE Alina Checkin (malware.rules) 2016838 – ET MALWARE Alina...
View ArticleMay 2013 Microsoft Tuesday Coverage
Bulletin CVE Title Notes ET Pro Coverage MS13-044 2013-1301 Microsoft Visio Information Disclosure Exploit Code Unlikely 2806354 MS13-045 2013-0096 Windows Live Insecure URI handler Exploit Code...
View ArticleDaily Ruleset Update Summary 05/14/2013
[***] Summary: [***] 9 new Open rules. 27 new Pro rules. (9/18). MS Tuesday Coverage, Redkit, Cfusion, BHEK, Cdorked, Outdated Flash, etc. #MS Tuesday Coverage...
View ArticleDaily Ruleset Update Summary 05/15/2013
[***] Summary: [***] 8 new Open rules. 12 new Pro rules (8/4). Neutrino, Pushdo, Sakura, Unknown Ransomware, Citadel/Generic Trojan POST,etc [+++] Added rules: [+++] Open: 2016851 – ET CURRENT_EVENTS...
View ArticleDaily Ruleset Update Summary 05/16/2013
[***] Summary: [***] 2 new Open. 9 new Pro (2/7). Sweet Orange, SofosFO, Unknown_MM, etc. [+++] Added rules: [+++] Open: 2016859 – ET CURRENT_EVENTS Unknown_MM – Java Exploit – cee.jar...
View ArticleDaily Ruleset Update Summary 05/17/2013
[***] Summary: [***] 2 new Pro rules. 1 dupe removed. Lyposit Ransomware sig updated to catch variant/cousin seen in FlimKit. [+++] Added rules: [+++] 2806376 – ETPRO TROJAN Trojan-Spy.Win32.Ambler...
View ArticleDaily Ruleset Update Summary 05/21/2013
[***] Summary: [***] 51 new Open, 53 new Pro (51/2). Operation Hangover, Outdated MSIE/FF/Windows UA, Neutrino, FlimKit, Pushdo, BlackRev, Briba, etc. Thanks to Chris Wakelin, Kevin Ross, and...
View ArticleDaily Ruleset Update Summary 05/22/2013
[+++] Summary: [+++] 7 new Open. 14 new Pro (7/7) Nginx CVE-2013-2028, More Operation Hangover, etc. [+++] Added rules: [+++] Open: 2016912 – ET TROJAN W32/KeyLogger.ACQH!tr Checkin (trojan.rules)...
View ArticleDaily Ruleset Update Summary 05/23/2013
+++] Summary: [+++] 3 new Open rules. 8 new Pro rules (3/5). Apache Struts, Malicious Redirect, Fake/Old UA thresholding changed to limit 2,60 from threshold of the same value we were missing some one...
View ArticleDaily Ruleset Update Summary 05/24/2013
[***] Summary: [***] 8 new Open rules. 11 new Pro rules (8/11). HellSpawn EK, KaiXin, etc. [+++] Added rules: [+++] 2016923 – ET CURRENT_EVENTS KaiXin Exploit Kit Java Class 1 May 24 2013...
View ArticleDaily Ruleset Update Summary 05/28/2013
[***] Summary [***] 10 new Open. 26 new Pro (10/16). Generic SQLi, Kazy, Vobfus, BHEK, Sakura, etc. [+++] Added rules: [+++] Open: 2016931 – ET CURRENT_EVENTS BlackHole EK JNLP request...
View ArticleDaily Ruleset Update Summary 05/29/2013
[***] Summary: [***] 5 new Open rules. 17 new Pro rules, SofosFo, Sakura, PolyCrypt, etc. [+++] Added rules: [+++] Open: 2016941 – ET TROJAN W32/PolyCrypt.A Checkin (trojan.rules) 2016942 – ET...
View ArticleDaily Ruleset Update Summary 05/30/2013
[***] Summary: [***] 5 new Open rules. 12 new Pro rules. Bicololo, Hupigon, Linux.Tsunami, etc. [+++] Added rules: [+++] Open: 2016946 – ET TROJAN Possible Win32.Bicololo Checkin (trojan.rules)...
View Article