[Snort-sigs] Emerging Threats Weekly Signature Changes

emerging at ...3335... emerging at ...3335...
Sat Oct 25 18:00:08 EDT 2008


[***] Results from Oinkmaster started Sat Oct 25 18:00:08 2008 [***]

[+++]          Added rules:          [+++]

 2008678 - ET EXPLOIT Hummingbird Deployment Wizard 2008 ActiveX Insecure Methods (emerging-exploit.rules)
 2008679 - ET WEB_SPECIFIC CafeEngine id Remote SQL Injection (dish.php) (emerging-web_sql_injection.rules)
 2008680 - ET WEB_SPECIFIC CafeEngine id Remote SQL Injection (menu.php) (emerging-web_sql_injection.rules)
 2008681 - ET MALWARE iframebiz - /qwertyuiyw12ertyuytre/adv***.php (emerging-malware.rules)
 2008682 - ET TROJAN Trojan.Zonebac.D (emerging-virus.rules)
 2008683 - ET EXPLOIT Dart Communications PowerTCP FTP for ActiveX DartFtp.dll Control Buffer Overflow (emerging-exploit.rules)
 2008684 - ET WEB_SPECIFIC E-Shop Shopping Cart Script search_results.php SQL Injection (emerging-web_sql_injection.rules)
 2008685 - ET WEB_SPECIFIC Joomla DS-Syndicate Component feed_id SQL Injection (emerging-web_sql_injection.rules)
 2008686 - ET WEB_SPECIFIC zeeproperty adid Parameter Remote SQL Injection (emerging-web_sql_injection.rules)
 2008687 - ET WEB PassWiki site_id Parameter Local File Inclusion (emerging-web.rules)
 2008688 - ET WEB_SPECIFIC XOOPS Makale Module id SQL Injection (emerging-web_sql_injection.rules)
 2008689 - ET TROJAN Gimmiv.A.dll Infection (emerging-virus.rules)
 2008690 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (1) (emerging-exploit.rules)
 2008691 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (2) (emerging-exploit.rules)
 2008692 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (3) (emerging-exploit.rules)
 2008693 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (4) (emerging-exploit.rules)
 2008694 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (5) (emerging-exploit.rules)
 2008695 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (6) (emerging-exploit.rules)
 2008696 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (7) (emerging-exploit.rules)
 2008697 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (8) (emerging-exploit.rules)
 2008698 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (9) (emerging-exploit.rules)
 2008699 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (10) (emerging-exploit.rules)
 2008700 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 - Known Exploit Instance (emerging-exploit.rules)
 2008701 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (11) (emerging-exploit.rules)
 2008702 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (12) (emerging-exploit.rules)
 2008703 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (13) (emerging-exploit.rules)
 2008704 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (14) (emerging-exploit.rules)
 2008705 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (15) (emerging-exploit.rules)
 2008706 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (16) (emerging-exploit.rules)
 2008707 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (17) (emerging-exploit.rules)
 2008708 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (18) (emerging-exploit.rules)
 2008709 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (19) (emerging-exploit.rules)
 2008710 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (20) (emerging-exploit.rules)
 2008711 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (21) (emerging-exploit.rules)
 2008712 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (22) (emerging-exploit.rules)
 2008713 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (23) (emerging-exploit.rules)
 2008714 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (24) (emerging-exploit.rules)
 2008715 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (25) (emerging-exploit.rules)
 2008716 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (26) (emerging-exploit.rules)
 2008717 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (27) (emerging-exploit.rules)
 2008718 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (28) (emerging-exploit.rules)
 2008719 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (29) (emerging-exploit.rules)
 2008720 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (30) (emerging-exploit.rules)
 2008721 - ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 - Known Exploit Instance (2) (emerging-exploit.rules)
 2008722 - ET WEB_SPECIFIC Simple Customer contact.php SQL injection (emerging-web_sql_injection.rules)
 2008723 - ET WEB_SPECIFIC ShopMaker product.php id Parameter Remote SQL Injection (emerging-web_sql_injection.rules)
 2008724 - ET WEB_SPECIFIC Bahar Download Script aspkat.asp SQL Injection (emerging-web_sql_injection.rules)
 2008725 - ET WEB_SPECIFIC WordPress Newsletter Plugin newsletter Parameter SQL Injection (emerging-web_sql_injection.rules)
 2008726 - ET TROJAN Gimmiv Infection Ping Outbound (emerging-virus.rules)
 2008727 - ET TROJAN Gimmiv Infection Ping Inbound (emerging-virus.rules)
 2008728 - ET TROJAN General Downloader URL - Post Infection (emerging-virus.rules)
 2400008 - ET DROP Spamhaus DROP Listed Traffic Inbound (emerging-drop.rules)
 2401008 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (emerging-drop-BLOCK.rules)
 2404020 - ET DROP Known Bot C&C Server Traffic (group 21)  (emerging-botcc.rules)
 2405020 - ET DROP Known Bot C&C Traffic (group 21) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)


[///]     Modified active rules:     [///]

 2008391 - ET MALWARE Suspicious User-Agent (svchost) (emerging-malware.rules)
 2008668 - ET WEB_SPECIFIC myEvent viewevent.php SQL Injection (emerging-web_sql_injection.rules)
 2008669 - ET WEB_SPECIFIC AstroSPACES profile.php SQL Injection (emerging-web_sql_injection.rules)
 2008670 - ET WEB_SPECIFIC SweetCMS page SQL Injection (emerging-web_sql_injection.rules)
 2008672 - ET WEB_SPECIFIC My PHP Dating id parameter SQL Injection (emerging-web_sql_injection.rules)
 2008673 - ET EXPLOIT Microsoft PicturePusher ActiveX Cross Site File Upload Attack (emerging-exploit.rules)
 2400000 - ET DROP Spamhaus DROP Listed Traffic Inbound (emerging-drop.rules)
 2400001 - ET DROP Spamhaus DROP Listed Traffic Inbound (emerging-drop.rules)
 2400002 - ET DROP Spamhaus DROP Listed Traffic Inbound (emerging-drop.rules)
 2400003 - ET DROP Spamhaus DROP Listed Traffic Inbound (emerging-drop.rules)
 2400004 - ET DROP Spamhaus DROP Listed Traffic Inbound (emerging-drop.rules)
 2400005 - ET DROP Spamhaus DROP Listed Traffic Inbound (emerging-drop.rules)
 2400006 - ET DROP Spamhaus DROP Listed Traffic Inbound (emerging-drop.rules)
 2400007 - ET DROP Spamhaus DROP Listed Traffic Inbound (emerging-drop.rules)
 2401000 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (emerging-drop-BLOCK.rules)
 2401001 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (emerging-drop-BLOCK.rules)
 2401002 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (emerging-drop-BLOCK.rules)
 2401003 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (emerging-drop-BLOCK.rules)
 2401004 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (emerging-drop-BLOCK.rules)
 2401005 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (emerging-drop-BLOCK.rules)
 2401006 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (emerging-drop-BLOCK.rules)
 2401007 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (emerging-drop-BLOCK.rules)
 2402000 - ET DROP Dshield Block Listed Source (emerging-dshield.rules)
 2403000 - ET DROP Dshield Block Listed Source - BLOCKING (emerging-dshield-BLOCK.rules)
 2404000 - ET DROP Known Bot C&C Server Traffic (group 1)  (emerging-botcc.rules)
 2404001 - ET DROP Known Bot C&C Server Traffic (group 2)  (emerging-botcc.rules)
 2404002 - ET DROP Known Bot C&C Server Traffic (group 3)  (emerging-botcc.rules)
 2404003 - ET DROP Known Bot C&C Server Traffic (group 4)  (emerging-botcc.rules)
 2404004 - ET DROP Known Bot C&C Server Traffic (group 5)  (emerging-botcc.rules)
 2404005 - ET DROP Known Bot C&C Server Traffic (group 6)  (emerging-botcc.rules)
 2404006 - ET DROP Known Bot C&C Server Traffic (group 7)  (emerging-botcc.rules)
 2404007 - ET DROP Known Bot C&C Server Traffic (group 8)  (emerging-botcc.rules)
 2404008 - ET DROP Known Bot C&C Server Traffic (group 9)  (emerging-botcc.rules)
 2404009 - ET DROP Known Bot C&C Server Traffic (group 10)  (emerging-botcc.rules)
 2404010 - ET DROP Known Bot C&C Server Traffic (group 11)  (emerging-botcc.rules)
 2404011 - ET DROP Known Bot C&C Server Traffic (group 12)  (emerging-botcc.rules)
 2404012 - ET DROP Known Bot C&C Server Traffic (group 13)  (emerging-botcc.rules)
 2404013 - ET DROP Known Bot C&C Server Traffic (group 14)  (emerging-botcc.rules)
 2404014 - ET DROP Known Bot C&C Server Traffic (group 15)  (emerging-botcc.rules)
 2404015 - ET DROP Known Bot C&C Server Traffic (group 16)  (emerging-botcc.rules)
 2404016 - ET DROP Known Bot C&C Server Traffic (group 17)  (emerging-botcc.rules)
 2404017 - ET DROP Known Bot C&C Server Traffic (group 18)  (emerging-botcc.rules)
 2404018 - ET DROP Known Bot C&C Server Traffic (group 19)  (emerging-botcc.rules)
 2404019 - ET DROP Known Bot C&C Server Traffic (group 20)  (emerging-botcc.rules)
 2405000 - ET DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
 2405001 - ET DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
 2405002 - ET DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
 2405003 - ET DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
 2405004 - ET DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
 2405005 - ET DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
 2405006 - ET DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
 2405007 - ET DROP Known Bot C&C Traffic (group 8) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
 2405008 - ET DROP Known Bot C&C Traffic (group 9) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
 2405009 - ET DROP Known Bot C&C Traffic (group 10) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
 2405010 - ET DROP Known Bot C&C Traffic (group 11) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
 2405011 - ET DROP Known Bot C&C Traffic (group 12) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
 2405012 - ET DROP Known Bot C&C Traffic (group 13) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
 2405013 - ET DROP Known Bot C&C Traffic (group 14) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
 2405014 - ET DROP Known Bot C&C Traffic (group 15) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
 2405015 - ET DROP Known Bot C&C Traffic (group 16) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
 2405016 - ET DROP Known Bot C&C Traffic (group 17) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
 2405017 - ET DROP Known Bot C&C Traffic (group 18) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
 2405018 - ET DROP Known Bot C&C Traffic (group 19) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
 2405019 - ET DROP Known Bot C&C Traffic (group 20) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to emerging-drop-BLOCK.rules (2):
        #  VERSION 1338
        #  Generated 2008-10-25 00:03:02 EDT

     -> Added to emerging-drop.rules (2):
        #  VERSION 1338
        #  Generated 2008-10-25 00:03:02 EDT

     -> Added to emerging-exploit.rules (2):
        #by stillsecure
        #by Secureworks

     -> Added to emerging-malware.rules (1):
        #by Deapesh Misra

     -> Added to emerging-sid-msg.map (55):
        2008678 || ET EXPLOIT Hummingbird Deployment Wizard 2008 ActiveX Insecure Methods || url,secunia.com/Advisories/32337/
        2008679 || ET WEB_SPECIFIC CafeEngine id Remote SQL Injection (dish.php) || url,milw0rm.com/exploits/6762 || url,secunia.com/advisories/32308/
        2008680 || ET WEB_SPECIFIC CafeEngine id Remote SQL Injection (menu.php) || url,milw0rm.com/exploits/6762 || url,secunia.com/advisories/32308/
        2008681 || ET MALWARE iframebiz - /qwertyuiyw12ertyuytre/adv***.php || url,www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DLOADR.QC&VSect=T || url,iframecash.biz
        2008682 || ET TROJAN Trojan.Zonebac.D
        2008683 || ET EXPLOIT Dart Communications PowerTCP FTP for ActiveX DartFtp.dll Control Buffer Overflow || url,www.milw0rm.com/exploits/6793 || bugtraq,31814
        2008684 || ET WEB_SPECIFIC E-Shop Shopping Cart Script search_results.php SQL Injection || bugtraq,30692
        2008685 || ET WEB_SPECIFIC Joomla DS-Syndicate Component feed_id SQL Injection || url,www.milw0rm.com/exploits/6792 || url,www.secunia.com/advisories/32321
        2008686 || ET WEB_SPECIFIC zeeproperty adid Parameter Remote SQL Injection || url,milw0rm.com/exploits/6780 || url,secunia.com/Advisories/32333/
        2008687 || ET WEB PassWiki site_id Parameter Local File Inclusion || bugtraq,29455
        2008688 || ET WEB_SPECIFIC XOOPS Makale Module id SQL Injection || url,www.milw0rm.com/exploits/6795 || url,secunia.com/advisories/32347/
        2008689 || ET TROJAN Gimmiv.A.dll Infection || url,www.microsoft.com/security/portal/Entry.aspx?name=TrojanSpy%3aWin32%2fGimmiv.A
        2008690 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (1) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008691 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (2) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008692 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (3) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008693 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (4) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008694 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (5) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008695 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (6) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008696 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (7) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008697 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (8) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008698 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (9) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008699 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (10) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008700 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 - Known Exploit Instance || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008701 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (11) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008702 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (12) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008703 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (13) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008704 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (14) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008705 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (15) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008706 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (16) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008707 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (17) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008708 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (18) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008709 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (19) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008710 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (20) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008711 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (21) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008712 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (22) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008713 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (23) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008714 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (24) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008715 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (25) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008716 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (26) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008717 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (27) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008718 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (28) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008719 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (29) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008720 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (30) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008721 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 - Known Exploit Instance (2) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008722 || ET WEB_SPECIFIC Simple Customer contact.php SQL injection || bugtraq,28852
        2008723 || ET WEB_SPECIFIC ShopMaker product.php id Parameter Remote SQL Injection || bugtraq,31854 || url,www.milw0rm.com/exploits/6799
        2008724 || ET WEB_SPECIFIC Bahar Download Script aspkat.asp SQL Injection || bugtraq,31852
        2008725 || ET WEB_SPECIFIC WordPress Newsletter Plugin newsletter Parameter SQL Injection || url,secunia.com/advisories/32336 || url,milw0rm.com/exploits/6777
        2008726 || ET TROJAN Gimmiv Infection Ping Outbound
        2008727 || ET TROJAN Gimmiv Infection Ping Inbound
        2008728 || ET TROJAN General Downloader URL - Post Infection
        2400008 || ET DROP Spamhaus DROP Listed Traffic Inbound || url,www.spamhaus.org/drop/drop.lasso
        2401008 || ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE || url,www.spamhaus.org/drop/drop.lasso
        2404020 || ET DROP Known Bot C&C Server Traffic (group 21)  || url,www.shadowserver.org
        2405020 || ET DROP Known Bot C&C Traffic (group 21) - BLOCKING SOURCE || url,www.shadowserver.org

     -> Added to emerging-sid-msg.map.txt (55):
        2008678 || ET EXPLOIT Hummingbird Deployment Wizard 2008 ActiveX Insecure Methods || url,secunia.com/Advisories/32337/
        2008679 || ET WEB_SPECIFIC CafeEngine id Remote SQL Injection (dish.php) || url,milw0rm.com/exploits/6762 || url,secunia.com/advisories/32308/
        2008680 || ET WEB_SPECIFIC CafeEngine id Remote SQL Injection (menu.php) || url,milw0rm.com/exploits/6762 || url,secunia.com/advisories/32308/
        2008681 || ET MALWARE iframebiz - /qwertyuiyw12ertyuytre/adv***.php || url,www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DLOADR.QC&VSect=T || url,iframecash.biz
        2008682 || ET TROJAN Trojan.Zonebac.D
        2008683 || ET EXPLOIT Dart Communications PowerTCP FTP for ActiveX DartFtp.dll Control Buffer Overflow || url,www.milw0rm.com/exploits/6793 || bugtraq,31814
        2008684 || ET WEB_SPECIFIC E-Shop Shopping Cart Script search_results.php SQL Injection || bugtraq,30692
        2008685 || ET WEB_SPECIFIC Joomla DS-Syndicate Component feed_id SQL Injection || url,www.milw0rm.com/exploits/6792 || url,www.secunia.com/advisories/32321
        2008686 || ET WEB_SPECIFIC zeeproperty adid Parameter Remote SQL Injection || url,milw0rm.com/exploits/6780 || url,secunia.com/Advisories/32333/
        2008687 || ET WEB PassWiki site_id Parameter Local File Inclusion || bugtraq,29455
        2008688 || ET WEB_SPECIFIC XOOPS Makale Module id SQL Injection || url,www.milw0rm.com/exploits/6795 || url,secunia.com/advisories/32347/
        2008689 || ET TROJAN Gimmiv.A.dll Infection || url,www.microsoft.com/security/portal/Entry.aspx?name=TrojanSpy%3aWin32%2fGimmiv.A
        2008690 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (1) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008691 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (2) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008692 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (3) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008693 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (4) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008694 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (5) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008695 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (6) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008696 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (7) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008697 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (8) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008698 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (9) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008699 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (10) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008700 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 - Known Exploit Instance || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008701 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (11) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008702 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (12) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008703 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (13) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008704 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (14) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008705 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (15) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008706 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (16) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008707 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (17) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008708 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (18) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008709 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (19) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008710 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (20) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008711 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (21) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008712 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (22) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008713 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (23) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008714 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (24) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008715 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (25) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008716 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (26) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008717 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (27) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008718 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (28) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008719 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (29) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008720 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (30) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008721 || ET EXPLOIT Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 - Known Exploit Instance (2) || url,www.kb.cert.org/vuls/id/827267 || cve,2008-4250 || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
        2008722 || ET WEB_SPECIFIC Simple Customer contact.php SQL injection || bugtraq,28852
        2008723 || ET WEB_SPECIFIC ShopMaker product.php id Parameter Remote SQL Injection || bugtraq,31854 || url,www.milw0rm.com/exploits/6799
        2008724 || ET WEB_SPECIFIC Bahar Download Script aspkat.asp SQL Injection || bugtraq,31852
        2008725 || ET WEB_SPECIFIC WordPress Newsletter Plugin newsletter Parameter SQL Injection || url,secunia.com/advisories/32336 || url,milw0rm.com/exploits/6777
        2008726 || ET TROJAN Gimmiv Infection Ping Outbound
        2008727 || ET TROJAN Gimmiv Infection Ping Inbound
        2008728 || ET TROJAN General Downloader URL - Post Infection
        2400008 || ET DROP Spamhaus DROP Listed Traffic Inbound || url,www.spamhaus.org/drop/drop.lasso
        2401008 || ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE || url,www.spamhaus.org/drop/drop.lasso
        2404020 || ET DROP Known Bot C&C Server Traffic (group 21)  || url,www.shadowserver.org
        2405020 || ET DROP Known Bot C&C Traffic (group 21) - BLOCKING SOURCE || url,www.shadowserver.org

     -> Added to emerging-virus.rules (2):
        #by michael sconzo
        #ref 483dbf6dd97ec249b0ec84a358e39260

     -> Added to emerging-web.rules (1):
        #by Stillsecure

     -> Added to emerging-web_sql_injection.rules (1):
        #by stillsecure

[---]     Removed non-rule lines:    [---]

     -> Removed from emerging-drop-BLOCK.rules (2):
        #  VERSION 1330
        #  Generated 2008-10-18 00:03:02 EDT

     -> Removed from emerging-drop.rules (2):
        #  VERSION 1330
        #  Generated 2008-10-18 00:03:02 EDT





More information about the Snort-sigs mailing list