Title: Secclean fake antivirus
Description: FakeAV continues to be a prevalent threat in the wild surrounding the Microsoft Windows Operating system, typically loaded in the Trojan method.
Ref: http://blog.0x3a.com/post/63080734846/analysis-of-the-security-cleaner-pro-fake-antivirus
Snort SID: 28248-28250
ClamAV:Win.Downloader.Seclean, Win.Trojan.Seclean
Title: DLink DIR-100 User-Agent Backdoor
Description: By setting a User-Agent to a specific value, as detailed
in the below link, certain DLink devices can be accessed without
authorization or security.
Reference: http://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/
Snort SID: 28240
ClamAV: N/A
Title: MS IE cdisplaypointer 0-day metasploit module
Description: This week a Metasploit module released for Microsoft
Internet Explorer CVE-2013-3897 was released. This makes a previously
not-well-known vulnerability in Microsoft Internet Explorer more
available to penetration testers and researchers.
Reference:http://www.rapid7.com/db/modules/exploit/windows/browser/ms13_080_cdisplaypointer
Snort SID: 28091-28092, 28207-28208
ClamAV: BC.Exploit.CVE_2013_3897
Deja un comentario