[***] Summary: [***] 10 new Open rules, 23 new Pro (10/13). Havex RAT, Gamut, Snake Rootkit. Thanks: Jake Warren, @MalwareMustDie, Kevin Ross, BAE Systems. Please see our blog post outlining our coverage for Microsoft Patch Tuesday releases here: http://www.emergingthreats.net/2014/03/11/march-2014-microsoft-tuesday-coverage/ [+++] Added rules: [+++] Open: 2018243 - ET TROJAN Havex RAT CnC Server Response (trojan.rules)
2018244 - ET TROJAN Havex RAT CnC Server Response HTML Tag (trojan.rules)
2018245 - ET CURRENT_EVENTS Gamut Spambot Checkin (current_events.rules)
2018246 - ET CURRENT_EVENTS Gamut Spambot Checkin Response (current_events.rules)
2018247 - ET TROJAN Snake rootkit, usermode-centric client request (trojan.rules)
2018248 - ET TROJAN Snake rootkit, usermode-centric encrypted command from server (trojan.rules)
2018249 - ET TROJAN W32/PointOfSales.Misc CnC Beacon (trojan.rules)
2018250 - ET TROJAN W32/PointOfSales.Misc CnC Activity (trojan.rules)
2018251 - ET TROJAN Havex Rat Check-in URI Struct (trojan.rules)
2018253 - ET TROJAN RDP Brute Force Bot Checkin (trojan.rules) Pro: 2807800 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0297) (web_client.rules)
2807801 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0298) (web_client.rules)
2807802 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0299) (web_client.rules)
2807803 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0302) (web_client.rules)
2807804 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0303) (web_client.rules)
2807805 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0304) (web_client.rules)
2807806 - ETPRO WEB_CLIENT Possible User-After-Free CVE-2014-0309 (web_client.rules)
2807807 - ETPRO WEB_CLIENT Possible User-After-Free CVE-2014-0312 (web_client.rules)
2807808 - ETPRO WEB_CLIENT Possible IE10 Memory Corruption Vulnerability CVE-2014-0313 1 (web_client.rules)
2807809 - ETPRO WEB_CLIENT Possible IE10 Memory Corruption Vulnerability CVE-2014-0313 2 (web_client.rules)
2807810 - ETPRO WEB_CLIENT CSelectTracker type confusion CVE-2014-0314 (web_client.rules)
2807811 - ETPRO WEB_CLIENT Possible IE8 Memory Corruption Vulnerability CVE-2014-0324 (web_client.rules)
2807812 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Opfake.a Checkin 7 (mobile_malware.rules)
[///] Modified active rules: [///] 2014726 - ET POLICY Outdated Windows Flash Version IE (policy.rules)
2014727 - ET POLICY Outdated Mac Flash Version (policy.rules)
[---] Removed rules: [---] 2807679 - ETPRO TROJAN Win32/Kryptik.BUQO Checkin (trojan.rules)
Date: 
Monday, March 10, 2014 - 22:00