[***] Summary: [***] 6 new Open rules, 21 new Pro (6/15). Various Android, DarkComet, Netwire, WordPress DOS. Thanks: @EKwatcher @c_APT_ure @MalwareMustDie Emerging Threats would like to remind and/or inform everyone that this ruleset does not contain the Russian Business Network (RBN) rules. These rules are obsolete and will not be distributed in future releases.
[+++] Added rules: [+++] 2018260 - ET CURRENT_EVENTS DRIVEBY Styx Landing Page Mar 08 2014 (current_events.rules)
2018277 - ET DOS Possible WordPress Pingback DDoS in Progress (Inbound) (dos.rules)
2018279 - ET CURRENT_EVENTS MtGox Leak wallet stealer UA (current_events.rules)
2018281 - ET TROJAN Possible Netwire RAT Client HeartBeat C1 (no alert) (trojan.rules)
2018282 - ET TROJAN Possible Netwire RAT Client HeartBeat S1 (no alert) (trojan.rules)
2018283 - ET TROJAN Possible Netwire RAT Client HeartBeat C2 (trojan.rules) Pro: 2807818 - ETPRO TROJAN Troj/DwnLdr-LHU Checkin (trojan.rules)
2807819 - ETPRO TROJAN Backdoor.Win32.Hupigon Checkin (Intel) (trojan.rules)
2807820 - ETPRO TROJAN Backdoor.Win32.Hupigon Checkin (AMD) (trojan.rules)
2807821 - ETPRO TROJAN DarkComet-RAT activity (trojan.rules)
2807822 - ETPRO TROJAN Win32/Paramis.A Checkin 2 (trojan.rules)
2807823 - ETPRO TROJAN Trojan-Dropper.Win32.Sysn.acbq Checkin (trojan.rules)
2807824 - ETPRO MOBILE_MALWARE Android/Agent.BNO Checkin (mobile_malware.rules)
2807825 - ETPRO MOBILE_MALWARE Android/Agent.BNO Checkin 2 (mobile_malware.rules)
2807826 - ETPRO TROJAN Win32/Parite.B Checkin (trojan.rules)
2807827 - ETPRO TROJAN Win32/Virut.AG Checkin (trojan.rules)
2807828 - ETPRO TROJAN Win32/Matcash.F Checkin (trojan.rules)
2807829 - ETPRO EXPLOIT HP Data Protector Backup Client Service Remote Code Execution (Unicode UTF-16 Little Endian) (exploit.rules)
2807830 - ETPRO EXPLOIT HP Data Protector Backup Client Service Remote Code Execution (Unicode UTF-16 Big Endian) (exploit.rules)
2807831 - ETPRO TROJAN Win32/Tofsee.I Checkin (trojan.rules)
2807832 - ETPRO TROJAN Generic.Mitglied Checkin 2 (trojan.rules)
[///] Modified active rules: [///] 2007994 - ET MALWARE Suspicious User-Agent (1 space) (malware.rules)
2017064 - ET CURRENT_EVENTS Cool/BHEK/Goon Applet with Alpha-Numeric Encoded HTML entity (current_events.rules)
2017998 - ET CURRENT_EVENTS Possible IE/SilverLight GoonEK Payload Download (current_events.rules)
2805223 - ETPRO TROJAN W32/Scar.GKKK!tr Checkin (trojan.rules)
2806657 - ETPRO TROJAN Win32.CCProxy.jk (proxy redirect) (trojan.rules)
2807143 - ETPRO TROJAN Win32.RatTool Checkin (trojan.rules)
2807581 - ETPRO TROJAN Backdoor.Win32/PcClient.AA Checkin (trojan.rules)
2807711 - ETPRO TROJAN Trojan.FakeMS Checkin (trojan.rules) [---] Removed rules: [---] 2406* - ET RBN Known Russian Business Network IP group * (rbn.rules)
2408* - ET RBN Known Malvertiser IP group * (rbn-malvertisers.rules)

 

Date: 
Thursday, March 13, 2014 - 22:00