[***] Summary: [***] 4 new Open rules, 22 new Pro rules. Nbdd.bsj, Onescan, Strictor, GoonEK, DelfInject. Thanks: Kevin Ross, @kafeine and @EKwatcher [+++] Added rules: [+++]] Open: 2018297 - ET CURRENT_EVENTS GoonEK encrypted binary (3) (current_events.rules)
2018298 - ET CURRENT_EVENTS GoonEK Landing Mar 20 2014 (current_events.rules)
2018299 - ET WEB_CLIENT Generic HeapSpray Construct (web_client.rules)
2018300 - ET TROJAN Win32/Stoberox.B (trojan.rules) Pro: 2807855 - ETPRO TROJAN Variant.Strictor.40297 Checkin (trojan.rules)
2807856 - ETPRO TROJAN Posible Win32/Zbot.AHJ CnC Traffic (trojan.rules)
2807857 - ETPRO MALWARE AdWare.Win32.Yotoon.hs Checkin (malware.rules)
2807858 - ETPRO MALWARE Rogue.Win32/Onescan Checkin 2 (malware.rules)
2807859 - ETPRO TROJAN Variant.Symmi Checkin 3 (trojan.rules)
2807860 - ETPRO TROJAN TrojanDownloader.HTML/Adodb.gen!A Download (trojan.rules)
2807861 - ETPRO TROJAN Backdoor.Win32.Nbdd.bsj Checkin (trojan.rules)
2807862 - ETPRO TROJAN Backdoor.Win32.Nbdd.bsj Checkin 2 (trojan.rules)
2807863 - ETPRO TROJAN Backdoor.Win32.Nbdd.bsj Checkin 3 (trojan.rules)
2807864 - ETPRO MALWARE Win32.Reconyc.wp Checkin (malware.rules)
2807865 - ETPRO TROJAN W32/Agent.EW.gen Checkin 2 (trojan.rules)
2807866 - ETPRO TROJAN Trojan.Win32.Scar.hfot Checkin (trojan.rules)
2807867 - ETPRO TROJAN Win32.WinSpy Checkin (trojan.rules)
2807868 - ETPRO TROJAN Win32.Inject.gynk Checkin (trojan.rules)
2807869 - ETPRO TROJAN Win32/Necurs Checkin 3 (trojan.rules)
2807870 - ETPRO TROJAN W32/DelfInject.R Checkin (trojan.rules)
2807871 - ETPRO TROJAN W32/DelfInject.R Checkin 2 (trojan.rules)
2807872 - ETPRO TROJAN W32/DelfInject.R Checkin 3 (trojan.rules)
[///] Modified active rules: [///] 2017998 - ET CURRENT_EVENTS Possible IE/SilverLight GoonEK Payload Download (current_events.rules)
2018184 - ET CURRENT_EVENTS Zeus.Downloader Campaign Second Stage Executable Request (current_events.rules)
2001472 - ET MALWARE Xpire.info Spyware Install Reporting (malware.rules)
2802017 - ETPRO TROJAN Winspy/Fiskos/Fynloski/Gpigeon/Rewdulon/Greybird Backdoor Keepalive (trojan.rules) [---] Removed rules: [---] 2003519 - ET EXPLOIT MS ANI exploit (exploit.rules)
2403338 - ET CINS Active Threat Intelligence Poor Reputation IP group 39 (ciarmy.rules)
2804319 - ETPRO TROJAN Backdoor.Win32.Rewdulon.A/Win32.Graybird Keepalive (trojan.rules)
2804547 - ETPRO TROJAN Win32/Zdesnado.AD Checkin (trojan.rules)

 

Date: 
Wednesday, March 19, 2014 - 22:00