[***] Summary: [***] 10 new Open rules, 16 new Pro (10/6). CVE-2014-1761 (MS Word 0-day), Fake Flappy Bird, Waledac. [+++] Added rules: [+++] Open: 2018306 - ET MOBILE_MALWARE SMSSend Fake flappy bird APK (mobile_malware.rules)
2018307 - ET MALWARE AdWare.Win32.Yotoon.hs Checkin (malware.rules)
2018308 - ET CURRENT_EVENTS Possible CVE-2014-1761 Inbound SMTP 2 (current_events.rules)
2018309 - ET CURRENT_EVENTS Possible CVE-2014-1761 Inbound SMTP 3 (current_events.rules)
2018310 - ET CURRENT_EVENTS Possible CVE-2014-1761 Inbound SMTP 4 (current_events.rules)
2018311 - ET CURRENT_EVENTS Possible CVE-2014-1761 Inbound SMTP 5 (current_events.rules)
2018312 - ET CURRENT_EVENTS Possible CVE-2014-1761 Inbound SMTP 6 (current_events.rules)
2018313 - ET WEB_CLIENT Possible CVE-2014-1761 HTTP (web_client.rules)
2018314 - ET CURRENT_EVENTS Possible CVE-2014-1761 Inbound SMTP 1 (current_events.rules) Pro: 2807876 - ETPRO TROJAN Backdoor.Win32/Tofsee.F Checkin (trojan.rules)
2807877 - ETPRO TROJAN TrojanDownloader.Win32/Banup.A Checkin (trojan.rules)
2807878 - ETPRO TROJAN Trojan-Dropper.Win32.Dapato.dfmz Checkin (trojan.rules)
2807879 - ETPRO MALWARE Adware.Kraddare Checkin (malware.rules)
2807880 - ETPRO TROJAN Trojan-Downloader.Win32.Vivia.r Checkin (trojan.rules)
2807881 - ETPRO TROJAN TrojanDownloader Win32/Waledac.C .exe download 2 (trojan.rules)
[///] Modified active rules: [///] 2002034 - ET ATTACK_RESPONSE Possible /etc/passwd via HTTP (linux style) (attack_response.rules)
2014728 - ET TROJAN Smoke Loader Checkin r=gate (trojan.rules)
2015904 - ET TROJAN Win32/Kuluoz.B CnC 3 (trojan.rules)
2016460 - ET TROJAN WEBC2-CSON Checkin - APT1 Related (trojan.rules)
2016578 - ET TROJAN Dorkbot Loader Payload Request (trojan.rules)
2016903 - ET USER_AGENTS Suspicious User-Agent (DownloadMR) (user_agents.rules)
2016905 - ET MALWARE AdWare.MSIL.Solimba.b GET (malware.rules)
2016906 - ET MALWARE AdWare.MSIL.Solimba.b POST (malware.rules)
2016915 - ET MALWARE Suspicious User Agent Smart-RTP (malware.rules)
2017465 - ET TROJAN W32/Hesperus.Banker Nlog.php Variant Sending Data To CnC (trojan.rules)
2017627 - ET TROJAN W32/Kegotip CnC Beacon (trojan.rules)
2802952 - ETPRO TROJAN Herpbot.B Checkin (trojan.rules)
2804254 - ETPRO TROJAN Xtrat/Bifrose/VBKrypt CnC Channel Keepalive (trojan.rules)
2804543 - ETPRO TROJAN Backdoor.Win32.Hupigon Checkin (trojan.rules)
2805419 - ETPRO MALWARE Uptodown.com Checkin (malware.rules)
2805646 - ETPRO TROJAN Backdoor.Win32.Bezigate Checkin (trojan.rules)
2806120 - ETPRO TROJAN Unknown Trojan Selfupdate (exe.zip) (trojan.rules)
2806847 - ETPRO TROJAN WIN32/KOVTER.B Checkin (trojan.rules)
2807275 - ETPRO USER_AGENTS Suspicious User Agent UniversalUserAgent(winHTTP) (user_agents.rules)
2807276 - ETPRO MALWARE Adware/GetFaster Checkin (malware.rules)
2807581 - ETPRO TROJAN Backdoor.Win32/PcClient.AA Checkin (trojan.rules)
2807710 - ETPRO TROJAN Backdoor.Win32.PcClient.bal CnC (OUTBOUND) 3 (trojan.rules)
2807793 - ETPRO TROJAN Win32/Rootkit.BlackEnergy.AG Checkin (trojan.rules)
[---] Disabled and modified rules: [---] 2807157 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use-After-Free CVE-2013-3845 2 (web_client.rules)
[---] Removed rules: [---] 2012626 - ET TROJAN Unknown Dropper Checkin with NSISDL/1.2 User-Agent (trojan.rules)
2807857 - ETPRO MALWARE AdWare.Win32.Yotoon.hs Checkin (malware.rules)

 

Date: 
Sunday, March 23, 2014 - 22:00