[***] Summary: [***] 5 new Open rules, 6 new Pro (5/1). Zeus GameOver, NMAP SIP, Tinbanker. Thanks: Kevin Ross. [+++] Added rules: [+++] Open: 2018315 - ET WEB_CLIENT Microsoft Rich Text File .RTF File download with invalid listoverridecount (web_client.rules)
2018316 - ET CURRENT_EVENTS Zeus GameOver Possible DGA NXDOMAIN Responses (current_events.rules)
2018317 - ET SCAN NMAP SIP Version Detect OPTIONS Scan (scan.rules)
2018318 - ET SCAN NMAP SIP Version Detection Script Activity (scan.rules)
2018319 - ET CURRENT_EVENTS Upatre SSL Compromised site trudeausociety (current_events.rules) Pro: 2807882 - ETPRO TROJAN TrojanSpy.Win32/Tinbanker.A Checkin (trojan.rules)
[///] Modified active rules: [///] 2018184 - ET CURRENT_EVENTS Zeus.Downloader Campaign Second Stage Executable Request (current_events.rules)
2018314 - ET CURRENT_EVENTS Possible CVE-2014-1761 Inbound SMTP 1 (current_events.rules)
2804849 - ETPRO TROJAN Win32/Spy.Bancos.OMJ Checkin (trojan.rules)
2805953 - ETPRO TROJAN Win32/AgentBypass.B CnC - Download exe command (trojan.rules)
2806436 - ETPRO TROJAN TROJ_SASFIS.DA Checkin (trojan.rules)
2806943 - ETPRO TROJAN Win32/Nefyn.A POST (trojan.rules)
2807129 - ETPRO TROJAN Trojan.Win32.Bublik.aexq/Khan Fetching DDoS target (trojan.rules)
2807130 - ETPRO TROJAN Trojan.Win32.Bublik.aexq/Khan Receiving DDoS (trojan.rules)
2807515 - ETPRO TROJAN Minirem (trojan.rules)
2807864 - ETPRO MALWARE Win32/Nefyn.A GET .exe (malware.rules)
2807865 - ETPRO TROJAN W32/Agent.EW.gen Checkin 2 (trojan.rules)
[---] Removed rules: [---] 2805786 - ETPRO WEB_CLIENT Microsoft Rich Text File .RTF File download with invalid listoverridecount (web_client.rules)

 

Date: 
Monday, March 24, 2014 - 22:00