[***] Summary: [***] 8 new Open rules, 12 new Pro (8/4). Angler EK, Goon/Infinity EK, Hikvision DVR scan, Deep Panda. Thanks: Kevin Ross, Jake Warren, Jamie Blasco. [+++] Added rules: [+++] Open: 2018340 - ET TROJAN Win32.Sality-GR Checkin (trojan.rules)
2018341 - ET TROJAN Kazy Checkin (trojan.rules)
2018342 - ET CURRENT_EVENTS DRIVEBY Goon/Infinity EK Landing Mar 31 2014 (current_events.rules)
2018343 - ET CURRENT_EVENTS Hikvision DVR attempted Synology Recon Scan (current_events.rules)
2018344 - ET CURRENT_EVENTS Hikvision DVR Synology Recon Scan Checkin (current_events.rules)
2018345 - ET TROJAN W32/SpeedingUpMyPC.Rootkit Sucessful Install GET Type CnC Beacon (trojan.rules)
2018346 - ET CURRENT_EVENTS DRIVEBY Angler EK Landing Apr 01 2014 (current_events.rules)
2018348 - ET CURRENT_EVENTS Possible Deep Panda WateringHole Related URI Struct (current_events.rules) Pro: 2807910 - ETPRO TROJAN Win32/Injector.BANJ Checkin (trojan.rules)
2807911 - ETPRO TROJAN W32/OnlineGames.HG.gen Checkin (trojan.rules)
2807912 - ETPRO TROJAN Win32/TrojanDownloader.Agent.ALG Checkin (trojan.rules)
2807913 - ETPRO CURRENT_EVENTS DRIVEBY Angler EK Apr 01 2014 (current_events.rules)
[///] Modified active rules: [///] 2008974 - ET MALWARE User-Agent (Mozilla/4.0 (compatible)) (malware.rules)
2016541 - ET CURRENT_EVENTS SofosFO/GrandSoft landing applet plus class Mar 03 2013 (current_events.rules)
2018337 - ET CURRENT_EVENTS DRIVEBY Goon/Infinity EK Landing Mar 31 2014 (current_events.rules)
2804541 - ETPRO MALWARE TSPY_ONLING.SMIF Dropper Pull (malware.rules)
2807196 - ETPRO TROJAN Worm.Win32/Netsky.F@mm spreading via SMTP 6 (trojan.rules)
[///] Modified inactive rules: [///] 2002061 - ET EXPLOIT Possible BackupExec Metasploit Exploit (inbound) (exploit.rules)
2002826 - ET POLICY fetch User Agent (policy.rules)
[---] Disabled rules: [---] 2002064 - ET NETBIOS ms05-011 exploit (netbios.rules)

 

Date: 
Monday, March 31, 2014 - 22:00