[***] Summary: [***] 8 new Open rules, 20 new Pro (8/12). Upatre, RBrute, Graftor, Kraddare. Thanks: Marcus Cymerman, Nathan Fowler, @MalwareMustDie [+++] Added rules: [+++] Open: 2018350 - ET CURRENT_EVENTS Upatre SSL Compromised site potpourriflowers (current_events.rules)
2018351 - ET CURRENT_EVENTS Upatre SSL Compromised site kionic (current_events.rules)
2018352 - ET CURRENT_EVENTS Possible FakeAV binary download (setup) (current_events.rules)
2018353 - ET CURRENT_EVENTS Win32.RBrute Scan (Outgoing) (current_events.rules)
2018354 - ET CURRENT_EVENTS Win32.RBrute Scan (incoming) (current_events.rules)
2018355 - ET CURRENT_EVENTS Win32.RBrute http server request (current_events.rules)
2018356 - ET CURRENT_EVENTS Win32.RBrute http response (current_events.rules)
2018357 - ET CURRENT_EVENTS EvilTDS Redirection (current_events.rules) Pro: 2806884 - ETPRO TROJAN Worm.AutoIt/Renocide.gen!A Checkin Response (trojan.rules)
2807914 - ETPRO TROJAN Trojan.Win32.Cossta.gns Checkin (trojan.rules)
2807915 - ETPRO TROJAN Trojan-Downloader.Win32.Banload.cqhl Checkin (trojan.rules)
2807916 - ETPRO MOBILE_MALWARE Android.Trojan.FakeInst.BL Checkin 2 (mobile_malware.rules)
2807917 - ETPRO TROJAN Variant.Graftor.136459 Checkin (trojan.rules)
2807918 - ETPRO TROJAN Trojan-Ransom.Win32.Blocker.avsx Checkin Response (trojan.rules)
2807919 - ETPRO TROJAN Trojan-Ransom.Win32.Blocker.avsx Checkin Response 2 (trojan.rules)
2807920 - ETPRO POLICY Win32/InstallIQ.A Checkin (policy.rules)
2807921 - ETPRO MOBILE_MALWARE Android.Monitor.MobileSpy.I Checkin (mobile_malware.rules)
2807922 - ETPRO MALWARE Win32/Adware.Kraddare.HH Checkin (malware.rules)
2807923 - ETPRO TROJAN Win32/Qhost.PGM Checkin (trojan.rules)
2807924 - ETPRO CURRENT_EVENTS DRIVEBY Goon/Infinity EK Landing Apr 02 2014 (current_events.rules)
[///] Modified active rules: [///] 2001040 - ET MALWARE My Search Bar Install (malware.rules)
2014353 - ET MALWARE W32/MediaGet.Adware Installer Download (malware.rules)
2015723 - ET TROJAN ZeroAccess Checkin (trojan.rules)
2015821 - ET INFO Suspicious Windows NT version 8 User-Agent (info.rules)
2016862 - ET TROJAN Hangover Campaign Keylogger 2 checkin (trojan.rules)
2017992 - ET TROJAN Win32/OutBrowse.G Variant Checkin (trojan.rules)
2018295 - ET TROJAN Mal/Ransom-CE Connectivity Check (trojan.rules)
2018310 - ET CURRENT_EVENTS Possible CVE-2014-1761 Inbound SMTP 4 (current_events.rules)
2804737 - ETPRO TROJAN Trojan.Win32.Pincav.cemf Checkin (trojan.rules)
2804789 - ETPRO TROJAN Trojan-PSW.Win32.WebMoner.si Checkin (trojan.rules)
2806235 - ETPRO TROJAN Trojan-Ransom.Win32.Blocker.avsx Checkin (trojan.rules)
2806883 - ETPRO TROJAN Worm.AutoIt/Renocide.gen!A Checkin (trojan.rules)
2806995 - ETPRO TROJAN Trojan.Win32.Swisyn.behb Checkin (trojan.rules)
[---] Removed rules: [---] 2016358 - ET TROJAN W32/ZeroAccess Counter.img Checkin (trojan.rules)

 

Date: 
Wednesday, April 2, 2014 - 22:00