[***] Summary: [***] 9 new Open rules, 12 new Pro (9/3). Thanks: @EKWatcher and @jaimeblascob [+++] Added rules: [+++] Open: 2018358 - ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 (info.rules)
2018359 - ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 2 (info.rules)
2018360 - ET CURRENT_EVENTS DRIVEBY Nuclear EK SWF Struct (current_events.rules)
2018361 - ET CURRENT_EVENTS DRIVEBY Nuclear EK SWF Struct (current_events.rules)
2018362 - ET CURRENT_EVENTS DRIVEBY Nuclear EK SWF (current_events.rules)
2018363 - ET CURRENT_EVENTS DRIVEBY Nuclear EK PDF (current_events.rules)
2018364 - ET CURRENT_EVENTS SUPSICOUS OVH Shared Host SSL Certificate (Observed In Use by Some Trojans) (current_events.rules)
2018365 - ET INFO DYNAMIC_DNS HTTP Request to a *.mrbasic.com Domain (info.rules)
2018366 - ET INFO DYNAMIC_DNS Query to a *.mrbasic.com Domain (info.rules) Pro: 2807925 - ETPRO POLICY RemoteAdmin.Win32.WinVNC.gc (OUTBOUND) (policy.rules)
2807926 - ETPRO TROJAN Trojan-Ransom.Win32.PornoAsset Checkin (trojan.rules)
2807927 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.cm Checkin (mobile_malware.rules)
[///] Modified active rules: [///] 2001058 - ET EXPLOIT libpng tRNS overflow attempt (exploit.rules)
2002780 - ET TROJAN Goldun Reporting User Activity 2 (trojan.rules)
2017636 - ET CURRENT_EVENTS Nuclear EK PDF URI Struct (current_events.rules)
2017742 - ET TROJAN Solarbot Check-in (trojan.rules)

 

Date: 
Friday, April 4, 2014 - 00:00