[***] Summary: [***] 5 new Open signatures, 10 new Pro (5/5). Goon/Infinity, Various Adware, Various WebShells. Thanks: Ben Koenig and Kevin Ross. [+++] Added rules: [+++] Open: 2018367 - ET MALWARE W32/iBryte.Adware Affiliate Campaign Executable Download (malware.rules)
2018368 - ET MALWARE W32/PullUpdate.Adware CnC Beacon (malware.rules)
2018369 - ET WEB_SERVER WEBSHELL K-Shell/ZHC Shell 1.0/Aspx Shell Backdoor NetCat_Listener (web_server.rules)
2018370 - ET WEB_SERVER ATTACKER WebShell - Zehir4.asp (web_server.rules)
2018371 - ET WEB_SERVER ATTACKER WebShell - Zehir4.asp - content (web_server.rules) Pro: 2807928 - ETPRO MALWARE Adware.Win32/Clickspring.B Checkin (malware.rules)
2807929 - ETPRO TROJAN Backdoor.Win32.Wallop.bz Request (trojan.rules)
2807930 - ETPRO TROJAN Unknown Trojan Checkin (trojan.rules)
2807931 - ETPRO MOBILE_MALWARE Android/Badao.A Checkin 2 (mobile_malware.rules)
2807932 - ETPRO CURRENT_EVENTS DRIVEBY Goon/Infinity EK Landing Apr 07 2014 (current_events.rules)
[///] Modified active rules: [///] 2002932 - ET MALWARE CWS Related Installer (malware.rules)
2003273 - ET MALWARE SOCKSv4 Port 5190 Inbound Request (Linux Source) (malware.rules)
2017183 - ET WEB_SERVER WebShell ASPXShell - Title (web_server.rules)
2018304 - ET CURRENT_EVENTS PHISH iTunes - Creds Phished (current_events.rules)
2018364 - ET CURRENT_EVENTS SUSPICIOUS OVH Shared Host SSL Certificate (Observed In Use by Some Trojans) (current_events.rules)
2802017 - ETPRO TROJAN Winspy/Fiskos/Fynloski/Gpigeon/Rewdulon/Greybird Backdoor Keepalive (trojan.rules)
2802986 - ETPRO TROJAN Win32/Banload.YE Checkin (trojan.rules)
2806188 - ETPRO TROJAN Backdoor.Win32/Netbus reporting via smtp (trojan.rules)
2806244 - ETPRO TROJAN W32/IRCBot-based!Maximus (trojan.rules)
2806305 - ETPRO TROJAN Trojan-PSW.Reedum FTP login (trojan.rules)
2806408 - ETPRO TROJAN Win32/Banload.AHA Sending SPAM (trojan.rules)
2806579 - ETPRO TROJAN DarkComet-RAT init connection 3 (trojan.rules)
2806581 - ETPRO TROJAN DarkComet-RAT init connection 4 (trojan.rules)
2806583 - ETPRO TROJAN DarkComet-RAT init connection 5 (trojan.rules)
2806585 - ETPRO TROJAN DarkComet-RAT init connection 6 (trojan.rules)
2806587 - ETPRO TROJAN DarkComet-RAT init connection 7 (trojan.rules)
2806589 - ETPRO TROJAN DarkComet-RAT init connection 8 (trojan.rules)
2806600 - ETPRO TROJAN Trojan-Banker.Win32.Banker.akf Checkin (trojan.rules)
2806709 - ETPRO MALWARE Server-Web.Win32.NetBox.c Checkin (malware.rules)
2806739 - ETPRO TROJAN Win32/Fabucks.A Checkin (trojan.rules)
2806883 - ETPRO TROJAN Worm.AutoIt/Renocide.gen!A Checkin (trojan.rules)
2807017 - ETPRO TROJAN Backdoor.Win32.GF.13x.A Checkin (trojan.rules)
2807037 - ETPRO TROJAN Trojan.Win32.Swisyn.auua Checkin (trojan.rules)
2807045 - ETPRO TROJAN Trojan.Win32.Agent.aapnf Report via SMTP (trojan.rules)
2807047 - ETPRO TROJAN Backdoor.Win32.GF.13x.A Response (trojan.rules)
2807113 - ETPRO TROJAN Trojan-Banker.Win32.Banz.kpx Checkin via SMTP (trojan.rules)
2807181 - ETPRO TROJAN Win32/IRCbot.gen!AC Reporting via IRC (trojan.rules)
2807279 - ETPRO TROJAN Worm.Mydoom spreading via SMTP 24 (trojan.rules)
2807371 - ETPRO MALWARE AdWare.MSIL.Sancmed.p Checkin (malware.rules)
2807424 - ETPRO TROJAN Trojan-Dropper.Win32.Dorifel.hlu Checkin (trojan.rules)
2807440 - ETPRO TROJAN Win32/Ranbyus Check-in (trojan.rules)
2807605 - ETPRO TROJAN Win32/Agent.UWF Checkin (trojan.rules)
2807668 - ETPRO TROJAN W32/KeyLogger.OFP!tr.spy Response (trojan.rules)
2807671 - ETPRO TROJAN Trojan-Proxy.Win32.Mediana.i Checkin (trojan.rules)
2807870 - ETPRO TROJAN W32/DelfInject.R Checkin (trojan.rules)
2807871 - ETPRO TROJAN W32/DelfInject.R Checkin 2 (trojan.rules)
2807872 - ETPRO TROJAN W32/DelfInject.R Checkin 3 (trojan.rules)
[---] Removed rules: [---] 2802985 - ETPRO TROJAN Win32/Banload.YE Checkin Flowbit SET (trojan.rules)
2804016 - ETPRO CURRENT_EVENTS Trojan.Win32.Jorik.Banker.kx Downloading Host file - SET (current_events.rules)
2804017 - ETPRO CURRENT_EVENTS Trojan.Win32.Jorik.Banker.kx Downloading Host file to map Brazilian banks sites to fraudulant IPs (current_events.rules)
2806252 - ETPRO TROJAN Unknown Keylogger Uploading logs (trojan.rules)
2806884 - ETPRO TROJAN Worm.AutoIt/Renocide.gen!A Checkin Response (trojan.rules)
2807111 - ETPRO TROJAN Win32/Agent.CC Checkin (trojan.rules)
2807139 - ETPRO TROJAN Trojan-PWS.OnlineGames ICMP Echo Request 1 (trojan.rules)
2807140 - ETPRO TROJAN Trojan-PWS.OnlineGames ICMP Echo Request 2 (trojan.rules)
2807437 - ETPRO TROJAN Trojan-Dropper.Win32.Dapato.dgla Checkin (trojan.rules)

 

Date: 
Sunday, April 6, 2014 - 22:00