Daily Ruleset Update Summary 2014/04/21

[***] Summary: [***] 5 new Open, 8 new Pro (5/3). GreenDou, EL8, Upatre. Thanks, Nathan Folwer, tdzmont, @EKwatcher [+++] Added rules: [+++] Open: 2018402 - ET CURRENT_EVENTS DRIVEBY Possible Goon/Infinity EK SilverLight Exploit (current_events.rules)
2018403 - ET TROJAN GENERIC Zbot Based Loader (trojan.rules)
2018404 - ET TROJAN GreenDou Downloader User-Agent (hello crazyk) (trojan.rules)
2018405 - ET CURRENT_EVENTS DRIVEBY EL8 EK Landing (current_events.rules)
2018406 - ET POLICY Possible Grams DarkMarket Search DNS Domain Lookup (policy.rules) Pro: 2807970 - ETPRO TROJAN Win32/Neurevt.A Checkin (trojan.rules)
2807971 - ETPRO CURRENT_EVENTS Possible Upatre SSL Compromised site bellabeachwear (current_events.rules)
2807972 - ETPRO TROJAN Win32/FlyStudio Activity (trojan.rules)
[///] Modified active rules: [///] 2009078 - ET TROJAN Backdoor Lanfiltrator Checkin (trojan.rules)
2009299 - ET TROJAN General Trojan Downloader (trojan.rules)
2009444 - ET TROJAN Virut Family GET (trojan.rules)
2011236 - ET TROJAN Trojan-Downloader Win32.Genome.avan (trojan.rules)
2012100 - ET WEB_CLIENT Oracle Java 6 Object Tag launchjnlp docbase Parameters Buffer Overflow (web_client.rules)
2014163 - ET TROJAN Bifrose/Cycbot Checkin 2 (trojan.rules)
2015045 - ET INFO Potential Common Malicious JavaScript Loop (info.rules)
2015808 - ET TROJAN Taidoor Checkin (trojan.rules)
2016498 - ET CURRENT_EVENTS Styx Exploit Kit Landing Applet With Payload (current_events.rules)
2016764 - ET CURRENT_EVENTS SofosFO PDF Payload Download (current_events.rules)
2017261 - ET TROJAN TrojanDownloader.Win32/Dofoil.U Trojan Checkin (trojan.rules)
2800514 - ETPRO WEB_CLIENT IBM Informix Client SDK NFX File Processing Stack Buffer Overflow (web_client.rules)
2800515 - ETPRO WEB_CLIENT IBM Informix Client SDK NFX File Processing Stack Buffer Overflow (web_client.rules)
2804434 - ETPRO TROJAN Likely Bot Nick in IRC ([country|so_version|computername]) (trojan.rules)
2806086 - ETPRO TROJAN QLowZones-6 Checkin (trojan.rules)
2806100 - ETPRO TROJAN Win32/Vkhost.F .dll download (trojan.rules)
2806272 - ETPRO TROJAN Win32/Sality.AM Checkin 2 (trojan.rules)
2806921 - ETPRO TROJAN Win32/Carberp.G Checkin (trojan.rules)
2807358 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.bk Checkin (mobile_malware.rules)
2807425 - ETPRO TROJAN Win32.LockScreen Ransomware checkin (trojan.rules)
2807429 - ETPRO TROJAN Trojan.Win32.Verti.A (trojan.rules)
2807614 - ETPRO TROJAN Backdoor.Win32/Delf.DU IRC Checkin (trojan.rules)
2807656 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0285) (web_client.rules)
2807657 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0286) (web_client.rules)
2807876 - ETPRO TROJAN Backdoor.Win32/Tofsee.F Checkin (trojan.rules)
[---] Removed rules: [---] 2803388 - ETPRO TROJAN Win32/Dynamer!dtc Checkin (trojan.rules)
2804495 - ETPRO TROJAN Virus.Win32/Sality.T Checkin (trojan.rules)

 

Date: 
Monday, April 21, 2014 - 00:00