[***] Summary: [***]

7 new open rules, 11 new Pro (7+4). Netwire RAT, Spy.Agent.OIA, Cutwail.

Thanks: Alexandre Dulaunoy and @EKWatcher

[+++] Added rules: [+++]

Open:

2018422 - ET TROJAN Uprate Binary Download April 28 2014 (trojan.rules)
2018423 - ET TROJAN W32/Eclipse.DDOSBot CnC Beacon Response (trojan.rules)
2018424 - ET TROJAN W32/MadnessPro.DDOSBot CnC Beacon (trojan.rules)
2018425 - ET TROJAN Vawtrak/NeverQuest - Post Data Form 01 (trojan.rules)
2018426 - ET TROJAN Netwire RAT Check-in (trojan.rules)
2018427 - ET TROJAN Netwire RAT Check-in (trojan.rules)
2018428 - ET CURRENT_EVENTS SUSPICIOUS Crystalize Filter in Uncompressed Flash (current_events.rules)

Pro:

2807986 - ETPRO TROJAN Win32.Inject.mrep Checkin (trojan.rules)
2807987 - ETPRO TROJAN Win32/Spy.Agent.OIA Checkin (trojan.rules)
2807988 - ETPRO TROJAN Win32/Spy.Agent.OIA Checkin 2 (trojan.rules)
2807989 - ETPRO TROJAN Trojan.Win32.Delf.dmhd Checkin (trojan.rules)

[///] Modified active rules: [///]

2014270 - ET TROJAN Backdoor.Win32.RShot Ping Outbound (trojan.rules)
2014271 - ET TROJAN Win32/Cutwail.BE Checkin 1 (trojan.rules)
2014272 - ET TROJAN Win32/Cutwail.BE Checkin 2 (trojan.rules)
2014726 - ET POLICY Outdated Windows Flash Version IE (policy.rules)
2014727 - ET POLICY Outdated Mac Flash Version (policy.rules)
2017558 - ET TROJAN Mevade Checkin (trojan.rules)
2017598 - ET TROJAN Possible Kelihos.F EXE Download Common Structure (trojan.rules)
2018394 - ET TROJAN Common Upatre Header Structure (trojan.rules)
2018412 - ET TROJAN Trojan-Spy.Win32.Zbot.qgxi Checkin (trojan.rules)
2806114 - ETPRO WEB_CLIENT CVE-2013-0092 GetMarkUpPtr Use After free 3 (web_client.rules)

[///] Modified inactive rules: [///]

2018418 - ET CURRENT_EVENTS Possible W32/Zbot.InfoStealer SSL Cert Parallels.com (current_events.rules)

[---] Disabled and modified rules: [---]

2800751 - ETPRO EXPLOIT CA BrightStor ARCserve Backup Message Engine Opcode 117 Buffer Overflow (exploit.rules)
2800752 - ETPRO EXPLOIT CA BrightStor ARCserve Backup Message Engine Opcode 117 Buffer Overflow (exploit.rules)
2800753 - ETPRO EXPLOIT CA BrightStor ARCserve Backup Message Engine Opcode 117 Buffer Overflow (exploit.rules)
2800754 - ETPRO EXPLOIT CA BrightStor ARCserve Backup Message Engine Opcode 117 Buffer Overflow (exploit.rules)

[---] Removed rules: [---]

2001040 - ET MALWARE My Search Bar Install (malware.rules)
2006384 - ET TROJAN Generic Password Stealer Checkin URL Detected (trojan.rules)
2102710 - GPL SQL dbms_offline_og.begin_load buffer overflow attempt (sql.rules)
2102716 - GPL SQL dbms_offline_snapshot.end_load buffer overflow attempt (sql.rules)
2102787 - GPL SQL dbms_repcat_instantiate.instantiate_online buffer overflow attempt (sql.rules)
2102794 - GPL SQL dbms_repcat.refresh_mview_repgroup buffer overflow attempt (sql.rules)
2102803 - GPL SQL dbms_repcat_rgt.drop_site_instantiation buffer overflow attempt (sql.rules)
Date: 
Sunday, April 27, 2014 - 22:00