[***] Summary: [***]

7 new Open signatures, 8 new Pro (7+1). Upatre, VBKrypt, Marag.f.

Thanks: Kevin Ross and @MalwareMustDie

[+++] Added rules: [+++]

Open:

2017348 - ET TROJAN Trojan.Win32.VBKrypt.cugq Checkin (trojan.rules)
2018457 - ET TROJAN Possible Upatre Downloader SSL certificate (fake loc) (trojan.rules)
2018458 - ET MALWARE DomainIQ Check-in (malware.rules)
2018459 - ET WEB_SERVER SUSPICIOUS Possible WebShell Login Form (Outbound) (web_server.rules)
2018460 - ET CURRENT_EVENTS Possible Upatre SSL Compromised site iclasshd.net (current_events.rules)
2018461 - ET CURRENT_EVENTS Possible Upatre SSL Compromised site sabzevarsez.com (current_events.rules)
2018462 - ET TROJAN W32/Fsysna.Downloader CnC Beacon (trojan.rules)

Pro:

2808034 - ETPRO TROJAN Worm.Win32.Marag.f Checkin (trojan.rules)

[///] Modified active rules: [///]

2013201 - ET TROJAN Win32/Rodecap CnC Checkin (trojan.rules)
2013723 - ET TROJAN Win32/Daemonize Trojan Proxy Initial Checkin (trojan.rules)
2014356 - ET TROJAN W32/ProxyChanger.InfoStealer Checkin (trojan.rules)
2018005 - ET TROJAN Possible Upatre Downloader SSL certificate (fake org) (trojan.rules)
2018413 - ET CURRENT_EVENTS Probable OneLouder downloader (Zeus P2P) (current_events.rules)
2018448 - ET TROJAN Selfnit Checkin (trojan.rules)

[---] Removed rules: [---]

2014964 - ET CURRENT_EVENTS Hacked Website Response '/*km0ae9gr6m*/' Jun 25 2012 (current_events.rules)
2014965 - ET CURRENT_EVENTS Hacked Website Response '/*qhk6sa6g1c*/' Jun 25 2012 (current_events.rules)
2017348 - ET USER_AGENTS Trojan.Win32.VBKrypt.cugq Checkin (user_agents.rules)
2803321 - ETPRO TROJAN Win32/Rodecap.A Checkin (trojan.rules)
Date: 
Thursday, May 8, 2014 - 22:00