Blog

Daily Ruleset Update Summary 1/24/2012

No new Open rules today, 7 new Pro rules. Enjoy!

 

[+++]          Added rules:          [+++]

 

2804401 – ETPRO TROJAN Trojan.PWS.Banker.63410 Checkin (trojan.rules)

2804402 – ETPRO TROJAN Trojan.Win32.Menti.kgbj User-Agent (The G-Bot) (trojan.rules)

2804403 – ETPRO TROJAN Trojan.Win32.Menti.kgbj Checkin (trojan.rules)

2804404 – ETPRO TROJAN Trojan/Genome.aieg Checkin (trojan.rules)

2804405 – ETPRO TROJAN Win32/Wombot.A Checkin (trojan.rules)

2804406 – ETPRO TROJAN Backdoor.Win32.Delf.abtp Checkin (trojan.rules)

2804407 – ETPRO MALWARE Adware.Relevant.BH Install (malware.rules)

 

 

[///]     Modified active rules:     [///]

 

2013093 – ET CURRENT_EVENTS Clickfraud Framework Request (current_events.rules)

2014029 – ET TROJAN Agent.UGP!tr/Cryptor/Graftor Dropper Requesting exe (trojan.rules)

 

Performance tweaks:

2800385 – ETPRO WEB_CLIENT Adobe Reader and Acrobat util.printf Stack Buffer Overflow 1 (web_client.rules)

2800386 – ETPRO WEB_CLIENT Adobe Reader and Acrobat util.printf Stack Buffer Overflow 2 (web_client.rules)

2800429 – ETPRO WEB_CLIENT Adobe Multiple Products Embedded JBIG2 Stream Buffer Overflow (web_client.rules)

2800461 – ETPRO WEB_CLIENT Adobe Reader JavaScript getAnnots Method Memory Corruption (web_client.rules)

2800478 – ETPRO WEB_CLIENT Adobe Acrobat and Adobe Reader FlateDecode Integer Overflow 1 (web_client.rules)

2800479 – ETPRO WEB_CLIENT Adobe Acrobat and Adobe Reader FlateDecode Integer Overflow 2 (web_client.rules)

2800516 – ETPRO WEB_CLIENT Adobe Acrobat and Adobe Reader Deflate Parameter Integer Overflow 1 (web_client.rules)

2800517 – ETPRO WEB_CLIENT Adobe Acrobat and Adobe Reader Deflate Parameter Integer Overflow 2 (web_client.rules)

2800523 – ETPRO WEB_CLIENT Xpdf Splash DrawImage Integer Overflow (web_client.rules)

2800524 – ETPRO WEB_CLIENT Xpdf Splash DrawImage Integer Overflow (web_client.rules)

2800909 – ETPRO WEB_CLIENT Adobe Reader printSeps Memory Corruption (web_client.rules)

2803738 – ETPRO TROJAN Backdoor.Win32.PCRat.A Checkin 2 (trojan.rules)

2804121 – ETPRO TROJAN Win32.Refroso.dmzq Checkin (trojan.rules)

 

 

[---]         Removed rules:         [---]

 

Obsoleted:

2011351 – ET CURRENT_EVENTS Driveby bredolab server response contains .ru 8080/index.php? (current_events.rules)

2013803 – ET TROJAN Unknown checkin (trojan.rules)

 

Changing to a single rule detection for performance:

2800384 – ETPRO WEB_CLIENT Adobe PDF in HTTP Flowbit Set (web_client.rules)

 

Obsoleting:

2803008 – ETPRO TROJAN Dropper.Win32/Nepotemp.A Checkin (trojan.rules)

2803295 – ETPRO TROJAN Backdoor.Win32.Fusing.AA Checkin 1 (trojan.rules)

2803296 – ETPRO TROJAN Backdoor.Win32.Fusing.AA Checkin 2 (trojan.rules)

Leave a Reply

Blog Archive

RSS

Categories

Twitter Updates