Blog

Daily Ruleset Update Summary 1/27/2012

3 new Open rules, 17 new Pro. Enjoy!

 

 

[+++]          Added rules:          [+++]

 

2014150 – ET CURRENT_EVENTS Suspicious executable download possible Trojan NgrBot (current_events.rules)

2014151 – ET CURRENT_EVENTS Known Malicious Link Leading to Exploit Kits (t.php?id=is1) (current_events.rules)

2014152 – ET TROJAN Gozi Checkin to CnC (trojan.rules)

 

New Pro Subscriber Rules:

2804408 – ETPRO TROJAN Mal/Simda-C Install (trojan.rules)

2804409 – ETPRO TROJAN Variant.Kazy.51230 Checkin (trojan.rules)

2804410 – ETPRO TROJAN Win32/Banload.AGV User-Agent (BOTPA5BG8S) (trojan.rules)

2804411 – ETPRO TROJAN Trojan.Win32.Swisyn.mtz User-Agent (SALLAMAILZILLA) (trojan.rules)

2804412 – ETPRO TROJAN Win32/Esfury.T Checkin (trojan.rules)

2804413 – ETPRO TROJAN Win32/Esfury.T User-Agent ( STEALER ) (trojan.rules)

2804414 – ETPRO TROJAN TrojanDropper.Win32/Agent.KA Checkin (trojan.rules)

2804415 – ETPRO TROJAN Backdoor.Win32.LolBot CnC Channel Checkin (trojan.rules)

2804416 – ETPRO TROJAN Backdoor.Win32.LolBot CnC Channel Keepalive Ping (trojan.rules)

2804417 – ETPRO TROJAN TrojanClicker.Win32/Towshin.A Checkin (trojan.rules)

2804418 – ETPRO TROJAN Trojan.Win32.Scar.facd Checkin (trojan.rules)

2804419 – ETPRO MALWARE Riskware.Win32.SoftonicDownloader.AMN!A2 Install (malware.rules)

2804420 – ETPRO TROJAN Win32/TrojanDownloader.Adload.NJJ CnC Traffic (trojan.rules)

2804421 – ETPRO TROJAN Win32/Dofoil.A Checkin (trojan.rules)

2804422 – ETPRO TROJAN Win32/Poison.BG Checkin (trojan.rules)

2804423 – ETPRO TROJAN TrojanDownloader.Win32/Banload.ACK receiving config (trojan.rules)

2804424 – ETPRO TROJAN Win32/OnLineGames.NM Install 2 (trojan.rules)

 

 

[///]     Modified active rules:     [///]

 

General housekeeping tweaks for the most part:

2001365 – ET WEB_SERVER Alternate Data Stream source view attempt (web_server.rules)

2002775 – ET TROJAN Goldun Reporting User Activity (trojan.rules)

2002857 – ET TROJAN Win32.VB.aie Reporting User Activity (trojan.rules)

2009830 – ET TROJAN Win32/Wombot.A checkin Possible Bruteforcer for Web Forms and Accounts – HTTP POST (trojan.rules)

 

2800598 – ETPRO TROJAN Malware Trojan-PSW.Win32.Papras.dm Checkin (trojan.rules)

2803991 – ETPRO TROJAN Hoax/Win32.ArchSMS.gen Checkin (trojan.rules)

2804001 – ETPRO TROJAN Win32/TrojanDownloader.Delf.QUT Checkin (trojan.rules)

 

 

[---]         Removed rules:         [---]

 

Dedupes:

2008491 – ET TROJAN Banker.OT Checkin (2 packet) (trojan.rules)

2008659 – ET TROJAN Suspicious User-Agent Detected (DigitAl56K/6.3) (trojan.rules)

 

Wasn’t accurate, and they’re gone now anyway…

2009301 – ET POLICY Megaupload file download service access (policy.rules)

 

FP Prone, replaced by other sigs:

2014138 – ET CURRENT_EVENTS DRIVEBY Generic Java Rhino Scripting Engine Exploit Previously Requested class.class (current_events.rules)

2804390 – ETPRO TROJAN Hoax.Win32.ArchSMS.rrz Install (trojan.rules)

2804405 – ETPRO TROJAN Win32/Wombot.A Checkin (trojan.rules)

Leave a Reply

Blog Archive

RSS

Categories

Twitter Updates