4 new Open rules, 1 new Pro rule. A lot of tweaks.

 

Enjoy!

 

 

[+++]          Added rules:          [+++]

 

2014406 – ET MOBILE_MALWARE iOS Keylogger iKeyMonitor access (mobile_malware.rules)

2014407 – ET CURRENT_EVENTS DRIVEBY EgyPack Exploit Kit Cookie Set (current_events.rules)

2014408 – ET CURRENT_EVENTS DRIVEBY EgyPack Exploit Kit Cookie Present (current_events.rules)

2014409 – ET TROJAN Alureon Primary CnC Checkin (trojan.rules)

 

Pro:

2804695 – ET TROJAN ETPRO TROJAN Hutizu UA (trojan.rules)

 

 

[///]     Modified active rules:     [///]

 

2013398 – ET TROJAN Backdoor.Win32/Momibot Checkin (trojan.rules)

2013399 – ET TROJAN Backdoor.Win32/Momibot Ping Checkin (trojan.rules)

2013424 – ET TROJAN W32/UFR POST to CnC (trojan.rules)

2013435 – ET TROJAN Win32.Shiz.fxm/Agent-TBT Checkin (trojan.rules)

2013443 – ET TROJAN W32/Mnless Checkin (trojan.rules)

2013444 – ET TROJAN Win32/Onescan FraudWare User-Agent (trojan.rules)

2013451 – ET TROJAN NgrBot IRC CnC Channel Join (trojan.rules)

2013456 – ET TROJAN Win32/VB.HV Checkin (trojan.rules)

2013488 – ET TROJAN Zeus Bot GET to Bing checking Internet connectivity (trojan.rules)

2013543 – ET TROJAN W32/iGrabber Info Stealer FTP Upload (trojan.rules)

2013672 – ET TROJAN Win32.Riberow.A (postit3) (trojan.rules)

2013740 – ET TROJAN Zeus/Aeausuc P2P Variant Retrieving Peers List (trojan.rules)

2013741 – ET TROJAN Trojan-Dropper.Win32.StartPage.dvm or Mebromi Bios Rootkit CnC Count Checkin (trojan.rules)

2013767 – ET TROJAN W32/Einstein CnC Checkin (trojan.rules)

2013768 – ET TROJAN Win32.Dropper.Wlock Checkin (trojan.rules)

2013781 – ET TROJAN Win32.Scar.dvov Searchstar.co.kr related Checkin (trojan.rules)

2013797 – ET TROJAN Win32.PEx.Delphi.307674628 Checkin (trojan.rules)

2013798 – ET TROJAN Win32.PEx.Delphi.1151005043 Post-infection Checkin (trojan.rules)

2013802 – ET TROJAN Cycbot POST (trojan.rules)

2013807 – ET TROJAN Jorik FakeAV GET (trojan.rules)

2013819 – ET TROJAN Win32.Kexject.A Checkin (trojan.rules)

2014405 – ET TROJAN Cridex.B/Feodo Checkin (trojan.rules)

 

2803426 – ETPRO TROJAN TrojanDownloader.VBS/Badiseso.H Checkin (trojan.rules)

2803438 – ETPRO TROJAN Win32.Puprlehzae.A Checkin (trojan.rules)

2803439 – ETPRO TROJAN Kryptik.UFOSG2RAbFQ Pre-infection Redirect (trojan.rules)

2803441 – ETPRO TROJAN E-Surveiller.com Checkin (trojan.rules)

2803464 – ETPRO TROJAN Win32/Banker.LW sending info (trojan.rules)

2803484 – ETPRO TROJAN Trojan-Dropper.Win32.Agent.eydk Checkin (trojan.rules)

2803509 – ETPRO TROJAN Win32/Dogrobot.D Checkin (trojan.rules)

2803545 – ETPRO TROJAN Suspicious User-Agent (SqUeEzEr) (trojan.rules)

2803562 – ETPRO TROJAN Downloader.Win32.Agent.fltp Install (trojan.rules)

2803586 – ETPRO TROJAN Variant.Buzy.1519 Download Freezone Search (trojan.rules)

2803616 – ETPRO TROJAN Trojan.Generic.5778957 Checkin (trojan.rules)

2803648 – ETPRO TROJAN Trojan-Downloader.Win32.VB.alky User-Agent (Tgwang) (trojan.rules)

2803678 – ETPRO TROJAN Trojan.Win32.Wealwedst.A Sending Info (trojan.rules)

2803706 – ETPRO TROJAN BackDoor.DOQ.gen.y Checkin 1 (trojan.rules)

2803707 – ETPRO TROJAN BackDoor.DOQ.gen.y Checkin 2 (trojan.rules)

2803708 – ETPRO TROJAN BackDoor.DOQ.gen.y Checkin 3 (trojan.rules)

2803731 – ETPRO TROJAN Win32/Obfuscator.XZ User-Agent (myInternet) (trojan.rules)

2803739 – ETPRO TROJAN Backdoor.Win32.Shiz.ufj Checkin (trojan.rules)

2803752 – ETPRO TROJAN Backdoor.Win32.Caphaw.A Checkin 1 (trojan.rules)

2803757 – ETPRO TROJAN Trojan.Win32.Rallovs.A Checkin (trojan.rules)

2803768 – ETPRO TROJAN Worm.Win32.Cridex.B Checkin (trojan.rules)

2803781 – ETPRO TROJAN Trojan-Spy.W32/Banker.JGT Checkin – SET (trojan.rules)

2803788 – ETPRO TROJAN Backdoor.Win32.Proxyier.k Checkin (trojan.rules)

2803794 – ETPRO TROJAN Trojan.Win32.OddJob.A Checkin 3 (trojan.rules)

2803814 – ETPRO TROJAN ZEUS Retrieving configuration file (trojan.rules)

2803859 – ETPRO TROJAN Backdoor.Win32.Wuca Checkin (trojan.rules)

2803865 – ETPRO TROJAN Trojan.Generic.6643598 Checkin (trojan.rules)

2803885 – ETPRO TROJAN Win32/Calelk.C User-Agent (Informer) (trojan.rules)

2803891 – ETPRO TROJAN TrojanSpy.Win32/Banker.AAX Checkin (trojan.rules)

2803902 – ETPRO TROJAN Win32.Virut.ce Checkin (trojan.rules)

2803905 – ETPRO TROJAN Win32/Sefnit.Z Checkin (trojan.rules)

2803928 – ETPRO TROJAN Backdoor/Ruskill.ce Joining IRC Channel (trojan.rules)

2803944 – ETPRO TROJAN Trojan-Spy.Win32.Zbot.ckdx Checkin (trojan.rules)

2803950 – ETPRO TROJAN Trojan.Win32.Jorik.IRCbot.ddj Joining IRC channel – SET (trojan.rules)

2803951 – ETPRO TROJAN Trojan.Win32.Jorik.IRCbot.ddj Joining IRC channel (trojan.rules)

 

 

[///]    Modified inactive rules:    [///]

 

2803494 – ETPRO TROJAN Common Downloader POST Header Pattern POST ACtHUCo data= (trojan.rules)

 

 

[---]         Removed rules:         [---]

 

2013727 – ET TROJAN W32/iGrabber Info Stealer FTP Upload (trojan.rules)

2014404 – ET TROJAN W32/Bifrose.Backdoor Checkin Attempt via Facebook (trojan.rules)