[***] Summary: [***]
6 New Open rules. 13 new Pro rules (6/7). Medfos, Nuclear, UAC Disable in Jar, etc.
[+++] Added rules: [+++]
Open:
2016800 – ET TROJAN Medfos Connectivity Check (trojan.rules)
2016801 – ET CURRENT_EVENTS Nuclear landing with obfuscated plugindetect Apr 29 2013 (current_events.rules)
2016802 – ET INFO myobfuscate.com Encoded Script Calling home (info.rules)
2016803 – ET TROJAN Known Sinkhole Response Header (trojan.rules)
2016804 – ET CURRENT_EVENTS Unknown_MM – Java Exploit – jreg.jar (current_events.rules)
2016805 – ET CURRENT_EVENTS Unknown EK UAC Disable in Uncompressed JAR (current_events.rules)
Pro:
2806305 – ETPRO TROJAN Trojan-PSW.Reedum FTP login (trojan.rules)
2806306 – ETPRO TROJAN Trojan-PSW.Reedum FTP long Port (LPRT) (trojan.rules)
2806307 – ETPRO TROJAN Win32/Depyot.B Checkin (trojan.rules)
2806308 – ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.a Checkin (mobile_malware.rules)
2806309 – ETPRO TROJAN Win32/Injector.Autoit.IN Checkin (trojan.rules)
2806310 – ETPRO TROJAN Trojan-Spy.Win32.Carberp.jew Checkin (trojan.rules)
2806311 – ETPRO TROJAN Win32/Refeys.A Checkin (trojan.rules)
[///] Modified active rules: [///]
2008975 – ET TROJAN Suspicious Malformed Double Accept Header (trojan.rules)
2015000 – ET CURRENT_EVENTS NuclearPack Java exploit binary get request (current_events.rules)