[Community-sigs] Alureon / Zegost

Douglas Goddard dgoddard at sourcefire.com
Wed Jun 18 10:55:50 EDT 2014


These signatures were added as:

Win.Rootkit.ZegostBoot
Win.Rootkit.ZegostBoot-1
Win.Rootkit.AlureonBoot

They will be published later today or tomorrow, once they have pass FP scan.

Thanks again, we really appreciate the signatures!



On Tue, Jun 17, 2014 at 6:44 PM, Andy Singer <andy at orbitech.org> wrote:

> Here are some updated signatures to detect an infected MBR. I uploaded the
> samples I used, the SHA 256 for the archive (Boot.7z) is
> 3287A03E4FA9EC7F60D05C1349BD5B86658C9B33B309E0F7C182874B991C8327
>
>
> Boot.Zegost:0:*:EB01906800080768C0071F{-6}B90002BE00{-16}FCF3A4CB00000000000000000000000000000000{-4}8CC88ED88EC0
>
> Boot.Zegost-1:0:*:FA3?DB8ED3368926FE7BBCFE7B1E6660????????1304{-8}C1E0068EC0{-4}BE007C3?FFB90001F3A5
> Boot.Alureon:0:*:33C08ED0{7}BE007CBF0006B90002FCF3A450681C06CBFB60B9??01BD
> _______________________________________________
> Community-sigs mailing list
> Community-sigs at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs
>



More information about the Community-sigs mailing list