Just added a rule for a new trojan presumably called LOI...
I was a bit suspicious about this report at first (it's April 1st after all), but just confirmed on a sandbox myself that it is real.. exploits an IE/mplayer vuln or something.
Code: Select all
spamfilter {
regex ".*(http://jokes\.clubdepeche\.com|http://horny\.69sexy\.net|http://private\.a123sdsdssddddgfg\.com).*";
target private;
action block;
reason "Infected by LOI trojan"; /* Name is still unsure */
};