Three new rule categories were introduced yesterday (Tuesday, 13th July 2010) in SEU 348 and into the VRT Certified Rule packages. Categories are augmented by our automated malware analysis systems, spam traps, honeynets, and additional external data feeds. For the phishing/spam rules, you may wish to consider enabling them in blocking mode, to help prevent these malicious emails from coming into your network in the first place. The rules look for DNS queries for known-malicious domains and common URL patterns observed inside of our malware sandbox, not necessarily associated with a command and control channel.”]
Source: https://blog.talosintelligence.com/2010/07/new-rule-categories.html