[***] Summary: [***] 5 new open signatures, 11 new Pro (5+6). Fiesta, Destrukor, Swisyn.dcit. Thanks: Nathan Fowler. [+++] Added rules: [+++] Open: 2018407 - ET CURRENT_EVENTS Fiesta URI Struct (current_events.rules)
2018408 - ET CURRENT_EVENTS Fiesta PDF Exploit Download (current_events.rules)
2018409 - ET CURRENT_EVENTS Fiesta SilverLight Exploit Download (current_events.rules)
2018410 - ET CURRENT_EVENTS Fiesta Flash Exploit Download (current_events.rules)
2018411 - ET CURRENT_EVENTS Fiesta Flash Exploit Download (current_events.rules) Pro: 2807973 - ETPRO TROJAN Trojan-Ransom.Win32.Blocker.eemn Checkin (trojan.rules)
2807974 - ETPRO TROJAN Unknown Trojan Checkin (trojan.rules)
2807975 - ETPRO TROJAN Trojan.DownLoader9.54232 Checkin (trojan.rules)
2807976 - ETPRO TROJAN Trojan.Win32.Swisyn.dcit Checkin (trojan.rules)
2807977 - ETPRO TROJAN Backdoor.Win32.Destrukor.20 Checkin 2 (trojan.rules)
2807978 - ETPRO TROJAN Backdoor.Win32.Destrukor.20 Checkin via SMTP (trojan.rules)
[///] Modified active rules: [///] 2013094 - ET CURRENT_EVENTS Phoenix/Fiesta URI Requested Contains /? and hex (current_events.rules)
2018382 - ET CURRENT_EVENTS Possible OpenSSL HeartBleed Large HeartBeat Response from Common SSL Port (Outbound from Server) (current_events.rules)
2018383 - ET CURRENT_EVENTS Possible OpenSSL HeartBleed Large HeartBeat Response from Common SSL Port (Outbound from Client) (current_events.rules)
2800000 - ETPRO WEB_SERVER Microsoft IIS ISAPI Heap Overflow (web_server.rules)
2804426 - ETPRO WEB_CLIENT Microsoft Windows midiOutPlayNextPolyEvent Heap Overflow 1 (web_client.rules)
2804427 - ETPRO WEB_CLIENT Microsoft Windows midiOutPlayNextPolyEvent Heap Overflow 2 (web_client.rules)
2804428 - ETPRO WEB_CLIENT Microsoft Windows midiOutPlayNextPolyEvent Heap Overflow 3 (web_client.rules)
2806920 - ETPRO TROJAN Trojan.Rontokbro Checkin (trojan.rules)
2807970 - ETPRO TROJAN Win32/Neurevt.A Checkin 3 (trojan.rules)
[---] Removed rules: [---] 2802049 - ETPRO TROJAN Backdoor.Win32.Sbtob.A Checkin (trojan.rules)

 

Date: 
Monday, April 21, 2014 - 22:00