[***] Summary: [***] 13 New Open rules, 29 new Pro (13/16). Asprox, JoomSocial vuln, TecSystems PE Download. Thanks to Kevin Ross and Jamie Blasco for their contributions. Support for snort 2.4.x signatures officially ends tomorrow. We will not be publishing new rules for Snort 2.4 going forward. Today is the last day new Snort 2.4 rules will be published. [+++] Added rules: [+++] Open: 2018095 - ET MALWARE Potentially Unwanted Application AirInstaller (malware.rules)
2018096 - ET TROJAN W32/Asprox.ClickFraudBot CnC Beacon (trojan.rules)
2018097 - ET TROJAN W32/Asprox.ClickFraudBot CnC Beacon Acknowledgement (trojan.rules)
2018098 - ET TROJAN W32/Asprox.ClickFraudBot POST CnC Beacon (trojan.rules)
2018099 - ET MALWARE W32/Safekeeper.Adware CnC Beacon (malware.rules)
2018100 - ET TROJAN W32/Rshot.Backdoor File Upload CnC Beacon (trojan.rules)
2018101 - ET TROJAN W32/Dinwod.Dropper CnC Beacon (trojan.rules)
2018102 - ET TROJAN W32/Woai.Dropper Config Request (trojan.rules)
2018103 - ET CURRENT_EVENTS TecSystems (Possible Mask) Signed PE EXE Download (current_events.rules)
2018104 - ET CURRENT_EVENTS EXE Accessing Kapersky System Driver (Possible Mask) (current_events.rules)
2018105 - ET TROJAN Possible Mask C2 Traffic (trojan.rules)
2018106 - ET CURRENT_EVENTS Suspicious Jar name JavaUpdate.jar (current_events.rules)
2018107 - ET WEB_SPECIFIC_APPS JoomSocial AvatarUpload RCE (web_specific_apps.rules) Pro: 2807624 - ETPRO TROJAN Backdoor.Win32/Banito CnC (OUTBOUND) (trojan.rules)
2807625 - ETPRO TROJAN Win32/Hupigon.ZAH CnC (OUTBOUND) (trojan.rules)
2807626 - ETPRO TROJAN Backdoor.Win32.PcClient.bal CnC (OUTBOUND) (trojan.rules)
2807627 - ETPRO TROJAN Backdoor.Win32.Ceckno CnC (OUTBOUND) (trojan.rules)
2807628 - ETPRO TROJAN Trojan.Win32.Invader Checkin (trojan.rules)
2807629 - ETPRO TROJAN Unknown Trojan Checkin (trojan.rules)
2807630 - ETPRO TROJAN TrojanDropper.Agent.cgsc Checkin (trojan.rules)
2807631 - ETPRO TROJAN Trojan-Downloader.Banload Checkin 2 (trojan.rules)
2807632 - ETPRO CURRENT_EVENTS Smarter Mail Domain Admin Priv Escalation (current_events.rules)
2807633 - ETPRO TROJAN Trojan-Downloader.Win32.Genome.dxlw Checkin (trojan.rules)
2807634 - ETPRO MALWARE Trojan-Downloader/Spyware User-Agent (adfsgecoiwnf) (malware.rules)
2807635 - ETPRO TROJAN Trojan/Win32.Qhost Checkin (trojan.rules)
2807636 - ETPRO TROJAN Trojan-Banker.Win32.Agent.ree Checkin (trojan.rules)
2807637 - ETPRO TROJAN Win32.Androm.atfw Checkin (trojan.rules)
2807638 - ETPRO TROJAN Win32.Androm.atfw (trojan.rules)
2807639 - ETPRO TROJAN TrojanClicker.Win32.Hatigh.C (trojan.rules)
[///] Modified active rules: [///] 2017817 - ET CURRENT_EVENTS Sweet Orange Landing Page Dec 09 2013 (current_events.rules)
2018077 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 25 (trojan.rules)
2806546 - ETPRO TROJAN W32/Zbot.AOV!tr Checkin (trojan.rules)
2807024 - ETPRO TROJAN Wauchos.la/Andromeda/Balbatun.9713 Checkin (trojan.rules)
2807580 - ETPRO TROJAN Backdoor.Win32/Hupigon.FI Checkin 2 (trojan.rules)
[---] Removed rules: [---] 2807172 - ETPRO MALWARE Potentially Unwanted Application AirInstaller Install (malware.rules)
2807463 - ETPRO MALWARE Potentially Unwanted Application AirInstaller (malware.rules)
2807598 - ETPRO TROJAN Trojan-Dropper.Win32.Injector.ijtz Checkin (trojan.rules)
2807602 - ETPRO TROJAN Unknown Trojan Checkin (trojan.rules)
Date: 
Sunday, February 9, 2014 - 22:00