[***] Summary: [***]

9 new Open rules. 12 new Pro (9/3) BITTERBUG, Dyre, BrowseFox, STUN, etc. Tks Nathan Folwer, @abuse_ch

[+++] Added rules: [+++]

Open:

2018899 - ET MALWARE Win32/BrowseFox.H Checkin 2 (malware.rules)
2018900 - ET TROJAN BITTERBUG Checkin (trojan.rules)
2018901 - ET TROJAN BITTERBUG Checkin 2 (trojan.rules)
2018902 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (KINS C2) (trojan.rules)
2018903 - ET TROJAN Dyre SSL Self-Signed Cert Aug 06 2014 (trojan.rules)
2018904 - ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag false) (info.rules)
2018905 - ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag true) (info.rules)
2018906 - ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag true change port flag false) (info.rules)
2018907 - ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag true change port flag true) (info.rules)

Pro:

2808516 - ETPRO MOBILE_MALWARE SMSPay.D Checkin (mobile_malware.rules)
2808517 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.MisoSMS.a Response SET (mobile_malware.rules)
2808518 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.MisoSMS.a Response (mobile_malware.rules)

[///] Modified active rules: [///]

Open:

2015556 - ET WEB_CLIENT Potential MSXML2.DOMDocument ActiveXObject Uninitialized Memory Corruption Attempt (web_client.rules)

Pro:

2806155 - ETPRO TROJAN Worm.Win32.Vobfus Checkin 3 (trojan.rules)
2808012 - ETPRO TROJAN Win32/Tofsee.AX google.com connectivity check (trojan.rules)
2808395 - ETPRO TROJAN Win32/Rovnix.H checkin (trojan.rules)

[---] Disabled and modified rules: [---]

Open:

2001058 - ET EXPLOIT libpng tRNS overflow attempt (exploit.rules)
2012134 - ET ACTIVEX SigPlus Pro 3.74 ActiveX LCDWriteString Method Remote Buffer Overflow (activex.rules)
2017169 - ET CURRENT_EVENTS FlimKit Landing 07/22/13 2 (current_events.rules)
2017346 - ET CURRENT_EVENTS Blackhole/Cool obfuscated plugindetect in charcodes w/o sep Jul 10 2013 (current_events.rules)
2017463 - ET WEB_CLIENT MS13-055 CAnchorElement Use-After-Free (web_client.rules)
2017474 - ET CURRENT_EVENTS CoolEK Variant Landing Page - Applet Sep 16 2013 (current_events.rules)
2017487 - ET CURRENT_EVENTS Unknown EK Using Office/.Net ROP/ASLR Bypass (current_events.rules)

Pro:

2806355 - ETPRO WEB_CLIENT Microsoft Internet Explorer cross-domain JSON file content disclosure (web_client.rules)
2806356 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use-After-Free (web_client.rules)
2806487 - ETPRO WEB_CLIENT Interent Explorer Use-After-Free CVE-2013-3120 (web_client.rules)
2806491 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use-After-Free (web_client.rules)
2807203 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use-After-Free (CVE-2013-3871) 3 (web_client.rules)
2807642 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0271) (web_client.rules)
2807660 - ETPRO WEB_CLIENT Possible Microsoft Internet Explorer Use After free (CVE-2014-0289) (web_client.rules)
2807924 - ETPRO CURRENT_EVENTS DRIVEBY Goon/Infinity EK Landing Apr 02 2014 (current_events.rules)
2808151 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-1800) (web_client.rules)

[---] Removed rules: [---]

2808461 - ETPRO MALWARE Win32/BrowseFox.H Checkin 2 (malware.rules)
Date: 
Tuesday, August 5, 2014 - 22:00