[***] Summary: [***]

10 new Open rules, 17 new Pro (10 + 17). CVE-2014-6271 Bash Vuln, SolarWinds Storage Manager, AutoSMS.BF, Pushdo V3.

Thanks: Jake Warren and @jaimeblascob

[+++] Added rules: [+++]

Open:

2019226 - ET CURRENT_EVENTS DRIVEBY Nuclear EK 2013-3918 (current_events.rules)
2019227 - ET CURRENT_EVENTS Win32/Spy.Zbot.ACB SSL Cert Sept 24 2014 (current_events.rules)
2019228 - ET MALWARE Win32/SoftPulse.H Checkin (malware.rules)
2019229 - ET TROJAN Linux/Yangji.A Checkin (trojan.rules)
2019230 - ET TROJAN Possible Tinba DGA NXDOMAIN Responses (trojan.rules)
2019231 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in URI (web_server.rules)
2019232 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers (web_server.rules)
2019233 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in Client Body (web_server.rules)
2019234 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in Client Body 2 (web_server.rules)
2019235 - ET TROJAN Pushdo v3 Checkin (trojan.rules)

Pro:

2808879 - ETPRO TROJAN Win32/Spy.Banker.AAHF Checkin (trojan.rules)
2808880 - ETPRO EXPLOIT SolarWinds Storage Manager Authentication Bypass (exploit.rules)
2808881 - ETPRO TROJAN Flooder.LYI Checkin (trojan.rules)
2808882 - ETPRO MOBILE_MALWARE Android.Trojan.AutoSMS.BF Checkin (mobile_malware.rules)
2808883 - ETPRO MOBILE_MALWARE Android.Trojan.AutoSMS.BF Checkin 2 (mobile_malware.rules)
2808884 - ETPRO MALWARE PUA.Kuaiba Checkin (malware.rules)
2808885 - ETPRO MOBILE_MALWARE AndroidOS/GGTracker.A Checkin 3 (mobile_malware.rules)

[///] Modified active rules: [///]

2010875 - ET TROJAN Blackenergy Bot Checkin to C&C (2) (trojan.rules)
2018005 - ET TROJAN Possible Upatre Downloader SSL certificate (fake org) (trojan.rules)
2018789 - ET POLICY TLS possible TOR SSL traffic (policy.rules)
2019078 - ET CURRENT_EVENTS DRIVEBY Nuclear EK Landing Aug 27 2014 (current_events.rules)
2019204 - ET TROJAN Backdoor.Win32.PcClient.bal CnC (OUTBOUND) (trojan.rules)
2805870 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Placms.F Checkin (mobile_malware.rules)
2806161 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.i Checkin (mobile_malware.rules)
2807793 - ETPRO TROJAN Win32/Rootkit.BlackEnergy.AG Checkin (trojan.rules)
2808505 - ETPRO TROJAN Autoit.LOX Checkin (trojan.rules)

[---] Removed rules: [---]

2015629 - ET TROJAN Cridex Response from exfiltrated data upload (trojan.rules)
2018327 - ET SCAN JCE Joomla Extension User-Agent (BOT) (scan.rules)
2807988 - ETPRO TROJAN Win32/Spy.Agent.OIA Checkin 2 (trojan.rules)
2808434 - ETPRO MALWARE Win32/SoftPulse.H Checkin (malware.rules)
Date: 
Tuesday, September 23, 2014 - 22:00