[***] Summary: [***]

18 new Open signatures, 29 new Pro. More CVE-2014-6271, Dyre, Various Android, Nucom ADSL Cred disclosure, ZyXEL Cred disclosure.

Thanks: Livio Ricciulli,Packet Hack, @kafeine, @jaimeblascob, @abuse_ch.

[+++] Added rules: [+++]

Open:

2019242 - ET TROJAN Linux/DDoS.M distributed via CVE-2014-6271 Checkin (trojan.rules)
2019274 - ET CURRENT_EVENTS Possible Dyre SSL Cert Sept 26 2014 (current_events.rules)
2019275 - ET CURRENT_EVENTS Possible Dyre SSL Cert Sept 26 2014 (current_events.rules)
2019276 - ET CURRENT_EVENTS Possible Dyre SSL Cert Sept 26 2014 (current_events.rules)
2019277 - ET CURRENT_EVENTS Possible Upatre SSL Cert santa.my (current_events.rules)
2019278 - ET CURRENT_EVENTS Possible Upatre SSL Cert glynwedasia.com (current_events.rules)
2019279 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC) (trojan.rules)
2019280 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC) (trojan.rules)
2019281 - ET TROJAN BlackEnergy v2 POST Request (trojan.rules)
2019282 - ET CURRENT_EVENTS BlackEnergy Possbile SSL Cert Sept 26 2014 (current_events.rules)
2019283 - ET TROJAN BlackEnergy POST Request (trojan.rules)
2019284 - ET ATTACK_RESPONSE Output of id command from HTTP server (attack_response.rules)
2019285 - ET WEB_SERVER Possible bash shell piped to dev tcp Inbound to WebServer (web_server.rules)
2019286 - ET TROJAN Job314 EK Payload Checkin (trojan.rules)
2019287 - ET CURRENT_EVENTS DRIVEBY Job314 EK Landing (current_events.rules)
2019288 - ET CURRENT_EVENTS DRIVEBY Possible Job314 EK JAR URI Struct (current_events.rules)
2019289 - ET EXPLOIT Possible CVE-2014-6271 Attempt Against SIP Proxy (exploit.rules)
2019290 - ET EXPLOIT Possible CVE-2014-6271 Attempt Against SIP Proxy (exploit.rules)

Pro:

2808896 - ETPRO EXPLOIT All In One WP Security WordPress Plugin Possible SQL Injection Attempt (exploit.rules)
2808897 - ETPRO MOBILE_MALWARE AndroidOS.Ifacefone.A Checkin (mobile_malware.rules)
2808898 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.v Checkin (mobile_malware.rules)
2808899 - ETPRO TROJAN Win32/Spy.Zbot.ACB SSL Cert (trojan.rules)
2808900 - ETPRO TROJAN Likely Trojan-Ransom.Win32.Foreign.lefc .onion Proxy DNS lookup (trojan.rules)
2808901 - ETPRO POLICY Likely icanhazip.com IP lookup over SSL (policy.rules)
2808902 - ETPRO TROJAN Win32/Rustock.G Checkin (trojan.rules)
2808903 - ETPRO EXPLOIT Nucom ADSL ADSLR5000UN ISP Credential Disclosure Attempt (exploit.rules)
2808904 - ETPRO EXPLOIT ZyXEL Prestig P-660HNU-T1v2 Credential Disclosure Attempt (exploit.rules)
2808905 - ETPRO TROJAN Win32/Xorer.O Checkin (trojan.rules)
2808906 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Maxit.a Checkin (mobile_malware.rules)

[+++] Enabled and modified rules: [+++]

2019244 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 1 (web_server.rules)
2019245 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 2 (web_server.rules)
2019246 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 3 (web_server.rules)
2019247 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 4 (web_server.rules)
2019248 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 5 (web_server.rules)
2019249 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 6 (web_server.rules)
2019250 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 7 (web_server.rules)
2019251 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 8 (web_server.rules)
2019252 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 9 (web_server.rules)
2019253 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 10 (web_server.rules)
2019254 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 11 (web_server.rules)
2019255 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 12 (web_server.rules)
2019256 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 13 (web_server.rules)
2019257 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 14 (web_server.rules)
2019258 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 15 (web_server.rules)
2019259 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 16 (web_server.rules)
2019260 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 17 (web_server.rules)
2019261 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 18 (web_server.rules)
2019262 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 19 (web_server.rules)
2019263 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 20 (web_server.rules)
2019264 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 21 (web_server.rules)
2019265 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 22 (web_server.rules)
2019266 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 23 (web_server.rules)
2019267 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 24 (web_server.rules)
2019268 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 25 (web_server.rules)
2019269 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 26 (web_server.rules)
2019270 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 27 (web_server.rules)
2019271 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 28 (web_server.rules)
2019272 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 29 (web_server.rules)
2019273 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP URLENCODE Generic 30 (web_server.rules)

[///] Modified active rules: [///]

2019181 - ET CURRENT_EVENTS Possible Android CVE-2014-6041 (current_events.rules)
2019243 - ET TROJAN Infostealer.Boleteiro checking stolen boleto payment information (trojan.rules)
2805260 - ETPRO TROJAN Trojan.Win32.Jorik.Yoddos.no Checkin (trojan.rules)
Date: 
Thursday, September 25, 2014 - 22:00