[***] Summary: [***]

27 new Open signatures, 34 new Pro (27+7). ShellshockCampaign, Sourtoff, Job314 EK.

Thanks: Markus Manzke, rmkml, @EKwatcher, @abuse_ch and @kafeine.

[+++] Added rules: [+++]

Open:

2019291 - ET WEB_SERVER CVE-2014-6271 Attempt In HTTP Headers Line Continuation Evasion LF (web_server.rules)
2019292 - ET WEB_SERVER CVE-2014-6271 Attempt In HTTP Headers Line Continuation Evasion CRLF (web_server.rules)
2019293 - ET EXPLOIT Possible Qmail CVE-2014-6271 Mail From attempt (exploit.rules)
2019294 - ET TROJAN Linux/ShellshockCampaign.DDOSBot Reporting IP (trojan.rules)
2019295 - ET TROJAN Linux/ShellshockCampaign.DDOSBot Get Bot IP CnC Server Message (trojan.rules)
2019296 - ET TROJAN Linux/ShellshockCampaign.DDOSBot Ping CnC Server Message (trojan.rules)
2019297 - ET TROJAN Linux/ShellshockCampaign.DDOSBot Scanner CnC Server Message (trojan.rules)
2019298 - ET TROJAN Linux/ShellshockCampaign.DDOSBot Execute Shell Command CnC Server Message (trojan.rules)
2019299 - ET TROJAN Linux/ShellshockCampaign.DDOSBot Random Byte Flood CnC Server Message (trojan.rules)
2019300 - ET TROJAN Linux/ShellshockCampaign.DDOSBot UDP Flood CnC Server Message (trojan.rules)
2019301 - ET TROJAN Linux/ShellshockCampaign.DDOSBot TCP Flood CnC Server Message (trojan.rules)
2019302 - ET TROJAN Linux/ShellshockCampaign.DDOSBot HOLD TCP Flood CnC Server Message (trojan.rules)
2019303 - ET TROJAN Linux/ShellshockCampaign.DDOSBot Kill Attack CnC Server Message (trojan.rules)
2019304 - ET TROJAN Linux/ShellshockCampaign.DDOSBot Terminate Process CnC Server Message (trojan.rules)
2019305 - ET TROJAN Dyre SSL Cert 1 (trojan.rules)
2019306 - ET TROJAN Dyre SSL Cert 2 (trojan.rules)
2019307 - ET TROJAN Dyre SSL Cert 3 (trojan.rules)
2019308 - ET WEB_SERVER CURL Command Specifying Output in HTTP Headers (web_server.rules)
2019309 - ET WEB_SERVER WGET Command Specifying Output in HTTP Headers (web_server.rules)
2019310 - ET WEB_SERVER WGET Command Specifying Output in HTTP Headers (web_server.rules)
2019311 - ET CURRENT_EVENTS Upatre redirector GET Sept 29 2014 (current_events.rules)
2019312 - ET TROJAN Sourtoff Download Simda Request (trojan.rules)
2019313 - ET TROJAN Sourtoff Receiving Simda Payload (trojan.rules)
2019314 - ET WEB_SERVER Possible bash shell piped to dev udp Inbound to WebServer (web_server.rules)
2019315 - ET CURRENT_EVENTS DRIVEBY Nuclear EK Landing Sep 29 2014 (current_events.rules)
2019316 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (KINS CnC) (trojan.rules)
2019317 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (UPATRE CnC) (trojan.rules)

Pro:

2808907 - ETPRO MALWARE W32.HfsAutoB Checkin (malware.rules)
2808908 - ETPRO MALWARE Win32.Adware.Bho.Szux Checkin (malware.rules)
2808909 - ETPRO TROJAN W32/Virtumonde.OQ HTTP Client Headers (trojan.rules)
2808910 - ETPRO TROJAN Trojan-Spy.MSIL.KeyLogger.babx Checkin (trojan.rules)
2808911 - ETPRO MOBILE_MALWARE Android.Riskware.SMSReg.O Leaking Private Information (mobile_malware.rules)
2808912 - ETPRO TROJAN Win32/Hyteod Checkin (trojan.rules)
2808914 - ETPRO TROJAN Win32/Banker-LAR Dropping Files (trojan.rules)

[///] Modified active rules: [///]

2017135 - ET CURRENT_EVENTS PHISH Remax - function Validate (current_events.rules)
2018194 - ET MALWARE Adware.iBryte.B Install (malware.rules)
2019282 - ET CURRENT_EVENTS BlackEnergy Possible SSL Cert Sept 26 2014 (current_events.rules)
2019285 - ET WEB_SERVER Possible bash shell piped to dev tcp Inbound to WebServer (web_server.rules)
2019287 - ET CURRENT_EVENTS DRIVEBY Job314 EK Landing (current_events.rules)
2804505 - ETPRO MALWARE Riskware/Cheathappens Checkin (malware.rules)
2808881 - ETPRO TROJAN Flooder.LYI Checkin (trojan.rules)

[---] Removed rules: [---]

2808745 - ETPRO TROJAN Win32/Battdil.B SSL Cert 1 (trojan.rules)
2808746 - ETPRO TROJAN Win32/Battdil.B SSL Cert 2 (trojan.rules)
2808749 - ETPRO TROJAN Win32/Battdil.B SSL Cert 3 (trojan.rules)  
Date: 
Sunday, September 28, 2014 - 22:00