[***] Summary: [***] 10 new Open signatures, 15 new Pro (10 + 5). Abuse.ch SSL blacklist, iOS/Xsser, Trojan/Banker.Agent.bof, Win32.Slenfbot. Thanks: Patrick Olsen, Jake Warren, James Lay, Stephane Chazelas, @abuse_ch, @jaimeblascob and @rmkml. [+++] Added rules: [+++] Open: 2019326 - ET TROJAN Likely Bot Nick in IRC (Country Code ISO 3166-1 alpha-2 (trojan.rules)
2019327 - ET TROJAN Likely Bot Nick in IRC (Country Code ISO 3166-1 alpha-3 (trojan.rules)
2019328 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2) (trojan.rules)
2019329 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2) (trojan.rules)
2019330 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (UPATRE CnC) (trojan.rules)
2019331 - ET MOBILE_MALWARE iOS/Xsser Checkin (mobile_malware.rules)
2019332 - ET MOBILE_MALWARE iOS/Xsser sending GPS info (mobile_malware.rules)
2019333 - ET MOBILE_MALWARE iOS/Xsser sending files (mobile_malware.rules)
2019334 - ET MOBILE_MALWARE iOS/Xsser checking library version (mobile_malware.rules)
2019335 - ET EXPLOIT Possible Pure-FTPd CVE-2014-6271 attempt (exploit.rules) Pro: 2808923 - ETPRO TROJAN Worm.Win32.Slenfbot.G Checkin 4 (trojan.rules)
2808924 - ETPRO POLICY IP Check myexternalip.com (policy.rules)
2808925 - ETPRO TROJAN Win32/Microjoin.gen!C Checkin (trojan.rules)
2808926 - ETPRO TROJAN Trojan.Win32.LaSta Checkin (trojan.rules)
2808927 - ETPRO TROJAN Trojan/Banker.Agent.bof Checkin 2 (trojan.rules)
[///] Modified active rules: [///] 2000418 - ET POLICY Executable and linking format (ELF) file download (policy.rules)
2014726 - ET POLICY Outdated Windows Flash Version IE (policy.rules)
2016016 - ET DOS DNS Amplification Attack Inbound (dos.rules)
2018465 - ET TROJAN Possible Backdoor.Adwind Download 2 (trojan.rules)
2019231 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in URI (web_server.rules)
2019232 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers (web_server.rules)
2019233 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in Client Body (web_server.rules)
2019236 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Version Number (web_server.rules)
2019237 - ET EXPLOIT Possible CVE-2014-6271 exploit attempt via malicious DHCP ACK (exploit.rules)
2019239 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie (web_server.rules)
2019240 - ET POLICY Executable and linking format (ELF) file download Over HTTP (policy.rules)
2019241 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in Client Body 3 (web_server.rules)
2019289 - ET EXPLOIT Possible CVE-2014-6271 Attempt Against SIP Proxy (exploit.rules)
2019290 - ET EXPLOIT Possible CVE-2014-6271 Attempt Against SIP Proxy (exploit.rules)
2019293 - ET EXPLOIT Possible Qmail CVE-2014-6271 Mail From attempt (exploit.rules)
2019322 - ET EXPLOIT Possible OpenVPN CVE-2014-6271 attempt (exploit.rules)
2019323 - ET EXPLOIT Possible OpenVPN CVE-2014-6271 attempt (exploit.rules)
2805880 - ETPRO MOBILE_MALWARE Android/Adware.Kuguo.A Checkin (mobile_malware.rules)
2806750 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Fakengry.b Checkin (mobile_malware.rules)
2807849 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.AAE Checkin (mobile_malware.rules)
Date: 
Tuesday, September 30, 2014 - 22:00