[***] Summary: [***] 22 new Open signatures, 35 new Pro (22 + 13). CVE-2014-6271, POODLE, Hurricane Panda, BlackEnergy. Thanks: Fox-IT, Kevin Ross, Jake Warren, @rmkml and @abuse_ch. [+++] Added rules: [+++] 2019400 - ET TROJAN Possible Bedep Connectivity Check (trojan.rules)
2019401 - ET POLICY Vulnerable Java Version 1.8.x Detected (policy.rules)
2019402 - ET EXPLOIT Possible CVE-2014-6271 malicious DNS response (exploit.rules)
2019403 - ET EXPLOIT Possible CVE-2014-6271 exploit attempt via malicious DNS (exploit.rules)
2019404 - ET DOS Potential Tsunami SYN Flood Denial Of Service Attempt (dos.rules)
2019405 - ET CURRENT_EVENTS SUSPICIOUS PPT Download with Embedded OLE Object (current_events.rules)
2019406 - ET CURRENT_EVENTS SUSPICIOUS SMTP Attachment Inbound PPT attachment with Embedded OLE Object M1 (current_events.rules)
2019407 - ET CURRENT_EVENTS SUSPICIOUS SMTP Attachment Inbound PPT attachment with Embedded OLE Object M2 (current_events.rules)
2019408 - ET CURRENT_EVENTS SUSPICIOUS SMTP Attachment Inbound PPT attachment with Embedded OLE Object M3 (current_events.rules)
2019409 - ET CURRENT_EVENTS SUSPICIOUS SMTP Attachment Inbound PPT attachment with Embedded OLE Object M4 (current_events.rules)
2019410 - ET CURRENT_EVENTS SUSPICIOUS SMTP Attachment Inbound PPT attachment with Embedded OLE Object M5 (current_events.rules)
2019411 - ET CURRENT_EVENTS SUSPICIOUS SMTP Attachment Inbound PPT attachment with Embedded OLE Object M6 (current_events.rules)
2019412 - ET TROJAN W32/BlackEnergy Dirconf CnC Beacon (trojan.rules)
2019413 - ET CURRENT_EVENTS Possible Dyre SSL Cert Oct 15 2014 (current_events.rules)
2019414 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC) (trojan.rules)
2019415 - ET POLICY SSLv3 inbound connection to server vulnerable to POODLE attack (policy.rules)
2019416 - ET POLICY SSLv3 outbound connection from client vulnerable to POODLE attack (policy.rules)
2019417 - ET CURRENT_EVENTS excessive fatal alerts (possible POODLE attack against client) (current_events.rules)
2019418 - ET CURRENT_EVENTS SSL excessive fatal alerts (possible POODLE attack against server) (current_events.rules)
2019419 - ET CURRENT_EVENTS Possible Dyre SSL Cert Oct 15 2014 (current_events.rules)
2019420 - ET WEB_CLIENT Possible CVE-2014-4113 Exploit Download (web_client.rules)
2019421 - ET WEB_CLIENT Possible CVE-2014-4113 Exploit Download with Hurricane Panda IOC (web_client.rules) Pro: 2809001 - ETPRO WEB_CLIENT Possible Local Privilege Escalation Vulnerability methods in executable (CVE-2014-4113) x64 1 (web_client.rules)
2809002 - ETPRO WEB_CLIENT Possible Local Privilege Escalation Vulnerability methods in executable (CVE-2014-4113) x64 2 (web_client.rules)
2809003 - ETPRO EXPLOIT Bosch Security Systems DVR 630/650/670 Exploit Attempt (exploit.rules)
2809004 - ETPRO EXPLOIT Bosch Security Systems DVR 630/650/670 Exploit Attempt 2 (exploit.rules)
2809005 - ETPRO EXPLOIT Bosch Security Systems DVR 630/650/670 Informatioon Disclosure (exploit.rules)
2809006 - ETPRO TROJAN BackDoor.Tishop.2 Checkin (trojan.rules)
2809007 - ETPRO MALWARE PUP.OptimizerPro Checkin (malware.rules)
2809008 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.op Checkin (mobile_malware.rules)
2809009 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Cova.a Checkin (mobile_malware.rules)
2809010 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Zerat.a / DroidJack RAT Checkin (mobile_malware.rules)
2809011 - ETPRO MALWARE PUP.Autostrada Checkin (malware.rules)
2809012 - ETPRO MALWARE PUP.Uniblue Checkin (malware.rules)
2809013 - ETPRO POLICY IP Check wtfismyip.com (policy.rules)
[///] Modified active rules: [///] 2019325 - ET CURRENT_EVENTS Flashpack Redirect Method 3 (current_events.rules)
2019375 - ET CURRENT_EVENTS Possible Sweet Orange redirection Oct 8 2014 (current_events.rules) [///] Modified inactive rules: [///] 2008575 - ET POLICY ASProtect/ASPack Packed Binary (policy.rules)
Date: 
Monday, October 13, 2014 - 23:00