[***] Summary: [***] 14 new Open signatures, 17 new Pro (14 + 3). BlackEnergy, Win32/Zemot, Spy.KeyLogger. Thanks: Jake Warren, James Lay, Kevin Ross and @abuse_ch. [+++] Added rules: [+++] Open: 2019457 - ET TROJAN Vawtrak/NeverQuest Posting Data (trojan.rules)
2019458 - ET TROJAN Win32/Zemot URI Struct (trojan.rules)
2019459 - ET TROJAN Win32/Zemot Requesting PE (trojan.rules)
2019460 - ET WEB_SERVER MongoDB Negated Parameter Server Side JavaScript Injection Attempt (web_server.rules)
2019461 - ET CURRENT_EVENTS BlackEnergy URI Struct Oct 17 2014 BE1 (current_events.rules)
2019462 - ET CURRENT_EVENTS BlackEnergy URI Struct Oct 17 2014 BE2 (current_events.rules)
2019463 - ET CURRENT_EVENTS BlackEnergy URI Struct Oct 17 2014 BE3 (current_events.rules)
2019464 - ET CURRENT_EVENTS BlackEnergy URI Struct Oct 17 2014 BE4 (current_events.rules)
2019465 - ET CURRENT_EVENTS BlackEnergy URI Struct Oct 17 2014 BE5 (current_events.rules)
2019466 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC) (trojan.rules)
2019467 - ET TROJAN Win32/Spy.KeyLogger.ODN Checkin (trojan.rules)
2019468 - ET TROJAN Win32/Spy.KeyLogger.ODN Exfiltrating Data (trojan.rules)
2019469 - ET TROJAN Deputy Dog checkin (trojan.rules)
2019470 - ET CURRENT_EVENTS Win32/Zbot SSL Cert Oct 17 2014 (current_events.rules) Pro: 2809016 - ETPRO TROJAN Win32.Cosmu (trojan.rules)
2809017 - ETPRO TROJAN Win32.Pasta Variant Checkin (trojan.rules)
2809018 - ETPRO TROJAN W32/Cryrar CnC (trojan.rules)
[///] Modified active rules: [///] 2018052 - ET CURRENT_EVENTS Zbot Generic URI/Header Struct .bin (current_events.rules)
2018995 - ET CURRENT_EVENTS Archie EK CVE-2014-0515 Aug 24 2014 (current_events.rules)
2018996 - ET CURRENT_EVENTS Archie EK CVE-2014-0497 Aug 24 2014 (current_events.rules)
2019097 - ET CURRENT_EVENTS Archie EK SilverLight URI Struct (current_events.rules)
2019416 - ET POLICY SSLv3 outbound connection from client vulnerable to POODLE attack (policy.rules)
2019418 - ET CURRENT_EVENTS SSL excessive fatal alerts (possible POODLE attack against server) (current_events.rules)
2805900 - ETPRO MOBILE_MALWARE Android/Ksapp.A Checkin 2 (mobile_malware.rules)
[---] Disabled and modified rules: [---] 2019325 - ET CURRENT_EVENTS Flashpack Redirect Method 3 (current_events.rules)
[---] Removed rules: [---] 2018450 - ET TROJAN Potential Selfint C2 traffic (from client) (trojan.rules)
Date: 
Thursday, October 16, 2014 - 22:00