[***] Summary: [***] 16 New Open signatures, 26 new Pro (16+10). Dyre SSL, Win32/Zemot, Parallels Plesk Sitebuilder vulnerability. Thanks, Kevin Ross, @EKwatcher and @abuse_ch. [+++] Added rules: [+++] Open: 2019508 - ET TROJAN DNS Reply Sinkhole - IP - 161.69.13.44 (trojan.rules)
2019509 - ET TROJAN JST Perl IrcBot download (trojan.rules)
2019510 - ET MOBILE_MALWARE Android/Koler.C Checkin (mobile_malware.rules)
2019511 - ET MALWARE Adware.InstallCore.B Checkin (malware.rules)
2019512 - ET POLICY Possible IP Check api.ipify.org (policy.rules)
2019513 - ET CURRENT_EVENTS Angler EK Flash Exploit URI Struct (current_events.rules)
2019514 - ET CURRENT_EVENTS Angler EK Java Exploit URI Struct (current_events.rules)
2019515 - ET TROJAN W32/Siggen.Dropper CnC Beacon (trojan.rules)
2019516 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Backoff CnC) (trojan.rules)
2019517 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC) (trojan.rules)
2019518 - ET TROJAN Win32/Chanitor.A Domain in SNI (trojan.rules)
2019519 - ET TROJAN Win32/Chanitor.A DNS Lookup (trojan.rules)
2019520 - ET CURRENT_EVENTS Possible Dyre SSL Cert Oct 27 2014 (current_events.rules)
2019521 - ET CURRENT_EVENTS Possible Dyre SSL Cert Oct 27 2014 (current_events.rules)
2019522 - ET CURRENT_EVENTS Possible Dyre SSL Cert Oct 27 2014 (current_events.rules)
2019523 - ET CURRENT_EVENTS Possible Dyre SSL Cert Oct 27 2014 (current_events.rules) Pro: 2809069 - ETPRO TROJAN Backdoor.Aladino Checkin (trojan.rules)
2809071 - ETPRO TROJAN Win32.Sysn.anpg Checkin (trojan.rules)
2809072 - ETPRO TROJAN Win32.RShot Checkin (trojan.rules)
2809073 - ETPRO WEB_SPECIFIC_APPS HttpCombiner ASP.NET Remote File Disclosure Request (web_specific_apps.rules)
2809074 - ETPRO TROJAN WIN32.AGENT.AGLKL Checkin (trojan.rules)
2809075 - ETPRO WEB_SPECIFIC_APPS vBulletin Verify Email SQL Injection (web_specific_apps.rules)
2809076 - ETPRO WEB_SPECIFIC_APPS vBulletin Verify Email SQL Injection (web_specific_apps.rules)
2809077 - ETPRO TROJAN JST Perl IrcBot v3.0 HTTP GET Request (trojan.rules)
2809078 - ETPRO WEB_SPECIFIC_APPS Parallels Plesk Sitebuilder File Download Vulnerability (web_specific_apps.rules)
2809079 - ETPRO TROJAN Win32/Zemot Requesting PE (trojan.rules)
[///] Modified active rules: [///] 2019418 - ET CURRENT_EVENTS SSL excessive fatal alerts (possible POODLE attack against server) (current_events.rules)
2809025 - ETPRO TROJAN Win32/Agent.WMI Checkin (trojan.rules)
[///] Modified inactive rules: [///] 2019417 - ET CURRENT_EVENTS excessive fatal alerts (possible POODLE attack against client) (current_events.rules)
[---] Removed rules: [---] 2805768 - ETPRO TROJAN Win32/Spy.KeyLogger.OLD Checkin (trojan.rules)
2808369 - ETPRO MALWARE Adware.InstallCore.B Checkin (malware.rules)
2808538 - ETPRO MOBILE_MALWARE Android/Koler.C Checkin (mobile_malware.rules)
Date: 
Sunday, October 26, 2014 - 22:00