[***] Summary: [***]

9 new Open signatures, 17 new Pro (9 + 8). Win32.Iroffer, Abuse.CH SSL cert blacklist, Win32.Korplug.

Thanks: Mike Worth, Nathan Fowler, @rmkml, @abuse_ch

[+++] Added rules: [+++]

Open:

2019708 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC) (trojan.rules)
2019709 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC) (trojan.rules)
2019710 - ET TROJAN VBS/Autorun.J Checkin (trojan.rules)
2019711 - ET TROJAN W32Autorun.worm.aaeh Checkin (trojan.rules)
2019712 - ET TROJAN W32/Keylogger.CI Checkin (trojan.rules)
2019713 - ET TROJAN Possible Asprox Pizza (trojan.rules)
2019714 - ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile (current_events.rules)
2019715 - ET WEB_CLIENT Possible Internet Explorer VBscript failure to handle error case information disclosure obfuscated CVE-2014-6332 (web_client.rules)
2019716 - ET TROJAN Windows executable base64 encoded in XML (trojan.rules)

Pro:

2809200 - ETPRO TROJAN Backdoor.Win32.Iroffer Checkin via IRC (trojan.rules)
2809201 - ETPRO USER_AGENTS Conduit Toolbar COMMLAYER User Agent (user_agents.rules)
2809202 - ETPRO TROJAN Win32.Korplug Checkin (trojan.rules)
2809203 - ETPRO TROJAN Rogue.Win32/FakePlus Checkin (trojan.rules)
2809204 - ETPRO TROJAN Win32.Trojan.Win32.TravNet HTTP Checkin (trojan.rules)
2809205 - ETPRO TROJAN Win32.Trojan.Win32/Agent.QRI (Korplug Related) Checkin (trojan.rules)
2809206 - ETPRO TROJAN FakeMS.abms Checkin (trojan.rules)
2809207 - ETPRO TROJAN Backdoor:W32/OnionDuke.A Checkin (trojan.rules)
[///] Modified active rules: [///]

2018228 - ET TROJAN Possible PlugX Common Header Struct (trojan.rules)
[---] Disabled and modified rules: [---]

2807654 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0283) (web_client.rules)
[---] Removed rules: [---]

2809100 - ETPRO TROJAN Win32/Keylogger.CI CnC) (trojan.rules)

Date:
Summary title:
9 new Open signatures, 17 new Pro (9 + 8). Win32.Iroffer, Abuse.CH SSL cert blacklist, Win32.Korplug.