[***] Summary: [***] 19 new Open signatures, 26 new Pro (19 + 6). CVE-2014-6332, CVE-2014-7992, CoinLocker, Win32/Spy.Agent.OLF. Thanks: Kevin Ross, pckthck, @abuse_ch and @rmkml. [+++] Added rules: [+++] Open: 2019778 - ET EXPLOIT DLSw Information Disclosure CVE-2014-7992 (exploit.rules)
2019780 - ET TROJAN W32/CloudScout CnC Beacon (trojan.rules)
2019781 - ET CURRENT_EVENTS AOL PHISH PayPal - Creds Phished (current_events.rules)
2019782 - ET CURRENT_EVENTS AOL PHISH PayPal - Name Address Phished (current_events.rules)
2019783 - ET CURRENT_EVENTS AOL PHISH PayPal - Credit Card and SSN Phished (current_events.rules)
2019784 - ET CURRENT_EVENTS AOL PHISH PayPal - Bank Account Phished (current_events.rules)
2019785 - ET CURRENT_EVENTS AOL PHISH PayPal - Landing Page (current_events.rules)
2019786 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dyre CnC) (trojan.rules)
2019787 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dyre CnC) (trojan.rules)
2019788 - ET TROJAN DNS Query for Suspicious cvredirect.no-ip.net Domain - CoinLocker Domain (trojan.rules)
2019789 - ET TROJAN HTTP Request to a *.cvredirect.no-ip.net domain - CoinLocker Domain (trojan.rules)
2019790 - ET TROJAN DNS Query for Suspicious cvredirect.ddns.net Domain - CoinLocker Domain (trojan.rules)
2019791 - ET TROJAN HTTP Request to a *.cvredirect.ddns.net domain - CoinLocker Domain (trojan.rules)
2019792 - ET CURRENT_EVENTS Possible Internet Explorer CVE-2014-6332 Common Construct URLENCODE (current_events.rules)
2019793 - ET CURRENT_EVENTS Possible Internet Explorer CVE-2014-6332 Common Construct HEX (current_events.rules)
2019794 - ET CURRENT_EVENTS Possible Internet Explorer CVE-2014-6332 Common Construct HEXC (current_events.rules)
2019795 - ET CURRENT_EVENTS Possible Internet Explorer CVE-2014-6332 Common Construct HEXCS (current_events.rules)
2019796 - ET CURRENT_EVENTS Possible Internet Explorer CVE-2014-6332 Common Construct DECC (current_events.rules)
2019797 - ET CURRENT_EVENTS Possible Internet Explorer CVE-2014-6332 Common Construct DECCS (current_events.rules) Pro: 2809235 - ETPRO TROJAN Win32/Blaknight.A Connectivity Check (trojan.rules)
2809237 - ETPRO TROJAN Win32/Filecoder.NCP .onion Proxy domain lookup (trojan.rules)
2809238 - ETPRO TROJAN Win32/Spy.Agent.OLF Retrieving CnC IP - SET (trojan.rules)
2809239 - ETPRO TROJAN Win32/Spy.Agent.OLF Retrieving CnC IP (trojan.rules)
2809240 - ETPRO MOBILE_MALWARE Android.Trojan.FakeInst.IS Checkin (mobile_malware.rules)
2809241 - ETPRO TROJAN Win32/Carberp.B Checkin (trojan.rules)
[///] Modified active rules: [///] 2805815 - ETPRO POLICY Internal Host Retrieving External IP via whatismyipaddress.com - Possible Infection (policy.rules)
2806019 - ETPRO TROJAN Win32/Zeprox.B Checkin (trojan.rules)
2808035 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.fe Checkin (mobile_malware.rules)
[---] Removed rules: [---]
Date: 
Sunday, November 23, 2014 - 22:00