[***] Summary: [***] 6 new Open rules, 16 new Pro (6 + 10). wpDataTable vuln, Operation Cleaver, Vawtrak/NeverQuest. Thanks: Kevin Ross, Duane Howard, @kafeine, @rmkml & @abuse_ch [+++] Added rules: [+++] Open: 2019838 - ET TROJAN HompesA Activity (trojan.rules)
2019839 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC) (trojan.rules)
2019840 - ET TROJAN Trojan/MSIL.bfsx Checkin (trojan.rules)
2019841 - ET TROJAN Win32/Swrort.A Checkin 2 (trojan.rules)
2019842 - ET WEB_CLIENT Possible Internet Explorer VBscript CVE-2014-6332 multiple redim preserve (web_client.rules)
2019843 - ET TROJAN Vawtrak/NeverQuest Posting Data (trojan.rules) Pro: 2809259 - ETPRO WEB_SPECIFIC_APPS wpDataTables 1.5.3 Plugin SQLi (web_specific_apps.rules)
2809260 - ETPRO WEB_SPECIFIC_APPS wpDataTables 1.5.3 Possible Shell Upload (web_specific_apps.rules)
2809261 - ETPRO WEB_SPECIFIC_APPS Robotstats SQLi (web_specific_apps.rules)
2809262 - ETPRO TROJAN Win32/Agent.NCA Checkin (trojan.rules)
2809263 - ETPRO TROJAN Win32/Agent.NCA Checkin Response (trojan.rules)
2809264 - ETPRO TROJAN Win32/Kryptik.CPYA Checkin (trojan.rules)
2809265 - ETPRO MOBILE_MALWARE Monitor.AndroidOS.Proreso.a Checkin (mobile_malware.rules)
2809266 - ETPRO TROJAN W32/TinyZBot Checkin (Operation Cleaver) (trojan.rules)
2809267 - ETPRO TROJAN W32/TinyZBot Connectivity Check (Operation Cleaver) (trojan.rules)
2809268 - ETPRO TROJAN W32/PVZ-In Checkin (Operation Cleaver) (trojan.rules)
[///] Modified active rules: [///] 2017780 - ET CURRENT_EVENTS Possible Android InMobi SDK SideDoor Access postToSocial (current_events.rules)
2017781 - ET CURRENT_EVENTS Possible Android InMobi SDK SideDoor Access sendMail (current_events.rules)
2017782 - ET CURRENT_EVENTS Possible Android InMobi SDK SideDoor Access sendSMS (current_events.rules)
2017783 - ET CURRENT_EVENTS Possible Android InMobi SDK SideDoor Access registerMicListener (current_events.rules)
2019298 - ET TROJAN Linux/ShellshockCampaign.DDOSBot Execute Shell Command CnC Server Message (trojan.rules)
2019825 - ET POLICY Cryptexplorer API Check - Potential CoinMiner Traffic (policy.rules)
2807733 - ETPRO MOBILE_MALWARE Android/TrojanSMS.FakeInst.CG Checkin (mobile_malware.rules)
2809254 - ETPRO TROJAN Upatre Common URI Struct Dec 01 2014 (trojan.rules)
[---] Removed rules: [---] 2807538 - ETPRO TROJAN Win32/Swrort.A Checkin 2 (trojan.rules)
2807850 - ETPRO TROJAN Trojan/MSIL.bfsx Checkin (trojan.rules)
2808660 - ETPRO TROJAN Win32.Badur variant c2 (trojan.rules)
2809211 - ETPRO TROJAN Possible Dyre SSL Cert (fake state) (trojan.rules)
Date: 
Monday, December 1, 2014 - 22:00