[***] Summary: [***] 14 new Open signatures, 20 new Pro (14 + 6). Dyre, PBBoard CMS SQLi CVE-2014-9215, Dridex, Angler EK. Thanks: Kevin Ross, @kafeine, @rmkml, @EKWatcher and @abuse_ch. [+++] Added rules: [+++] Open: 2019882 - ET TROJAN Possible Dyre DGA NXDOMAIN Responses (.cc) (trojan.rules)
2019883 - ET TROJAN Possible Dyre DGA NXDOMAIN Responses (.ws) (trojan.rules)
2019884 - ET TROJAN Possible Dyre DGA NXDOMAIN Responses (.to) (trojan.rules)
2019885 - ET TROJAN Possible Dyre DGA NXDOMAIN Responses (.in) (trojan.rules)
2019886 - ET TROJAN Possible Dyre DGA NXDOMAIN Responses (.hk) (trojan.rules)
2019887 - ET TROJAN Possible Dyre DGA NXDOMAIN Responses (.cn) (trojan.rules)
2019888 - ET TROJAN Possible Dyre DGA NXDOMAIN Responses (.tk) (trojan.rules)
2019889 - ET TROJAN Possible Dyre DGA NXDOMAIN Responses (.so) (trojan.rules)
2019890 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC) (trojan.rules)
2019891 - ET TROJAN W32/Dridex POST CnC Beacon (trojan.rules)
2019892 - ET CURRENT_EVENTS Malicious Iframe Leading to EK Dec 08 2014 (current_events.rules)
2019893 - ET CURRENT_EVENTS Angler EK XTEA encrypted binary (1) (current_events.rules)
2019894 - ET CURRENT_EVENTS Probable malicious download from e-mail link /1.php (current_events.rules)
2019895 - ET CURRENT_EVENTS Malicious Redirect Leading to EK Dec 08 2014 (current_events.rules) Pro: 2809288 - ETPRO TROJAN Win32/Rethed.B Checkin (trojan.rules)
2809289 - ETPRO TROJAN PWS.Win32.Blankit.A Checkin (trojan.rules)
2809290 - ETPRO WEB_SPECIFIC_APPS PBBoard CMS SQLi CVE-2014-9215 1 (web_specific_apps.rules)
2809291 - ETPRO WEB_SPECIFIC_APPS PBBoard CMS SQLi CVE-2014-9215 2 (web_specific_apps.rules)
2809292 - ETPRO WEB_SPECIFIC_APPS PBBoard CMS SQLi CVE-2014-9215 3 (web_specific_apps.rules)
2809293 - ETPRO ATTACK_RESPONSE BurpSuite Server SSL Cert (attack_response.rules)
[///] Modified active rules: [///] 2019457 - ET TROJAN Vawtrak/NeverQuest Posting Data (trojan.rules)
2019499 - ET TROJAN Vawtrak/NeverQuest Server Response (trojan.rules)
2019843 - ET TROJAN Vawtrak/NeverQuest Posting Data (trojan.rules)
2019872 - ET CURRENT_EVENTS DRIVEBY Nuclear EK Payload (flowbits set) (current_events.rules)
2809248 - ETPRO WEB_SPECIFIC_APPS SP Client Document Manager WP Plugin SQLi (web_specific_apps.rules)
2809255 - ETPRO EXPLOIT SChannel Possible Heap Overflow CVE-2014-6321 SSLv3 (exploit.rules)
2809256 - ETPRO EXPLOIT SChannel Possible Heap Overflow CVE-2014-6321 TLSv1.0 (exploit.rules)
2809257 - ETPRO EXPLOIT SChannel Possible Heap Overflow CVE-2014-6321 TLSv1.1 (exploit.rules)
2809258 - ETPRO EXPLOIT SChannel Possible Heap Overflow CVE-2014-6321 TLSv1.2 (exploit.rules)
2809259 - ETPRO WEB_SPECIFIC_APPS wpDataTables 1.5.3 Plugin SQLi (web_specific_apps.rules)
[---] Removed rules: [---] 2009971 - ET P2P eMule KAD Network Hello Request (2) (p2p.rules)
Date: 
Sunday, December 7, 2014 - 22:00