[***] Summary: [***] 8 new Open signatures, 32 new Pro. ProxyChanger.EO, Insomnia Shell, Linux.Turla. Check out our detailed December Patch Tuesday coverage here: http://emergingthreats.net/december-2014-microsoft-patch-tuesday-coverage/
[+++] Added rules: [+++] Open: 2019896 - ET TROJAN Backdoor.Linux.Turla Download (trojan.rules)
2019897 - ET EXPLOIT Possible PYKEK Priv Esc in-use (exploit.rules)
2019898 - ET POLICY I2P Retrieving reseed info (policy.rules)
2019899 - ET WEB_SERVER Insomnia Shell HTTP Request (web_server.rules)
2019900 - ET WEB_SERVER Insomnia Shell Outbound CMD Banner (web_server.rules)
2019901 - ET TROJAN VirRansom/VirLock Checkin (trojan.rules)
2019902 - ET TROJAN VirRansom/VirLock Checkin Response (trojan.rules)
2019903 - ET WEB_SPECIFIC_APPS Pandora FMS SQLi (web_specific_apps.rules) Pro: 2809294 - ETPRO TROJAN Possible Win32/ProxyChanger.EO SSL Cert (trojan.rules)
2809295 - ETPRO TROJAN Backdoor.IRC.Azbot CnC via IRC (trojan.rules)
2809296 - ETPRO WEB_SERVER Microsoft Outlook Web Access XSS attempt (2014-6325) (web_server.rules)
2809297 - ETPRO WEB_SERVER Microsoft Outlook Web Access XSS attempt (2014-6326) (web_server.rules)
2809298 - ETPRO WEB_CLIENT IE CSetTimeoutInfo Use-After-Free CVE-2014-6327 (web_client.rules)
2809299 - ETPRO WEB_CLIENT Internet Explorer Use After Free CVE-2014-6329 M1 (web_client.rules)
2809300 - ETPRO WEB_CLIENT Internet Explorer Use After Free CVE-2014-6329 M2 (web_client.rules)
2809301 - ETPRO WEB_CLIENT Internet Explorer Use After Free CVE-2014-6329 M3 (web_client.rules)
2809302 - ETPRO WEB_CLIENT Possible Internet Explorerer Use After Free CVE-2014-6330 (web_client.rules)
2809303 - ETPRO WEB_CLIENT Microsoft IE Information Leak Unitialized Stack Variable (CVE-2014-6355) (web_client.rules)
2809304 - ETPRO WEB_CLIENT Microsoft Rich Text File Use-After-Free cve-2014-6357 (web_client.rules)
2809305 - ETPRO WEB_CLIENT Microsoft Excel corrupted OfficeArtBstoreContainer record download cve-2014-6360 (web_client.rules)
2809308 - ETPRO WEB_CLIENT VBScript Use-After-Free CVE-2014-6363 (web_client.rules)
2809309 - ETPRO WEB_CLIENT IE Double Encoding Reflected XSS Vulnerability CVE-2014-6365 (web_client.rules)
2809310 - ETPRO WEB_CLIENT Possible Internet Explorer Use After Free CVE-2014-6366 (web_client.rules)
2809311 - ETPRO WEB_CLIENT Possible Internet Explorer Use After Free CVE-2014-6369 (web_client.rules)
2809312 - ETPRO WEB_CLIENT IE Incorrect Object Type CVE-2014-6373 (web_client.rules)
2809313 - ETPRO WEB_CLIENT Possible IE OOB Array Access CVE-2014-6376 (web_client.rules)
2809314 - ETPRO WEB_CLIENT Possible IE Incorrect Object Type CVE-2014-8966 (web_client.rules)
2809315 - ETPRO WEB_CLIENT Exchange URL Redirection Vulnerability GET request (CVE-2014-6336) (web_client.rules)
2809316 - ETPRO WEB_CLIENT Exchange URL Redirection Vulnerability link (CVE-2014-6336) (web_client.rules)
2809317 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Agent.b Checkin (mobile_malware.rules)
2809318 - ETPRO TROJAN Win32/Chanitor.A .onion Proxy domain lookup (trojan.rules)
2809319 - ETPRO MOBILE_MALWARE AndroidOS.Riskware.DroidCoupon Checkin (mobile_malware.rules)
[///] Modified active rules: [///] 2014726 - ET POLICY Outdated Windows Flash Version IE (policy.rules)
2014727 - ET POLICY Outdated Mac Flash Version (policy.rules)
2018194 - ET MALWARE Adware.iBryte.B Install (malware.rules)
2805831 - ETPRO MOBILE_MALWARE Android.Rabbhome / Backdoor.AndroidOS.Fjcon.a Checkin (mobile_malware.rules)
2808776 - ETPRO TROJAN Win32/ProxyChanger.EO Checkin 2 (trojan.rules)
2809241 - ETPRO TROJAN Win32/Carberp.B Checkin (trojan.rules)
2809249 - ETPRO TROJAN Backdoor.MSIL.Soaphrish.A checkin (trojan.rules)
[---] Removed rules: [---] 2013961 - ET CURRENT_EVENTS Blackhole Exploit Kit Delivering Java Exploit to Client (current_events.rules)
2806679 - ETPRO MOBILE_MALWARE Monitor.AndroidOS.Lien.a Checkin (mobile_malware.rules)
2809262 - ETPRO TROJAN Win32/Agent.NCA Checkin (trojan.rules)
2809263 - ETPRO TROJAN Win32/Agent.NCA Checkin Response (trojan.rules)
Date: 
Monday, December 8, 2014 - 22:00