[***] Summary: [***] 11 new Open signatures, 16 new Pro (11 + 5). Win32.Kraddare, Ropest, Upatre. Thanks: Kevin Ross, @kafeine and @EKWatcher. [+++] Added rules: [+++] Open: 2019944 - ET MALWARE Win32/DomaIQ Checkin (malware.rules)
2019945 - ET TROJAN Trojan.Agent.AIXD Checkin (trojan.rules)
2019946 - ET TROJAN W32/Farfli.BHQ!tr Dropper CnC Beacon (trojan.rules)
2019947 - ET TROJAN W32/TRCrypt.ULPM Downloader CnC Beacon (trojan.rules)
2019948 - ET TROJAN W32/Symmi.46846 CnC Beacon (trojan.rules)
2019950 - ET CURRENT_EVENTS Malicious Referer used in EKs (Neutrino, Magnitude, HanJuan) Dec 16 2014 (current_events.rules)
2019951 - ET WEB_SERVER MorXploit Shell Command (web_server.rules)
2019952 - ET TROJAN Bedep Checkin Response (trojan.rules)
2019953 - ET CURRENT_EVENTS Upatre Redirector Dec 16 2014 set (current_events.rules)
2019954 - ET CURRENT_EVENTS Upatre Redirector Dec 16 2014 (current_events.rules)
2019955 - ET CURRENT_EVENTS Possible Zbot SSL Cert Dec 16 2014 (current_events.rules) Pro: 2809343 - ETPRO MALWARE Win32/Techsnab.B Checkin (malware.rules)
2809344 - ETPRO MALWARE Win32.Kraddare Checkin (malware.rules)
2809345 - ETPRO MOBILE_MALWARE Android/Agent.DE Checkin (mobile_malware.rules)
2809347 - ETPRO CURRENT_EVENTS Ropest Download Request Dec 16 2014 (current_events.rules)
2809348 - ETPRO TROJAN Win32/Pitou.B DNS Lookup (trojan.rules)
[///] Modified active rules: [///] 2013937 - ET WEB_SERVER Weevely PHP backdoor detected (system() function used) (web_server.rules)
2013938 - ET WEB_SERVER Weevely PHP backdoor detected (passthru() function used) (web_server.rules)
2013939 - ET WEB_SERVER Weevely PHP backdoor detected (shell_exec() function used) (web_server.rules)
2013940 - ET WEB_SERVER Weevely PHP backdoor detected (proc_open() function used) (web_server.rules)
2013941 - ET WEB_SERVER Weevely PHP backdoor detected (popen() function used) (web_server.rules)
2013942 - ET WEB_SERVER Weevely PHP backdoor detected (python_eval() function used) (web_server.rules)
2013943 - ET WEB_SERVER Weevely PHP backdoor detected (pcntl_exec() function used) (web_server.rules)
2013944 - ET WEB_SERVER Weevely PHP backdoor detected (perl->system() function used) (web_server.rules)
2013945 - ET WEB_SERVER Weevely PHP backdoor detected (exec() function used) (web_server.rules)
2018496 - ET TROJAN Win32/Geodo Checkin (trojan.rules)
2018589 - ET CURRENT_EVENTS Possible ASPROX Download URI Struct June 19 2014 (current_events.rules)
2019943 - ET TROJAN ZhCAT.HackTool Operation Cleaver HTTP CnC Beacon (trojan.rules)
2808161 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Opfake.a Checkin 9 (mobile_malware.rules)
2808880 - ETPRO EXPLOIT SolarWinds Storage Manager Authentication Bypass (exploit.rules)
2808937 - ETPRO EXPLOIT revslider_show_image Plugin Local File Inclusion Exploit Attempt (exploit.rules)
[---] Removed rules: [---] 2806796 - ETPRO MALWARE Win32/DomaIQ Checkin (malware.rules)
Date: 
Monday, December 15, 2014 - 22:00