[***] Summary: [***] 7 new Open signatures, 17 new Pro. Upatre, PhaseBot, Dyre, Angler EK. Thanks: Kevin Ross and @EKWatcher [+++] Added rules: [+++] Open: 2019967 - ET CURRENT_EVENTS Evil Flash Redirector to RIG EK Dec 17 2014 (current_events.rules)
2019968 - ET CURRENT_EVENTS Angler EK XTEA encrypted binary (2) (current_events.rules)
2019969 - ET CURRENT_EVENTS Angler EK XTEA encrypted binary (3) (current_events.rules)
2019970 - ET CURRENT_EVENTS Upatre Download Redirection Dec 18 2014 (current_events.rules)
2019973 - ET CURRENT_EVENTS Archie EK T2 Activity Dec 18 2014 (current_events.rules)
2019974 - ET MALWARE PUP W32/DownloadGuide.D (malware.rules)
2019975 - ET TROJAN Syrian.Slideshow Sending Information via SMTP (trojan.rules) Pro: 2809363 - ETPRO TROJAN PhaseBot Checkin (trojan.rules)
2809364 - ETPRO TROJAN Backdoor.Linux.Agent.H CnC (trojan.rules)
2809365 - ETPRO WEB_SPECIFIC_APPS E-Journal SQLi Attempt (web_specific_apps.rules)
2809366 - ETPRO WEB_SPECIFIC_APPS ProjectSend Shell Upload Exploit Attempt (web_specific_apps.rules)
2809367 - ETPRO TROJAN Win32.Klmded Checkin (trojan.rules)
2809368 - ETPRO TROJAN Dyre Keep-Alive POST (trojan.rules)
2809369 - ETPRO TROJAN Dyre HTTP Request Headers (trojan.rules)
2809370 - ETPRO TROJAN Dyre Credentials POST (trojan.rules)
2809371 - ETPRO TROJAN EXE/SCR disguised as compressed PDF set (trojan.rules)
2809372 - ETPRO TROJAN EXE/SCR disguised as compressed PDF (trojan.rules)
[///] Modified active rules: [///] 2019770 - ET CURRENT_EVENTS Archie EK T2 SWF Exploit Struct Nov 20 2014 (current_events.rules)
2019950 - ET CURRENT_EVENTS Malicious Referer Bulk Traffic Sometimes Leading to EKs (Possible Bedep infection) Dec 16 2014 (current_events.rules)
2809267 - ETPRO TROJAN W32/TinyZBot Connectivity Check (Operation Cleaver) (trojan.rules)
Date: 
Wednesday, December 17, 2014 - 22:00