[***] Summary: [***]
3 new Open signatures, 6 new Pro (3 + 3). Postfix CVE-2014-6271, FlashPlayer CVE-2014-0551.
Thanks: Jake Warren, bunk3m, @rmkml, @abuse_ch.
[+++] Added rules: [+++]
Open:
2019387 – ET POLICY SSL Certificate IRC GEEKS Likely Encrypted IRC or CnC (policy.rules)
2019388 – ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (KINS CnC) (trojan.rules)
2019389 – ET EXPLOIT Possible Postfix CVE-2014-6271 attempt (exploit.rules)
Pro
2808969 – ETPRO WEB_CLIENT Possible FlashPlayer CVE-2014-0551 (web_client.rules)
2808970 – ETPRO MOBILE_MALWARE Android/Spy.Kasandra.B Checkin (mobile_malware.rules)
2808971 – ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Carej.b Checkin 2 (mobile_malware.rules)
[///] Modified active rules: [///]
2008550 – ET TROJAN Trojan.Win32.Buzus Checkin (trojan.rules)
2808941 – ETPRO TROJAN Win32/Spy.Bancos.ACW Checkin (trojan.rules)
2018719 – ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (KINS C2) (trojan.rules)
2019365 – ET WEB_SPECIFIC_APPS Bugzilla token.cgi HPP e-mail validation bypass Attempt Client Body (web_specific_apps.rules)
2019384 – ET TROJAN Neverquest Request URI Struct (trojan.rules)
[---] Removed rules: [---]
2018328 – ET TROJAN Win32/Kryptik.AZER C2 SSL Stolen Cert (trojan.rules)
2803912 – ETPRO POLICY SSL Certificate IRC GEEKS Likely Encrypted IRC or CnC (policy.rules)
The post Daily Ruleset Update Summary 10/10/2014 appeared first on Emerging Threats.