[***] Summary: [***]
9 new Open signatures, 17 new Pro (9 + 8). Win32.Iroffer, Abuse.CH SSL cert blacklist, Win32.Korplug.
Thanks: Mike Worth, Nathan Fowler, @rmkml, @abuse_ch
[+++] Added rules: [+++]
Open:
2019708 – ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC) (trojan.rules)
2019709 – ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC) (trojan.rules)
2019710 – ET TROJAN VBS/Autorun.J Checkin (trojan.rules)
2019711 – ET TROJAN W32Autorun.worm.aaeh Checkin (trojan.rules)
2019712 – ET TROJAN W32/Keylogger.CI Checkin (trojan.rules)
2019713 – ET TROJAN Possible Asprox Pizza (trojan.rules)
2019714 – ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile (current_events.rules)
2019715 – ET WEB_CLIENT Possible Internet Explorer VBscript failure to handle error case information disclosure obfuscated CVE-2014-6332 (web_client.rules)
2019716 – ET TROJAN Windows executable base64 encoded in XML (trojan.rules)
Pro:
2809200 – ETPRO TROJAN Backdoor.Win32.Iroffer Checkin via IRC (trojan.rules)
2809201 – ETPRO USER_AGENTS Conduit Toolbar COMMLAYER User Agent (user_agents.rules)
2809202 – ETPRO TROJAN Win32.Korplug Checkin (trojan.rules)
2809203 – ETPRO TROJAN Rogue.Win32/FakePlus Checkin (trojan.rules)
2809204 – ETPRO TROJAN Win32.Trojan.Win32.TravNet HTTP Checkin (trojan.rules)
2809205 – ETPRO TROJAN Win32.Trojan.Win32/Agent.QRI (Korplug Related) Checkin (trojan.rules)
2809206 – ETPRO TROJAN FakeMS.abms Checkin (trojan.rules)
2809207 – ETPRO TROJAN Backdoor:W32/OnionDuke.A Checkin (trojan.rules)
[///] Modified active rules: [///]
2018228 – ET TROJAN Possible PlugX Common Header Struct (trojan.rules)
[---] Disabled and modified rules: [---]
2807654 – ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0283) (web_client.rules)
[---] Removed rules: [---]
2809100 – ETPRO TROJAN Win32/Keylogger.CI CnC) (trojan.rules)
The post Daily Ruleset Update Summary 11/14/2014 appeared first on Emerging Threats.