[***] Summary: [***]
9 new Open signatures, 14 new Pro (9 + 5). WireLurker, Alureon, Trojan-Spy.AndroidOS.
Thanks: pckthck, @malwaresigs, @rmkml and @abuse_ch.
[+++] Added rules: [+++]
Open:
2019717 – ET TROJAN Alureon Checkin (trojan.rules)
2019718 – ET TROJAN OSX/WireLurker DNS Query Domain manhuaba.com.cn (trojan.rules)
2019719 – ET CURRENT_EVENTS Possible Dyre SSL Cert Nov 17 2014 (current_events.rules)
2019720 – ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dyre CnC) (trojan.rules)
2019721 – ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC) (trojan.rules)
2019728 – ET WEB_SPECIFIC_APPS WordPress Slideshow Gallery 1.4.6 – Shell Upload (web_specific_apps.rules)
2019729 – ET TROJAN Malware Connectivity Check to Google (trojan.rules)
2019730 – ET WEB_CLIENT GENERIC Possible IE Memory Corruption CollectGarbage with DOM Reset (web_client.rules)
2019731 – ET TROJAN OSX/WireLurker HTTP Request for manhuaba.com.cn (trojan.rules)
Pro:
2809208 – ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.fd Checkin (mobile_malware.rules)
2809209 – ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.fd Checkin 2 (mobile_malware.rules)
2809210 – ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.fd Checkin 3 (mobile_malware.rules)
2809212 – ETPRO TROJAN Win32/Kryptik.CQIR Checkin (trojan.rules)
2809213 – ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Galf.a Checkin (mobile_malware.rules)
[///] Modified active rules: [///]
2016820 – ET TROJAN DEEP PANDA Checkin 2 (trojan.rules)
2016821 – ET TROJAN DEEP PANDA Checkin 3 (trojan.rules)
2018495 – ET WEB_SERVER Possible CVE-2014-3120 Elastic Search Remote Code Execution Attempt (web_server.rules)
The post Daily Ruleset Update Summary 11/17/2014 appeared first on Emerging Threats.
