Talos Rules 2015-10-15
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the blacklist, browser-ie, browser-plugins, exploit-kit, file-flash, malware-cnc and server-other rule sets to provide coverage for emerging threats from these technologies.

Change logs

2015-10-15 13:35:27 UTC

Snort Subscriber Rules Update

Date: 2015-10-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:36489 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36461 <-> DISABLED <-> SERVER-OTHER Novell eDirectory DHost sadminpwd buffer overflow attempt (server-other.rules)
 * 1:36460 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CenterPos outbound connection (malware-cnc.rules)
 * 1:36463 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack Server opcode 1332 buffer overflow attempt (server-other.rules)
 * 1:36462 <-> DISABLED <-> SERVER-OTHER Novell eDirectory DHost verifypwd buffer overflow attempt (server-other.rules)
 * 1:36492 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit gate detected (exploit-kit.rules)
 * 1:36494 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Script Engine Stack Exhaustion Denial of Service attempt (browser-ie.rules)
 * 1:36469 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules)
 * 1:36465 <-> ENABLED <-> BLACKLIST DNS request for known malware domain yalladesign.net - Win.Trojan.AridViper (blacklist.rules)
 * 1:36467 <-> ENABLED <-> BLACKLIST DNS request for known malware domain smilydesign.com - Win.Trojan.AridViper (blacklist.rules)
 * 1:36468 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules)
 * 1:36464 <-> ENABLED <-> BLACKLIST DNS request for known malware domain oowdesign.com - Win.Trojan.AridViper (blacklist.rules)
 * 1:36485 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36466 <-> ENABLED <-> BLACKLIST DNS request for known malware domain coldydesign.com - Win.Trojan.AridViper (blacklist.rules)
 * 1:36491 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36470 <-> ENABLED <-> BLACKLIST DNS request for known malware domain kemoge.net - Kemoge (blacklist.rules)
 * 1:36471 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Kemoge outbound connection attempt (malware-cnc.rules)
 * 1:36472 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven ConvToSafeArray ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36473 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven ConvToSafeArray ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36474 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven ConvToSafeArray ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36475 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven ConvToSafeArray ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36476 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules)
 * 1:36484 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36477 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules)
 * 1:36478 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules)
 * 1:36490 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36479 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules)
 * 1:36480 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36481 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36486 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36483 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36482 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36488 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36487 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36493 <-> DISABLED <-> SERVER-OTHER Squid snmphandleUDP off-by-one buffer overflow attempt (server-other.rules)

Modified Rules:


 * 1:23375 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36241 <-> ENABLED <-> MALWARE-OTHER self-signed SSL certificate transfer for EXEPROXY attempt (malware-other.rules)
 * 1:17487 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Script Engine Stack Exhaustion Denial of Service attempt (browser-ie.rules)
 * 1:23373 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:21492 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules)

2015-10-15 13:35:26 UTC

Snort Subscriber Rules Update

Date: 2015-10-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2973.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:36461 <-> DISABLED <-> SERVER-OTHER Novell eDirectory DHost sadminpwd buffer overflow attempt (server-other.rules)
 * 1:36460 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CenterPos outbound connection (malware-cnc.rules)
 * 1:36492 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit gate detected (exploit-kit.rules)
 * 1:36462 <-> DISABLED <-> SERVER-OTHER Novell eDirectory DHost verifypwd buffer overflow attempt (server-other.rules)
 * 1:36494 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Script Engine Stack Exhaustion Denial of Service attempt (browser-ie.rules)
 * 1:36469 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules)
 * 1:36467 <-> ENABLED <-> BLACKLIST DNS request for known malware domain smilydesign.com - Win.Trojan.AridViper (blacklist.rules)
 * 1:36468 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules)
 * 1:36465 <-> ENABLED <-> BLACKLIST DNS request for known malware domain yalladesign.net - Win.Trojan.AridViper (blacklist.rules)
 * 1:36464 <-> ENABLED <-> BLACKLIST DNS request for known malware domain oowdesign.com - Win.Trojan.AridViper (blacklist.rules)
 * 1:36490 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36491 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36481 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36463 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack Server opcode 1332 buffer overflow attempt (server-other.rules)
 * 1:36489 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36466 <-> ENABLED <-> BLACKLIST DNS request for known malware domain coldydesign.com - Win.Trojan.AridViper (blacklist.rules)
 * 1:36470 <-> ENABLED <-> BLACKLIST DNS request for known malware domain kemoge.net - Kemoge (blacklist.rules)
 * 1:36471 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Kemoge outbound connection attempt (malware-cnc.rules)
 * 1:36472 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven ConvToSafeArray ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36473 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven ConvToSafeArray ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36474 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven ConvToSafeArray ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36475 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven ConvToSafeArray ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36476 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules)
 * 1:36477 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules)
 * 1:36479 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules)
 * 1:36480 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36482 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36483 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36484 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36486 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36485 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36478 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules)
 * 1:36493 <-> DISABLED <-> SERVER-OTHER Squid snmphandleUDP off-by-one buffer overflow attempt (server-other.rules)
 * 1:36487 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36488 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)

Modified Rules:


 * 1:36241 <-> ENABLED <-> MALWARE-OTHER self-signed SSL certificate transfer for EXEPROXY attempt (malware-other.rules)
 * 1:21492 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules)
 * 1:23373 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:17487 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Script Engine Stack Exhaustion Denial of Service attempt (browser-ie.rules)
 * 1:23375 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)

2015-10-15 13:35:26 UTC

Snort Subscriber Rules Update

Date: 2015-10-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2975.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:36469 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules)
 * 1:36467 <-> ENABLED <-> BLACKLIST DNS request for known malware domain smilydesign.com - Win.Trojan.AridViper (blacklist.rules)
 * 1:36468 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules)
 * 1:36465 <-> ENABLED <-> BLACKLIST DNS request for known malware domain yalladesign.net - Win.Trojan.AridViper (blacklist.rules)
 * 1:36464 <-> ENABLED <-> BLACKLIST DNS request for known malware domain oowdesign.com - Win.Trojan.AridViper (blacklist.rules)
 * 1:36461 <-> DISABLED <-> SERVER-OTHER Novell eDirectory DHost sadminpwd buffer overflow attempt (server-other.rules)
 * 1:36460 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CenterPos outbound connection (malware-cnc.rules)
 * 1:36463 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack Server opcode 1332 buffer overflow attempt (server-other.rules)
 * 1:36466 <-> ENABLED <-> BLACKLIST DNS request for known malware domain coldydesign.com - Win.Trojan.AridViper (blacklist.rules)
 * 1:36470 <-> ENABLED <-> BLACKLIST DNS request for known malware domain kemoge.net - Kemoge (blacklist.rules)
 * 1:36471 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Kemoge outbound connection attempt (malware-cnc.rules)
 * 1:36472 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven ConvToSafeArray ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36473 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven ConvToSafeArray ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36474 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven ConvToSafeArray ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36475 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven ConvToSafeArray ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36476 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules)
 * 1:36477 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules)
 * 1:36478 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules)
 * 1:36479 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules)
 * 1:36480 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36481 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36482 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36483 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36484 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36485 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36486 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36494 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Script Engine Stack Exhaustion Denial of Service attempt (browser-ie.rules)
 * 1:36493 <-> DISABLED <-> SERVER-OTHER Squid snmphandleUDP off-by-one buffer overflow attempt (server-other.rules)
 * 1:36462 <-> DISABLED <-> SERVER-OTHER Novell eDirectory DHost verifypwd buffer overflow attempt (server-other.rules)
 * 1:36492 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit gate detected (exploit-kit.rules)
 * 1:36491 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36490 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36489 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36488 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36487 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)

Modified Rules:


 * 1:36241 <-> ENABLED <-> MALWARE-OTHER self-signed SSL certificate transfer for EXEPROXY attempt (malware-other.rules)
 * 1:23375 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:23373 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:21492 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules)
 * 1:17487 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Script Engine Stack Exhaustion Denial of Service attempt (browser-ie.rules)

2015-10-15 13:35:26 UTC

Snort Subscriber Rules Update

Date: 2015-10-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:36494 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Script Engine Stack Exhaustion Denial of Service attempt (browser-ie.rules)
 * 1:36493 <-> DISABLED <-> SERVER-OTHER Squid snmphandleUDP off-by-one buffer overflow attempt (server-other.rules)
 * 1:36492 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit gate detected (exploit-kit.rules)
 * 1:36491 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36490 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36489 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36488 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36487 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36486 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36485 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36484 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36483 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36482 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36481 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36480 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36479 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules)
 * 1:36478 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules)
 * 1:36477 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules)
 * 1:36476 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules)
 * 1:36475 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven ConvToSafeArray ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36474 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven ConvToSafeArray ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36473 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven ConvToSafeArray ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36472 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven ConvToSafeArray ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36471 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Kemoge outbound connection attempt (malware-cnc.rules)
 * 1:36470 <-> ENABLED <-> BLACKLIST DNS request for known malware domain kemoge.net - Kemoge (blacklist.rules)
 * 1:36469 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules)
 * 1:36468 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules)
 * 1:36467 <-> ENABLED <-> BLACKLIST DNS request for known malware domain smilydesign.com - Win.Trojan.AridViper (blacklist.rules)
 * 1:36466 <-> ENABLED <-> BLACKLIST DNS request for known malware domain coldydesign.com - Win.Trojan.AridViper (blacklist.rules)
 * 1:36465 <-> ENABLED <-> BLACKLIST DNS request for known malware domain yalladesign.net - Win.Trojan.AridViper (blacklist.rules)
 * 1:36464 <-> ENABLED <-> BLACKLIST DNS request for known malware domain oowdesign.com - Win.Trojan.AridViper (blacklist.rules)
 * 1:36463 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack Server opcode 1332 buffer overflow attempt (server-other.rules)
 * 1:36462 <-> DISABLED <-> SERVER-OTHER Novell eDirectory DHost verifypwd buffer overflow attempt (server-other.rules)
 * 1:36461 <-> DISABLED <-> SERVER-OTHER Novell eDirectory DHost sadminpwd buffer overflow attempt (server-other.rules)
 * 1:36460 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CenterPos outbound connection (malware-cnc.rules)

Modified Rules:


 * 1:17487 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Script Engine Stack Exhaustion Denial of Service attempt (browser-ie.rules)
 * 1:21492 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules)
 * 1:23373 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:23375 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36241 <-> ENABLED <-> MALWARE-OTHER self-signed SSL certificate transfer for EXEPROXY attempt (malware-other.rules)