*** EX RELS 03324 Release ***
Total number of signatures: 6015

Description
==================================================================
In this signature, we addressed the exploits/vulnerabilities
and applications as below:


Added 14 rule(s):
---------------
1133641	WEB Shell Spawning Attempt via telnetd -1.u
1133642	WEB GoAhead system.ini Information Disclosure Vulnerability -2 (CVE-2017-5674)
1133643	WEB WePresent WiPG-1000 Command Injection
1133644	WEB Disk Sorter Enterprise GET Buffer Overflow
1133645	WEB-CLIENT Javascript Obfuscation in Exploit Kits - 90 (Ransomware Attack Vector)
1133649	WEB-CLIENT Javascript Obfuscation in Exploit Kits - 91 (Ransomware Attack Vector)
1133650	WEB Multiple CCTV-DVR Vendors Remote Code Execution
1133651	WEB Trend Micro SafeSync for Enterprise storage.pm device_id role Command Injection -1 (ZDI-17-122)
1133654	WEB Trend Micro SafeSync for Enterprise storage.pm device_id role Command Injection -2 (ZDI-17-122)
1133660	WEB Western Digital My Cloud Authentication Bypass
1133661	SSL OpenSSL DHE and ECDHE Parameters NULL Pointer Dereference -1 (CVE-2017-3730)
1160215	VOIP ooVoo communicate via UDP -1
1160229	SOCIAL GREE access via TCP -5
1160230	SOCIAL GREE access via TCP -6

Modified 12 rule(s):
---------------
1060241	VOIP ooVoo access via SSL -1
1064524	MAIL QQ access via SSL -1
1065983	WEB-IM QQ login via SSL -1
1110895	WEB-CLIENT WScript.Shell Remote Code Execution -1 (Ransomware Attack Vector)
1112586	WEB-CLIENT Microsoft Internet Explorer Uninitialized Layout Memory Corruption (CVE-2008-3475)
1130452	WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability -1 (CVE-2015-0036)
1133572	WEB Shell Spawning Attempt via telnetd -1.b
1133578	WEB GoAhead system.ini Information Disclosure Vulnerability -1 (CVE-2017-5674)
1133635	SMB Microsoft MS17-010 SMB Remote Code Execution -1
1133636	SMB Microsoft MS17-010 SMB Remote Code Execution -2
1133637	SMB Microsoft MS17-010 SMB Remote Code Execution -3
1133638	SMB Microsoft MS17-010 SMB Remote Code Execution -4

Deleted 29 rule(s):
---------------
1049864	TERMINAL X11 MITcookie connect via TCP -1 (old rule)
1049865	TERMINAL X11 xopen connect via TCP -1 (old rule)
1053282	STOCK 10JQKA login via TCP -1 (old rule)
1053285	STOCK Compass.cn login via TCP -1 (old rule)
1053666	STOCK Hexun login via TCP -1 (old rule)
1060099	SOCIAL Friendster login via TCP -1 (old rule)
1060152	SOCIAL Yahoo Blog access via TCP -1 (old rule)
1060181	SOCIAL Cooltalk login via TCP -1 (old rule)
1060225	TERMINAL Beinsync login via SSL -1 (old rule)
1060226	TERMINAL Beinsync login via TCP -1 (old rule)
1060275	UPDATE Emsisoft transfer via TCP -1 (old rule)
1060283	UPDATE Outpost transfer via TCP -1 (old rule)
1060284	UPDATE Spybot transfer via TCP -1 (old rule)
1060289	UPDATE Duba transfer via TCP -1 (old rule)
1063343	SOCIAL Netlog access via TCP -1 (old rule)
1063344	SOCIAL Netlog login via TCP -1 (old rule)
1063375	STOCK 10JQKA access via TCP -1 (old rule)
1063669	TERMINAL Beinsync login via TCP -2 (old rule)
1063946	SOCIAL Friendster login via SSL -1 (old rule)
1064078	STOCK Compass.cn login via TCP -2 (old rule)
1064152	STOCK Hexun access via TCP -1 (old rule)
1064153	STOCK Hexun login via TCP -2 (old rule)
1064156	SOCIAL Friendster access via TCP -1 (old rule)
1064157	SOCIAL Aol-Answers access via TCP -1 (old rule)
1064158	SOCIAL Cooltalk access via TCP -1 (old rule)
1068829	UPDATE Duba access via TCP -1 (old rule)
1068830	UPDATE Duba access via TCP -2 (old rule)
1068834	UPDATE Spybot access via TCP -1 (old rule)
1069528	UPDATE Emsisoft access via SSL -1 (old rule)