[***] Summary: [***]

12 new Open signatures, 26 new Pro (12+14). FlashPack EK, Omeka 2.2 CSRF, Upatre, Various Android.

Thanks: @EKWatcher, vlintelligence, @abuse_ch

[+++] Added rules: [+++]

Open:

2018788 - ET TROJAN Possible CryptoWall encrypted download (trojan.rules)
2018789 - ET POLICY TLS possible TOR SSL traffic (policy.rules)
2018790 - ET CURRENT_EVENTS Possible Upatre SSL Cert server.abaphome.net (current_events.rules)
2018791 - ET CURRENT_EVENTS Possible Upatre SSL Cert 1stopmall.us (current_events.rules)
2018792 - ET MOBILE_MALWARE Worm.AndroidOS.Selfmite.a Checkin (mobile_malware.rules)
2018793 - ET TROJAN EUPUDS.A Requests for Boleto replacement (trojan.rules)
2018794 - ET CURRENT_EVENTS Safe/CritX/FlashPack EK Secondary Landing June 28 2014 (current_events.rules)
2018795 - ET CURRENT_EVENTS Safe/CritX/FlashPack EK Plugin Detect IE Exploit (current_events.rules)
2018796 - ET CURRENT_EVENTS Safe/CritX/FlashPack EK Plugin Detect Java Exploit (current_events.rules)
2018797 - ET CURRENT_EVENTS Safe/CritX/FlashPack EK Plugin Detect Flash Exploit (current_events.rules)
2018798 - ET TROJAN Infostealer.KLPROXY Checkin via SMTP (trojan.rules)
2018799 - ET TROJAN Win32/Gatak Activity (trojan.rules)

Pro:

2808447 - ETPRO MOBILE_MALWARE Android/SMSreg.CL Checkin (mobile_malware.rules)
2808448 - ETPRO TROJAN Carberp/Rovnix Proxy Connection (trojan.rules)
2808449 - ETPRO TROJAN Win32/Lmir.BMR Checkin (trojan.rules)
2808450 - ETPRO TROJAN REVETON CnC SET (trojan.rules)
2808451 - ETPRO TROJAN REVETON CnC OUTBOUND (trojan.rules)
2808452 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Faketoken.a Checkin 2 (mobile_malware.rules)
2808453 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.GingerMaster.a Checkin 6 (mobile_malware.rules)
2808454 - ETPRO MOBILE_MALWARE Android/SMForw.CB Checkin (mobile_malware.rules)
2808455 - ETPRO MALWARE PUP Win32/Toolbar.Conduit Checkin 2 (malware.rules)
2808456 - ETPRO MOBILE_MALWARE Android/Spy.GoldDream.C Checkin (mobile_malware.rules)
2808457 - ETPRO EXPLOIT Kolibri WebServer 2.0 Get Request SEH Exploit (exploit.rules)
2808458 - ETPRO EXPLOIT Omeka 2.2 CSRF Add Super User (exploit.rules)
2808459 - ETPRO EXPLOIT Omeka 2.2 CSRF Add Persistent XSS (exploit.rules)
2808460 - ETPRO EXPLOIT Omeka 2.2 CSRF Disable Fie Validation (exploit.rules)

[///] Modified active rules: [///]

2002400 - ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer) (user_agents.rules)
2013508 - ET TROJAN Downloader User-Agent HTTPGET (trojan.rules)
2018745 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (KINS C2) (trojan.rules)
2807276 - ETPRO MALWARE Adware/GetFaster Checkin (malware.rules)

[---] Removed rules: [---]

2808428 - ETPRO TROJAN Win32/Rhubot.A Checkin (trojan.rules)
Date: 
Sunday, July 27, 2014 - 22:00