[***] Summary: [***]

48 new Open signatures, 55 new Pro (48 + 7). Sitelutions DYNAMIC_DNS detection, EZpass phish, Various Android.

Thanks: @MalwareMustDie, @jaimeblascob, Balasubramaniam Natarajan, ABUSE.CH

Open:

2018807 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (ZeuS MITM) (trojan.rules)
2018808 - ET TROJAN DoS.Linux/Elknot.G Checkin (trojan.rules)
2018809 - ET INFO DYNAMIC_DNS HTTP Request to *.passinggas.net Domain (Sitelutions) (info.rules)
2018810 - ET INFO DYNAMIC_DNS Query to *.passinggas.net Domain (Sitelutions) (info.rules)
2018811 - ET INFO DYNAMIC_DNS HTTP Request to *.myredirect.us Domain (Sitelutions) (info.rules)
2018812 - ET INFO DYNAMIC_DNS Query to *.myredirect.us Domain (Sitelutions) (info.rules)
2018813 - ET INFO DYNAMIC_DNS HTTP Request to *.rr.nu Domain (Sitelutions) (info.rules)
2018814 - ET INFO DYNAMIC_DNS Query to *.rr.nu Domain (Sitelutions) (info.rules)
2018815 - ET INFO DYNAMIC_DNS HTTP Request to *.kwik.to Domain (Sitelutions) (info.rules)
2018816 - ET INFO DYNAMIC_DNS Query to *.kwik.to Domain (Sitelutions) (info.rules)
2018817 - ET INFO DYNAMIC_DNS HTTP Request to *.myfw.us Domain (Sitelutions) (info.rules)
2018818 - ET INFO DYNAMIC_DNS Query to *.myfw.us Domain (Sitelutions) (info.rules)
2018819 - ET INFO DYNAMIC_DNS HTTP Request to *.ontheweb.nu Domain (Sitelutions) (info.rules)
2018820 - ET INFO DYNAMIC_DNS Query to *ontheweb.nu Domain (Sitelutions) (info.rules)
2018821 - ET INFO DYNAMIC_DNS HTTP Request to *.isthebe.st Domain (Sitelutions) (info.rules)
2018822 - ET INFO DYNAMIC_DNS Query to *isthebe.st Domain (Sitelutions) (info.rules)
2018823 - ET INFO DYNAMIC_DNS HTTP Request to *.byinter.net Domain (Sitelutions) (info.rules)
2018824 - ET INFO DYNAMIC_DNS Query to *byinter.net Domain (Sitelutions) (info.rules)
2018825 - ET INFO DYNAMIC_DNS HTTP Request to *.findhere.org Domain (Sitelutions) (info.rules)
2018826 - ET INFO DYNAMIC_DNS Query to *findhere.org Domain (Sitelutions) (info.rules)
2018827 - ET INFO DYNAMIC_DNS HTTP Request to *.onthenetas.com Domain (Sitelutions) (info.rules)
2018828 - ET INFO DYNAMIC_DNS Query to *onthenetas.com Domain (Sitelutions) (info.rules)
2018829 - ET INFO DYNAMIC_DNS HTTP Request to *.uglyas.com Domain (Sitelutions) (info.rules)
2018830 - ET INFO DYNAMIC_DNS Query to *uglyas.com Domain (Sitelutions) (info.rules)
2018831 - ET INFO DYNAMIC_DNS HTTP Request to *.assexyas.com Domain (Sitelutions) (info.rules)
2018832 - ET INFO DYNAMIC_DNS Query to *assexyas.com Domain (Sitelutions) (info.rules)
2018833 - ET INFO DYNAMIC_DNS HTTP Request to *.passas.us Domain (Sitelutions) (info.rules)
2018834 - ET INFO DYNAMIC_DNS Query to *passas.us Domain (Sitelutions) (info.rules)
2018835 - ET INFO DYNAMIC_DNS HTTP Request to *.athissite.com Domain (Sitelutions) (info.rules)
2018836 - ET INFO DYNAMIC_DNS Query to *atthissite.com Domain (Sitelutions) (info.rules)
2018837 - ET INFO DYNAMIC_DNS HTTP Request to *.athersite.com Domain (Sitelutions) (info.rules)
2018838 - ET INFO DYNAMIC_DNS Query to *athersite.com Domain (Sitelutions) (info.rules)
2018839 - ET INFO DYNAMIC_DNS HTTP Request to *.isgre.at Domain (Sitelutions) (info.rules)
2018840 - ET INFO DYNAMIC_DNS Query to *isgre.at Domain (Sitelutions) (info.rules)
2018841 - ET INFO DYNAMIC_DNS HTTP Request to *.lookin.at Domain (Sitelutions) (info.rules)
2018842 - ET INFO DYNAMIC_DNS Query to *lookin.at Domain (Sitelutions) (info.rules)
2018843 - ET INFO DYNAMIC_DNS HTTP Request to *.bestdeals.at Domain (Sitelutions) (info.rules)
2018844 - ET INFO DYNAMIC_DNS Query to *bestdeals.at Domain (Sitelutions) (info.rules)
2018845 - ET INFO DYNAMIC_DNS HTTP Request to *.lowestprices.at Domain (Sitelutions) (info.rules)
2018846 - ET INFO DYNAMIC_DNS Query to *lowestprices Domain (Sitelutions) (info.rules)
2018847 - ET INFO DYNAMIC_DNS HTTP Request to *.passinggas.net Domain (Sitelutions) (info.rules)
2018848 - ET INFO DYNAMIC_DNS Query to *.passinggas.net Domain (Sitelutions) (info.rules)
2018849 - ET CURRENT_EVENTS Possible Upatre SSL Cert www.senorwooly.com (current_events.rules)
2018850 - ET CURRENT_EVENTS Possible Upatre SSL Cert ns2.sicher.in (current_events.rules)
2018851 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (KINS C2) (trojan.rules)
2018852 - ET TROJAN Malicious SSL Cert (KINS C2) (trojan.rules)
2018853 - ET CURRENT_EVENTS Possible Phishing E-ZPass Email Toll Notification July 30 2014 (current_events.rules)
2018855 - ET TROJAN Possible ClickFraud Trojan Socks5 Connection (trojan.rules)

Pro:

2808472 - ETPRO TROJAN PWS-Banker!dg Callback (trojan.rules)
2808473 - ETPRO MOBILE_MALWARE Android/SmsSend.EI Checkin (mobile_malware.rules)
2808474 - ETPRO P2P P2PShare Client Installed Checkin (p2p.rules)
2808475 - ETPRO TROJAN Win32/Reveton.gen!C Checkin (trojan.rules)
2808476 - ETPRO MALWARE Win32/Unruy Variant Checkin (malware.rules)
2808477 - ETPRO MOBILE_MALWARE Android.Trojan.Portal.A Checkin (mobile_malware.rules)
2808478 - ETPRO MOBILE_MALWARE Android.Trojan.SMSSend.AK Checkin (mobile_malware.rules)

[///] Modified active rules: [///]

2018786 - ET CURRENT_EVENTS Sweet Orange EK CDN Landing Page (current_events.rules)
2018799 - ET TROJAN Win32/Gatak Activity (trojan.rules)
2804419 - ETPRO MALWARE Riskware.Win32.SoftonicDownloader.AMN!A2 Install (malware.rules)
2807775 - ETPRO TROJAN Win32/Injector.gen!ER Checkin (trojan.rules)
2808313 - ETPRO TROJAN Win32.Tavex.A Checkin 2 (trojan.rules)
2808314 - ETPRO TROJAN Win32.Tavex.A Checkin 1 (trojan.rules)
2808375 - ETPRO MOBILE_MALWARE Android.Trojan.SMSSend.RZ Checkin (mobile_malware.rules)

[---] Removed rules: [---]

2808422 - ETPRO TROJAN Win32/Caphaw.A SSL Cert Serial (trojan.rules)
Date: 
Tuesday, July 29, 2014 - 22:00