[***] Summary: [***]

14 new Open signatures, 17 new Pro (14+3). Backoff POS, Pbstealer, ABUSE.CH Malicious SSL certificates.

Thanks: ABUSE.CH

[+++] Added rules: [+++]

Open:

2018494 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (KINS C2) (trojan.rules)
2018600 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (KINS C2) (trojan.rules)
2018736 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (KINS C2) (trojan.rules)
2018856 - ET TROJAN Windows executable base64 encoded (trojan.rules)
2018857 - ET TROJAN Backoff POS Checkin (trojan.rules)
2018858 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2) (trojan.rules)
2018859 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2) (trojan.rules)
2018860 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2) (trojan.rules)
2018861 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2) (trojan.rules)
2018862 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2) (trojan.rules)
2018863 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2) (trojan.rules)
2018864 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2) (trojan.rules)
2018865 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2) (trojan.rules)
2018866 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2) (trojan.rules)

Pro:

2808479 - ETPRO TROJAN Trojan.Win32.Autoit.dbiolu Checkin (trojan.rules)
2808480 - ETPRO TROJAN Trojan.Win32.Banload.BTVS SQL Checkin (trojan.rules)
2808481 - ETPRO MOBILE_MALWARE Android-Malicious/Pbstealer Checkin (mobile_malware.rules)

[///] Modified active rules: [///]

2808292 - ETPRO MOBILE_MALWARE Android/Simplocker.B Checkin (mobile_malware.rules)

[---] Disabled and modified rules: [---]

2808313 - ETPRO TROJAN Win32.Tavex.A Checkin 2 (trojan.rules)

[---] Removed rules: [---]

2012330 - ET CURRENT_EVENTS HTTP Request to a *.rr.nu domain (current_events.rules)
2018494 - ET CURRENT_EVENTS ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (KINS C2) (current_events.rules)
2018600 - ET CURRENT_EVENTS ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (KINS C2) (current_events.rules)
2018736 - ET CURRENT_EVENTS ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (KINS C2) (current_events.rules)
2018847 - ET INFO DYNAMIC_DNS HTTP Request to *.passinggas.net Domain (Sitelutions) (info.rules)
2018848 - ET INFO DYNAMIC_DNS Query to *.passinggas.net Domain (Sitelutions) (info.rules)
2807775 - ETPRO TROJAN Win32/Injector.gen!ER Checkin (trojan.rules)
Date: 
Wednesday, July 30, 2014 - 22:00