[***] Summary: [***]

15 new Open signatures, 29 new Pro (15+14). Various Tor, Various AndroidOS, Upatre.

Thanks: Kevin Ross.

[+++] Added rules: [+++]

Open:

2018867 - ET TROJAN Win32.Sality.3 checkin (trojan.rules)
2018868 - ET CURRENT_EVENTS Possible Upatre SSL Cert chinasemservice.com (current_events.rules)
2018869 - ET TROJAN W32/Pgift.Backdoor APT CnC Beacon (trojan.rules)
2018870 - ET CURRENT_EVENTS Possible Upatre SSL Cert ns7-777.777servers.com (current_events.rules)
2018871 - ET CURRENT_EVENTS Possible Upatre SSL Cert adodis.com (current_events.rules)
2018872 - ET TROJAN Tor based locker .onion Proxy domain in SNI July 31, 2014 (trojan.rules)
2018873 - ET TROJAN Tor based locker Ransome Page (trojan.rules)
2018874 - ET TROJAN Tor based locker .onion Proxy DNS lookup July 31, 2014 (trojan.rules)
2018875 - ET POLICY tor4u tor2web .onion Proxy DNS lookup (policy.rules)
2018876 - ET POLICY onion.cab .onion Proxy DNS lookup (policy.rules)
2018877 - ET TROJAN Tor based locker knowledgewiki.info in SNI July 31, 2014 (trojan.rules)
2018878 - ET POLICY tor4u tor2web .onion Proxy domain in SNI (policy.rules)
2018879 - ET POLICY onion.cab tor2web .onion Proxy domain in SNI (policy.rules)
2018880 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 40 (trojan.rules)
2018881 - ET CURRENT_EVENTS Possible Upatre SSL Cert power2.mschosting.com (current_events.rules)

Pro:

2808482 - ETPRO POLICY outgoing icmp_shell session detected (policy.rules)
2808483 - ETPRO TROJAN Backdoor.APT.Lurid Checkin via POST (trojan.rules)
2808484 - ETPRO MALWARE PUP Win32/OptimizerElite Checkin (malware.rules)
2808485 - ETPRO MALWARE Win32/AdWare.ICLoader.A Checkin (malware.rules)
2808486 - ETPRO TROJAN DDoS.Win32/Nitol.B Checkin (trojan.rules)
2808487 - ETPRO MOBILE_MALWARE Worm.AndroidOS.Samsapo Checkin (mobile_malware.rules)
2808488 - ETPRO MALWARE PUP Win32/4Shared.D Checkin 1 (malware.rules)
2808489 - ETPRO MALWARE PUP Win32/4Shared.D Checkin 2 (malware.rules)
2808490 - ETPRO TROJAN WORM Gammima.AG Checkin (trojan.rules)
2808491 - ETPRO MOBILE_MALWARE AndroidOS/Apperhand.A Checkin (mobile_malware.rules)
2808492 - ETPRO TROJAN W32/Sdbot.worm!hz IRC Checkin (trojan.rules)
2808493 - ETPRO TROJAN Win32/Beastdoor.L sending infected IP address via ICQ (trojan.rules)
2808494 - ETPRO MOBILE_MALWARE Android.Gumen.A Checkin (mobile_malware.rules)
2808495 - ETPRO MOBILE_MALWARE Trojan.Android.Fobus.BI Checkin (mobile_malware.rules)

[///] Modified active rules: [///]

2803145 - ETPRO TROJAN BackDoor.Darkshell.246 CnC traffic (trojan.rules)
2806209 - ETPRO MOBILE_MALWARE SMSBoxer Checkin (mobile_malware.rules)
2806877 - ETPRO MOBILE_MALWARE Android/TheftSpy.C Checkin (mobile_malware.rules)
2807014 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.eh Checkin (mobile_malware.rules)
2807234 - ETPRO TROJAN protux CnC traffic (trojan.rules)
2807377 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Erop.a Checkin (mobile_malware.rules)
2807849 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.AAE Checkin (mobile_malware.rules)
2808385 - ETPRO TROJAN Win32.Xema Checkin (trojan.rules)
Date: 
Thursday, July 31, 2014 - 22:00