[***] Summary: [***]

17 new Pro rules. Patch Tuesday, Rovnix, Tofsee, Various Android.

Thanks: Nathan Fowler, Jake Warren and @kafeine

[+++] Added rules: [+++]

Pro:

2808539 - ETPRO WEB_CLIENT Possible Internet Explorer Use-After-Free CVE-2014-2820 1 (web_client.rules)
2808540 - ETPRO WEB_CLIENT Possible Internet Explorer Use-After-Free CVE-2014-2820 2 (web_client.rules)
2808541 - ETPRO WEB_CLIENT Possible Internet Explorer Use-After-Free CVE-2014-2823 (web_client.rules)
2808542 - ETPRO WEB_CLIENT Possible Internet Explorer Use-After-Free CVE-2014-4050 (web_client.rules)
2808543 - ETPRO WEB_CLIENT Possible Internet Explorer Use-After-Free CVE-2014-4057 1 (web_client.rules)
2808544 - ETPRO WEB_CLIENT Possible Internet Explorer Use-After-Free CVE-2014-4057 2 (web_client.rules)
2808545 - ETPRO WEB_CLIENT Possible Internet Explorer Use-After-Free CVE-2014-4063 (web_client.rules)
2808546 - ETPRO TROJAN Backdoor.MSIL/Parama.A Checkin (trojan.rules)
2808547 - ETPRO TROJAN Win32/Ursnif Connectivity Check (trojan.rules)
2808548 - ETPRO TROJAN Trojan.Win32.Yakes.fdph SSL Cert (trojan.rules)
2808549 - ETPRO TROJAN Win32/Rovnix Variant Config Download (trojan.rules)
2808550 - ETPRO TROJAN Win32/Tofsee.av Loader Checkin (trojan.rules)
2808551 - ETPRO TROJAN Trojan.Win32.Agent.cralxq Checkin (trojan.rules)
2808552 - ETPRO TROJAN Backdoor.Win32/Banito.D Checkin (trojan.rules)
2808553 - ETPRO MOBILE_MALWARE Android.Monitor.SMSUploader.A Checkin (mobile_malware.rules)
2808554 - ETPRO MOBILE_MALWARE Android.Trojan.Vmvol.A Checkin (mobile_malware.rules)
2808555 - ETPRO MOBILE_MALWARE Android.Trojan.Vmvol.A Checkin 2 (mobile_malware.rules)

[///] Modified active rules: [///]

2012612 - ET TROJAN Hiloti Style GET to PHP with invalid terse MSIE headers (trojan.rules)
2014726 - ET POLICY Outdated Windows Flash Version IE (policy.rules)
2014727 - ET POLICY Outdated Mac Flash Version (policy.rules)
2017314 - ET TROJAN PRISM Backdoor (trojan.rules)
2017938 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 13 (trojan.rules)
2018915 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (KINS C2) (trojan.rules)
2018916 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (KINS C2) (trojan.rules)
2800575 - ETPRO ACTIVEX Microsoft Access ActiveX Control Code Execution 2 (activex.rules)
2801468 - ETPRO WEB_CLIENT Insecure Library Loading Request (.dll) (web_client.rules)
2807199 - ETPRO WEB_CLIENT SUSPICIOUS WordPerfect Document with .doc extension 2 (web_client.rules)
2807716 - ETPRO MOBILE_MALWARE AndroidOS/Sumzand.A Checkin (mobile_malware.rules)

[///] Modified inactive rules: [///]

2017346 - ET CURRENT_EVENTS Blackhole/Cool obfuscated plugindetect in charcodes w/o sep Jul 10 2013 (current_events.rules)

[---] Disabled and modified rules: [---]

2016341 - ET CURRENT_EVENTS Blackhole Java applet with obfuscated URL Feb 04 2012 (current_events.rules)
2806979 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use-After-Free CVE-2013-3208 (web_client.rules)
2807103 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use-After-Free CVE-2013-3885 (web_client.rules)
2807212 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use-After-Free (CVE-2013-3917) (web_client.rules)

[---] Removed rules: [---]

2018921 - ET TROJAN Trojan-Spy.Win32.HavexSysinfo Response (trojan.rules)
2808432 - ETPRO TROJAN Backdoor.Korplug!gen6 Checkin (HTTP) (trojan.rules)
2808433 - ETPRO TROJAN Backdoor.Korplug!gen6 Checkin (UDP) (trojan.rules)

Date:
Summary title:
17 new Pro rules. Patch Tuesday, Rovnix, Tofsee, Various Android.