[***] Summary: [***]

11 new Open signatures, 24 new Pro (11+13). Abuse.ch SSL Blacklist, Sweet Orange EK, Crilock.D, Various Android.

Thanks: Kevin Ross, Jake Warren, @abuse_ch, @EKwatcher.

[+++] Added rules: [+++]

Open:

2019146 - ET CURRENT_EVENTS Sweet Orange CDN Gate Sept 09 2014 Method 2 (current_events.rules)
2019147 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2) (trojan.rules)
2019148 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2) (trojan.rules)
2019149 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2) (trojan.rules)
2019150 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2) (trojan.rules)
2019151 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2) (trojan.rules)
2019152 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2) (trojan.rules)
2019153 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2) (trojan.rules)
2019154 - ET CURRENT_EVENTS Sweet Orange EK Java Exploit (current_events.rules)
2019155 - ET TROJAN Possible Zeus GameOver Connectivity Check 2 (trojan.rules)
2019156 - ET MALWARE W32/Kyle Malvertising.Dropper CnC Beacon (malware.rules)
2019157 - ET WEB_SPECIFIC_APPS Webmin Directory Traversal (web_specific_apps.rules)

Pro:

2808778 - ETPRO TROJAN Win32/Malagent!gmb connectivity check (trojan.rules)
2808779 - ETPRO TROJAN Win32.Wemosis.ia Checkin (trojan.rules)
2808780 - ETPRO WEB_SPECIFIC_APPS WordPress config.php in HTTP response (web_specific_apps.rules)
2808781 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.AL Checkin (mobile_malware.rules)
2808782 - ETPRO TROJAN Win32/Crilock.D SSL connection (trojan.rules)
2808783 - ETPRO TROJAN Win32/Crilock.D SSL Cert (trojan.rules)
2808784 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Hippo.Q Checkin (mobile_malware.rules)
2808785 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.dc Checkin (mobile_malware.rules)
2808786 - ETPRO TROJAN Win32/Pitou.A Checkin (trojan.rules)
2808787 - ETPRO TROJAN SpyEye Checkin version unknown (trojan.rules)
2808788 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.fb Checkin (mobile_malware.rules)
2808789 - ETPRO MALWARE AdWare.Win32.EoRezo SSL Cert (malware.rules)
2808790 - ETPRO MOBILE_MALWARE Android/Netisend.A Checkin 2 (mobile_malware.rules)

[///] Modified active rules: [///]

2016450 - ET TROJAN Backdoor.Win32/Likseput.A Checkin (trojan.rules)
2019085 - ET EXPLOIT Metasploit FireFox WebIDL Privileged Javascript Injection (exploit.rules)
2803980 - ETPRO TROJAN Backdoor.Win32.Salamdom!IK Checkin 2 (trojan.rules)
2804876 - ETPRO TROJAN Win32/Coswid.A Checkin (trojan.rules)
2807145 - ETPRO TROJAN Backdoor.Win32.Simda.abpn Checkin (trojan.rules)

[---] Disabled and modified rules: [---]

2017005 - ET CURRENT_EVENTS Possible Microsoft Office PNG overflow attempt invalid tEXt chunk length (current_events.rules)
2807027 - ETPRO TROJAN Win32/Meredrop Checkin (trojan.rules)

[---] Removed rules: [---]

2008597 - ET SCAN Cisco Torch SNMP Scan (scan.rules)
2014748 - ET CURRENT_EVENTS RedKit Repeated Exploit Request Pattern (current_events.rules)
2015851 - ET CURRENT_EVENTS Georgian Targeted Attack - Client Request (current_events.rules)
2015852 - ET CURRENT_EVENTS Georgian Targeted Attack - Server Response (current_events.rules)
2016405 - ET CURRENT_EVENTS CoolEK - PDF Exploit - Feb 12 2013 (current_events.rules)
2018703 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (KINS C2) (trojan.rules)
Date: 
Tuesday, September 9, 2014 - 22:00