[***] Status: [***]

9 new Open signatures, 23 new Pro (9+14). DecebalPOS, JackPOS, Various Android.

Thanks: Kevin Ross.

[+++] Added rules: [+++]

Open:

2019158 - ET TROJAN Possible Malicious Invoice EXE (trojan.rules)
2019159 - ET TROJAN TSPY_POCARDL.U Possible FTP Login (trojan.rules)
2019160 - ET TROJAN DecebalPOS Checkin (trojan.rules)
2019161 - ET TROJAN DecebalPOS User-Agent (trojan.rules)
2019162 - ET TROJAN Win.Trojan.Chewbacca connectivity check (trojan.rules)
2019163 - ET TROJAN JackPOS Checkin (trojan.rules)
2019164 - ET TROJAN JackPOS XOR Encoded HTTP Client Body (key AA) (trojan.rules)
2019165 - ET TROJAN Possible Banload Downloading Executable (trojan.rules)
2019166 - ET TROJAN Stobox Connectivity Check (trojan.rules)

Pro:

2808791 - ETPRO TROJAN Win32/Xymne Checkin (trojan.rules)
2808792 - ETPRO TROJAN Win32/FlyAgent variant MYSQL C2 (trojan.rules)
2808793 - ETPRO TROJAN Win32.Androm.cxb Requesting PE (trojan.rules)
2808794 - ETPRO TROJAN Win32.Weelsof.qko Possible Connectivity Check wikipedia.org (trojan.rules)
2808796 - ETPRO TROJAN W32/Magania.IDPJ C2 (trojan.rules)
2808797 - ETPRO TROJAN Trojan-PSW.Reedum FTP password (trojan.rules)
2808798 - ETPRO MOBILE_MALWARE AdWare.AndroidOS.Vidma.a Checkin (mobile_malware.rules)
2808799 - ETPRO MOBILE_MALWARE Android.Trojan.SMSSend.LJ Checkin (mobile_malware.rules)
2808800 - ETPRO TROJAN Win32.Llac.bbeh downloading files (trojan.rules)
2808801 - ETPRO TROJAN Win32.Reconyc Checkin (trojan.rules)
2808802 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.Zedat.a Checkin (mobile_malware.rules)
2808803 - ETPRO MOBILE_MALWARE Android.Riskware.SMSReg.DB Checkin (mobile_malware.rules)
2808804 - ETPRO TROJAN Win32/Cendelf.gen!A connectivity check (trojan.rules)

[///] Modified active rules: [///]

2001998 - ET MALWARE UCMore Spyware Downloading Ads (malware.rules)
2002763 - ET TROJAN Dumador Reporting User Activity (trojan.rules)
2003058 - ET MALWARE 180solutions (Zango) Spyware Installer Download (malware.rules)
2018912 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2) (trojan.rules)
2806306 - ETPRO TROJAN Trojan-PSW.Reedum FTP long Port (LPRT) (trojan.rules)
2808760 - ETPRO WEB_CLIENT Possible Internet Explorer Use-After-Free CVE-2014-4087 (web_client.rules)
2808761 - ETPRO WEB_CLIENT Possible Internet Explorer Use-After-Free CVE-2014-4088 (web_client.rules)
2808764 - ETPRO WEB_CLIENT Possible Internet Explorer Use-After-Free CVE-2014-4094 (web_client.rules)
Date: 
Wednesday, September 10, 2014 - 22:00