[***] Summary: [***]

12 new Open signatures, 20 new Pro (12+8). Linux/BillGates, Various Android, Nuclear EK.

Thanks: @MalwareMustDie and @abuse_ch

[+++] Added rules: [+++]

Open:

2019202 - ET TROJAN Backdoor.Win32.PcClient.bal CnC (OUTBOUND) 2 (trojan.rules)
2019203 - ET TROJAN Backdoor.Win32.PcClient.bal CnC (OUTBOUND) 3 (trojan.rules)
2019204 - ET TROJAN Backdoor.Win32.PcClient.bal CnC (OUTBOUND) (trojan.rules)
2019205 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2) (trojan.rules)
2019206 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (KINS CnC) (trojan.rules)
2019207 - ET TROJAN Linux/BillGates Checkin (trojan.rules)
2019208 - ET TROJAN Linux/BillGates Checkin Response (trojan.rules)
2019209 - ET CURRENT_EVENTS DRIVEBY Nuclear EK PDF Struct (no alert) (current_events.rules)
2019210 - ET CURRENT_EVENTS DRIVEBY Nuclear EK PDF (current_events.rules)
2019211 - ET TROJAN Win32/Badur.igh Checkin 2 (trojan.rules)
2019212 - ET TROJAN Bossabot DDoS tool RFI attempt (trojan.rules)
2019213 - ET CURRENT_EVENTS Possible Dyre SSL Cert Sept 22 2014 (current_events.rules)

Pro:

2808861 - ETPRO TROJAN Likely Win32/Spy.Zbot.AAQ .onion Proxy DNS lookup (trojan.rules)
2808862 - ETPRO MOBILE_MALWARE Android.Trojan.FakeInst.BX Checkin 4 (mobile_malware.rules)
2808863 - ETPRO TROJAN TROJAN Win32/Seey.A Checkin (trojan.rules)
2808864 - ETPRO MOBILE_MALWARE Android/InfoStealer.BL Checkin via SMTP (mobile_malware.rules)
2808865 - ETPRO TROJAN TROJAN Win32/Seey.A User-Agent (trojan.rules)
2808866 - ETPRO TROJAN TROJAN Win32/Seey.A Checkin 2 (trojan.rules)
2808867 - ETPRO WEB_CLIENT Possible Adobe Reader CVE-2014-0567 (web_client.rules)
2808868 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Opfake.a Checkin 10 (mobile_malware.rules)

[///] Modified active rules: [///]

2019134 - ET CURRENT_EVENTS Flashpack Redirect Method 2 (current_events.rules)
2019172 - ET TROJAN Linux.DDoS Checkin (trojan.rules)
2019177 - ET TROJAN Linux/AES.DDoS Sending Real/Fake CPU&BW Info (trojan.rules)
2019185 - ET CURRENT_EVENTS Nuclear EK Gate Sep 16 2014 (current_events.rules)
2807357 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.SD Checkin (mobile_malware.rules)
2808659 - ETPRO CURRENT_EVENTS FlashPack URI Struct Thread 2 Specific (current_events.rules)
2808843 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.kh Checkin 2 (mobile_malware.rules)
2808844 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.kh Response 2 (mobile_malware.rules)

[---] Removed rules: [---]

2403321 - ET CINS Active Threat Intelligence Poor Reputation IP group 22 (ciarmy.rules)
2405062 - ET CNC Shadowserver Reported CnC Server Port 58914 Group 1 (botcc.portgrouped.rules)
2803491 - ETPRO TROJAN Suspicious HTTP STOP Return - Trojan.Win32.FakeAV.cfty or Related Controller (trojan.rules)
2807626 - ETPRO TROJAN Backdoor.Win32.PcClient.bal CnC (OUTBOUND) (trojan.rules)
2807683 - ETPRO TROJAN Backdoor.Win32.PcClient.bal CnC (OUTBOUND) 2 (trojan.rules)
2807710 - ETPRO TROJAN Backdoor.Win32.PcClient.bal CnC (OUTBOUND) 3 (trojan.rules)
Date: 
Sunday, September 21, 2014 - 22:00