[***] Summary: [***] 13 new Open signatures, 19 new Pro (13+6): Sednit EK, Various Android, Bugzilla vulns. Thanks: ESET, Jake Warren, @rmkml, @ekse0x, @abuse_ch. [+++] Added rules: [+++] Open: 2019363 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC) (trojan.rules)
2019364 - ET WEB_SPECIFIC_APPS Bugzilla token.cgi HPP e-mail validation bypass Attempt URI (web_specific_apps.rules)
2019365 - ET WEB_SPECIFIC_APPS Bugzilla token.cgi HPP e-mail validation bypass Attempt Client Body (web_specific_apps.rules)
2019366 - ET POLICY 2Downloadz.com File Sharing User-Agent (policy.rules)
2019367 - ET CURRENT_EVENTS DRIVEBY Sednit EK Landing (current_events.rules)
2019368 - ET CURRENT_EVENTS DRIVEBY Sednit EK IE Exploit CVE-2014-1776 M1 (current_events.rules)
2019369 - ET CURRENT_EVENTS DRIVEBY Sednit EK IE Exploit CVE-2014-1776 M2 (current_events.rules)
2019370 - ET CURRENT_EVENTS DRIVEBY Sednit EK IE Exploit CVE-2014-1776 M3 (current_events.rules)
2019371 - ET CURRENT_EVENTS DRIVEBY Sednit EK IE Exploit CVE-2013-1347 M1 (current_events.rules)
2019372 - ET CURRENT_EVENTS DRIVEBY Sednit EK IE Exploit CVE-2013-1347 M2 (current_events.rules)
2019373 - ET CURRENT_EVENTS DRIVEBY Generic CollectGarbage in JJEncode (Observed in Sednit) (current_events.rules)
2019374 - ET CURRENT_EVENTS DRIVEBY Sednit EK IE Exploit CVE-2013-3897 M1 (current_events.rules)
2019375 - ET CURRENT_EVENTS Possible Sweet Orange redirection Oct 8 2014 (current_events.rules) Pro: 2808953 - ETPRO MOBILE_MALWARE Android.Trojan.FakeInst.DU Checkin (mobile_malware.rules)
2808954 - ETPRO MOBILE_MALWARE AndroidOS.GoldDream.U Checkin (mobile_malware.rules)
2808955 - ETPRO MOBILE_MALWARE Android/Ksapp.L Checkin (mobile_malware.rules)
2808956 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Helir.f Checkin (mobile_malware.rules)
2808957 - ETPRO MOBILE_MALWARE Trojan.Android.Leadbolt.B Checkin (mobile_malware.rules)
2808958 - ETPRO TROJAN Backdoor.Cakwerd Dropping Files (trojan.rules)
[///] Modified active rules: [///] 2015835 - ET TROJAN Smoke Loader C2 Response (trojan.rules)
2019338 - ET CURRENT_EVENTS DRIVEBY Generic CollectGarbage in Hex (current_events.rules)
2806259 - ETPRO MOBILE_MALWARE Android/Joye.A Checkin (mobile_malware.rules)
2807579 - ETPRO TROJAN Backdoor/Win32.Hupigon Checkin (trojan.rules)
2808697 - ETPRO MOBILE_MALWARE Android/AndroRAT.B Checkin (mobile_malware.rules)
2808805 - ETPRO TROJAN Win32/Cendelf.gen!A checkin (trojan.rules)
[---] Removed rules: [---] 2019362 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 42 (trojan.rules)
Date: 
Tuesday, October 7, 2014 - 22:00