[***] Summary: [***] 9 new Open signatures, 15 new Pro (9+6). Vawtrak/NeverQuest, BlackEnergy, DroidKungFu. Thanks: Eoin Miller [+++] Added rules: [+++] Open: 2019499 - ET TROJAN Vawtrak/NeverQuest Server Response (trojan.rules)
2019500 - ET TROJAN Vawtrak/NeverQuest Posting Data (trojan.rules)
2019501 - ET TROJAN Vawtrak/NeverQuest Posting Data (trojan.rules)
2019502 - ET TROJAN Wonton-JH Checkin (trojan.rules)
2019503 - ET CURRENT_EVENTS SSL SinkHole Cert Possible Infected Host (current_events.rules)
2019504 - ET TROJAN BlackEnergy SSL Cert (trojan.rules)
2019505 - ET TROJAN BlackEnergy SSL Cert (trojan.rules)
2019506 - ET CURRENT_EVENTS Possible Upatre SSL Cert Oct 24 2014 (current_events.rules)
2019507 - ET CURRENT_EVENTS Possible Upatre SSL Cert www.tradeledstore.co.uk (current_events.rules) Pro: 2809063 - ETPRO MOBILE_MALWARE DroidKungFu Checkin 5 (mobile_malware.rules)
2809064 - ETPRO MOBILE_MALWARE DroidKungFu Checkin 6 (mobile_malware.rules)
2809065 - ETPRO TROJAN Backdoor.Kivars Checkin (trojan.rules)
2809066 - ETPRO TROJAN Backdoor.Tepmim Checkin (trojan.rules)
2809067 - ETPRO TROJAN Win32/Sednit.L Checkin (trojan.rules)
2809068 - ETPRO TROJAN Win32/Kilim.M Checkin (trojan.rules)
[///] Modified active rules: [///] 2011921 - ET TROJAN FAKEAV CryptMEN - Landing Page Download Contains .hdd_icon (trojan.rules)
2013283 - ET TROJAN DarkComet-RAT init connection (trojan.rules)
2019415 - ET POLICY SSLv3 inbound connection to server vulnerable to POODLE attack (policy.rules)
2019418 - ET CURRENT_EVENTS SSL excessive fatal alerts (possible POODLE attack against server) (current_events.rules)
2019421 - ET WEB_CLIENT Possible CVE-2014-4113 Exploit Download with Hurricane Panda IOC (web_client.rules)
2019457 - ET TROJAN Vawtrak/NeverQuest Posting Data (trojan.rules)
2019488 - ET CURRENT_EVENTS Angler EK Oct 22 2014 (current_events.rules)
2804644 - ETPRO TROJAN Email-Worm.Win32.Brontok.n Checkin (trojan.rules)
2806577 - ETPRO TROJAN DarkComet-RAT init connection 2 (trojan.rules)
2806580 - ETPRO TROJAN DarkComet-RAT server join acknowledgement 3 (trojan.rules)
2807012 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.i Checkin 2 (mobile_malware.rules)
[---] Removed rules: [---] 2018505 - ET CURRENT_EVENTS food.com compromise hostile JavaScript gate (current_events.rules)
2808864 - ETPRO MOBILE_MALWARE Android/InfoStealer.BL Checkin via SMTP (mobile_malware.rules)
Date: 
Thursday, October 23, 2014 - 22:00