[***] Summary: [***]

10 new Open signatures, 13 new Pro (10 + 3). OSX/WireLurker, Nuclear, Banload.

Thanks: James Lay, @rmkml, pckthck and @malware_traffic.

[+++] Added rules: [+++]

Open:

2019660 - ET TROJAN OSX/WireLurker User-agent (globalupdate) (trojan.rules)
2019661 - ET TROJAN OSX/WireLurker Checkin (trojan.rules)
2019662 - ET TROJAN OSX/WireLurker CnC Beacon (trojan.rules)
2019663 - ET TROJAN OSX/WireLurker CnC Beacon (trojan.rules)
2019664 - ET TROJAN iOS/WireLurker CnC Beacon (trojan.rules)
2019665 - ET TROJAN OSX/WireLurker checkin (trojan.rules)
2019666 - ET TROJAN OSX/WireLurker HTTP Request for www.comeinbaby.com (trojan.rules)
2019667 - ET TROJAN OSX/WireLurker DNS Query Domain www.comeinbaby.com (trojan.rules)
2019668 - ET CURRENT_EVENTS Nuclear SilverLight URI Struct (noalert) (current_events.rules)
2019669 - ET CURRENT_EVENTS Nuclear SilverLight Exploit (current_events.rules)

Pro:

2809128 - ETPRO MALWARE SUSPICIOUS GEO IP Check (Optimizer Pro) (malware.rules)
2809129 - ETPRO MALWARE Adware.Win32.Midia Checkin 2 (malware.rules)
2809130 - ETPRO TROJAN Win32/TrojanDownloader.Banload.UJU Checkin (trojan.rules)
[///] Modified active rules: [///]

2001492 - ET MALWARE ISearchTech.com XXXPornToolbar Activity (MyApp) (malware.rules)
2002038 - ET MALWARE Shopathomeselect.com Spyware User-Agent (WebDownloader) (malware.rules)
2010745 - ET ACTIVEX SoftArtisans XFile FileManager ActiveX stack overfow Function call Attempt (activex.rules)
2010746 - ET ACTIVEX SoftArtisans XFile FileManager ActiveX Buildpath method stack overflow Attempt (activex.rules)
2010747 - ET ACTIVEX SoftArtisans XFile FileManager ActiveX GetDriveName method stack overflow Attempt (activex.rules)
2010748 - ET ACTIVEX SoftArtisans XFile FileManager ActiveX DriveExists method stack overflow Attempt (activex.rules)
2010749 - ET ACTIVEX SoftArtisans XFile FileManager ActiveX DeleteFile method stack overflow Attempt (activex.rules)
2012260 - ET WEB_CLIENT Hex Obfuscation of parseInt % Encoding (web_client.rules)
2012261 - ET WEB_CLIENT Hex Obfuscation of parseInt %u UTF-8 Encoding (web_client.rules)
2012262 - ET WEB_CLIENT Hex Obfuscation of parseInt %u UTF-16 Encoding (web_client.rules)
2012263 - ET WEB_CLIENT Hex Obfuscation of Script Tag % Encoding (web_client.rules)
2013816 - ET WEB_SPECIFIC_APPS Joomla YJ Contact Local File Inclusion Vulnerability (web_specific_apps.rules)
2014355 - ET MALWARE W32/SoftonicDownloader.Adware User Agent (malware.rules)
2014435 - ET TROJAN Infostealer.Banprox Proxy.pac Download (trojan.rules)
2014728 - ET TROJAN Smoke Loader Checkin r=gate (trojan.rules)
2018557 - ET MALWARE PUP Win32.SoftPulse Checkin (malware.rules)
2018933 - ET CURRENT_EVENTS DRIVEBY Archie.EK Landing (current_events.rules)
2019111 - ET WEB_CLIENT Malicious iframe guessing router password 1 (web_client.rules)
2019658 - ET CURRENT_EVENTS Archie EK Exploit SilverLight URI Struct (current_events.rules)
2802828 - ETPRO TROJAN Win32.Fibbit.ax Checkin 1 (trojan.rules)
2805381 - ETPRO CURRENT_EVENTS Rebot JavaScript Injected Site inbound (current_events.rules)
2805872 - ETPRO WEB_CLIENT RealPlayer RealMedia File Handling Buffer Overflow (web_client.rules)

[---] Removed rules: [---]

2808783 - ETPRO TROJAN Win32/Crilock.D SSL Cert (trojan.rules)

Date:
Summary title:
10 new Open signatures, 13 new Pro (10 + 3). OSX/WireLurker, Nuclear, Banload.