Daily Ruleset Update Summary 10/09/2014

[***] Summary: [***]

11 new Open signatures, 21 new Pro (11 + 10). Various Android, Ursnif, Twiki RCE, Neverquest.

Thanks: Seth Elo, vlintelligence, John Babio, Jake Warren and @rmkml.

[+++] Added rules: [+++]

Open:

2019376 – ET CURRENT_EVENTS Napolar SSL Cert Oct 9 2014 (current_events.rules)
2019377 – ET TROJAN Win32/Ursnif Checkin (trojan.rules)
2019378 – ET TROJAN Win32/PSW.Papras.CK Checkin (trojan.rules)
2019379 – ET TROJAN Win32/PSW.Papras.CK file upload (trojan.rules)
2019380 – ET TROJAN Gozi/Ursnif/Papras Connectivity Check (trojan.rules)
2019381 – ET TROJAN Win32/Ursnif Connectivity Check (trojan.rules)
2019382 – ET CURRENT_EVENTS Win32/Zbot SSL Cert Oct 9 2014 (current_events.rules)
2019383 – ET POLICY gogo6/Freenet6 Authentication Attempt (policy.rules)
2019384 – ET TROJAN Neverquest Request URI Struct (trojan.rules)
2019385 – ET CURRENT_EVENTS Possible TWiki RCE attempt (current_events.rules)
2019386 – ET CURRENT_EVENTS Possible TWiki Apache config file upload attempt (current_events.rules)

Pro:

2808959 – ETPRO DOS Unknown (hello) (dos.rules)
2808960 – ETPRO MOBILE_MALWARE Android.Monitor.Pdaspy.A Checkin (mobile_malware.rules)
2808961 – ETPRO TROJAN Mal/Emogen-R Checkin (trojan.rules)
2808962 – ETPRO MOBILE_MALWARE Android/Pholoc.C Checkin (mobile_malware.rules)
2808963 – ETPRO MOBILE_MALWARE Android/Pholoc.C Checkin 2 (mobile_malware.rules)
2808964 – ETPRO POLICY what-is-my-ip.net IP Check (policy.rules)
2808965 – ETPRO TROJAN Win32/Bronzestatuen Checkin (trojan.rules)
2808966 – ETPRO MOBILE_MALWARE Android.Monitor.Spy2mobile.A Checkin (mobile_malware.rules)
2808967 – ETPRO MOBILE_MALWARE Android/Spyinfo.A Checkin (mobile_malware.rules)
2808968 – ETPRO MOBILE_MALWARE Android/Spyinfo.A Checkin 2 (mobile_malware.rules)
[///] Modified active rules: [///]

2000596 – ET MALWARE Gator/Claria Data Submission (malware.rules)
2002858 – ET MALWARE Fun Web Products StationaryChooser Spyware (malware.rules)
2018336 – ET TROJAN Asprox Fake Ximian Evolution X-Mailer Header (XimianEvolution1.4.6) (trojan.rules)
2019286 – ET TROJAN Job314 EK Payload Checkin (trojan.rules)
2019365 – ET WEB_SPECIFIC_APPS Bugzilla token.cgi HPP e-mail validation bypass Attempt Client Body (web_specific_apps.rules)
2019375 – ET CURRENT_EVENTS Possible Sweet Orange redirection Oct 8 2014 (current_events.rules)
2806675 – ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Antammi.a Checkin (mobile_malware.rules)
2807930 – ETPRO TROJAN Win32.Boaxxe Trojan Checkin (trojan.rules)
2808102 – ETPRO MOBILE_MALWARE Android/Uten.A Checkin (mobile_malware.rules)
2808944 – ETPRO TROJAN Win32/Comame Checkin (trojan.rules)
[---] Removed rules: [---]

2007865 – ET MALWARE Winreanimator.com Fake AV Install Attempt (malware.rules)
2019351 – ET CURRENT_EVENTS Possible Sweet Orange Secondary Landing (current_events.rules)
2019356 – ET TROJAN W32/SpyClicker.ClickFraud Click CnC Beacon (trojan.rules)
2803297 – ETPRO TROJAN Win32/Hupigon.FI Checkin (trojan.rules)
2805454 – ETPRO TROJAN BackDoor.Pigeon.45938/Hupigon Checkin (trojan.rules)
2805457 – ETPRO TROJAN Backdoor.Win32.Hupigon.BV Checkin (trojan.rules)
2807443 – ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Svpeng.a Checkin (mobile_malware.rules)
2808397 – ETPRO TROJAN Gozi/Ursnif/Papras Connectivity Check (trojan.rules)
2808537 – ETPRO TROJAN Win32/PSW.Papras.CK file upload (trojan.rules)
2808547 – ETPRO TROJAN Win32/Ursnif Connectivity Check (trojan.rules)
2808578 – ETPRO TROJAN Win32/PSW.Papras.CK Checkin (trojan.rules)

The post Daily Ruleset Update Summary 10/09/2014 appeared first on Emerging Threats.