VRT Advisories


September 2012 Archive

VRT Rules 2012-09-27

Sourcefire VRT Rules Update

Date: 2012-09-27

Synopsis:

This release adds and modifies rules in several categories.

Details:

The Sourcefire VRT has added and modified multiple rules in the browser-ie, indicator-compromise, malware-cnc and web-php rule sets to provide coverage for emerging threats from these technologies.

Rule Pack Summary:

For a complete list of new and modified rules, click here.

Warning:

Sourcefire VRT rule packs often utilize enhancements made to Snort. Operators should upgrade to the latest revision or patch level for Snort to ensure these enhancements are available before using these rules.

About the VRT:

The Sourcefire VRT is a group of leading edge intrusion detection and prevention experts working to proactively discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities. This team is also supported by the vast resources of the open source Snort community, making it the largest group dedicated to advances in the network security industry.

why subscribe? || download rules

Posted by on Sep 27, 2012



VRT Rules 2012-09-25

Sourcefire VRT Rules Update

Date: 2012-09-25

Synopsis:

This release adds and modifies rules in several categories.

Details:

The Sourcefire VRT has added and modified multiple rules in the browser-firefox, browser-ie, exploit-kit, file-flash, file-office, file-other, malware-cnc, malware-other, misc, voip and web-misc rule sets to provide coverage for emerging threats from these technologies.

Rule Pack Summary:

For a complete list of new and modified rules, click here.

Warning:

Sourcefire VRT rule packs often utilize enhancements made to Snort. Operators should upgrade to the latest revision or patch level for Snort to ensure these enhancements are available before using these rules.

About the VRT:

The Sourcefire VRT is a group of leading edge intrusion detection and prevention experts working to proactively discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities. This team is also supported by the vast resources of the open source Snort community, making it the largest group dedicated to advances in the network security industry.

why subscribe? || download rules

Posted by on Sep 25, 2012



VRT Rules 2012-09-21

Sourcefire VRT Rules Update

Date: 2012-09-21

Synopsis:

This release adds and modifies rules in several categories.

Details:

The Sourcefire VRT has added and modified multiple rules in the browser-ie, exploit, exploit-kit, file-identify, file-multimedia, file-other, malware-cnc and web-misc rule sets to provide coverage for emerging threats from these technologies.

Rule Pack Summary:

For a complete list of new and modified rules, click here.

Warning:

Sourcefire VRT rule packs often utilize enhancements made to Snort. Operators should upgrade to the latest revision or patch level for Snort to ensure these enhancements are available before using these rules.

About the VRT:

The Sourcefire VRT is a group of leading edge intrusion detection and prevention experts working to proactively discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities. This team is also supported by the vast resources of the open source Snort community, making it the largest group dedicated to advances in the network security industry.

why subscribe? || download rules

Posted by on Sep 21, 2012



VRT Rules 2012-09-18

Sourcefire VRT Rules Update

Date: 2012-09-18

Synopsis:

This release adds and modifies rules in several categories.

Details:

The Sourcefire VRT has added and modified multiple rules in the browser-ie, exploit-kit, file-identify and malware-cnc rule sets to provide coverage for emerging threats from these technologies.

Rule Pack Summary:

For a complete list of new and modified rules, click here.

Warning:

Sourcefire VRT rule packs often utilize enhancements made to Snort. Operators should upgrade to the latest revision or patch level for Snort to ensure these enhancements are available before using these rules.

About the VRT:

The Sourcefire VRT is a group of leading edge intrusion detection and prevention experts working to proactively discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities. This team is also supported by the vast resources of the open source Snort community, making it the largest group dedicated to advances in the network security industry.

why subscribe? || download rules

Posted by on Sep 18, 2012



VRT Rules 2012-09-17

Sourcefire VRT Rules Update

Date: 2012-09-17

Synopsis:

This release adds and modifies rules in several categories.

Details:

The Sourcefire VRT has added and modified multiple rules in the blacklist, browser-firefox, browser-ie, file-identify, file-image, file-office, file-other, malware-backdoor, malware-cnc, sql, web-activex and web-php rule sets to provide coverage for emerging threats from these technologies.

Rule Pack Summary:

For a complete list of new and modified rules, click here.

Warning:

Sourcefire VRT rule packs often utilize enhancements made to Snort. Operators should upgrade to the latest revision or patch level for Snort to ensure these enhancements are available before using these rules.

About the VRT:

The Sourcefire VRT is a group of leading edge intrusion detection and prevention experts working to proactively discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities. This team is also supported by the vast resources of the open source Snort community, making it the largest group dedicated to advances in the network security industry.

why subscribe? || download rules

Posted by on Sep 17, 2012



VRT Rules 2012-09-13

Sourcefire VRT Rules Update

Date: 2012-09-13

Synopsis:

This release adds and modifies rules in several categories.

Details:

The Sourcefire VRT has added and modified multiple rules in the blacklist, exploit-kit, file-flash, file-identify, file-other, file-pdf, indicator-obfuscation, malware-cnc, malware-other and web-misc rule sets to provide coverage for emerging threats from these technologies.

Rule Pack Summary:

For a complete list of new and modified rules, click here.

Warning:

Sourcefire VRT rule packs often utilize enhancements made to Snort. Operators should upgrade to the latest revision or patch level for Snort to ensure these enhancements are available before using these rules.

About the VRT:

The Sourcefire VRT is a group of leading edge intrusion detection and prevention experts working to proactively discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities. This team is also supported by the vast resources of the open source Snort community, making it the largest group dedicated to advances in the network security industry.

why subscribe? || download rules

Posted by on Sep 13, 2012



VRT Rules 2012-09-11

Sourcefire VRT Rules Update

Date: 2012-09-11

Synopsis:

This release adds and modifies rules in several categories.

Details:

The Sourcefire VRT has added and modified multiple rules in the blacklist, browser-ie, exploit-kit, file-identify, file-image, file-multimedia, file-office, file-other, file-pdf, indicator-compromise, indicator-obfuscation, malware-backdoor, malware-cnc, malware-other, misc, mysql, policy-other, policy-social, scada, shellcode, specific-threats, web-activex, web-client and web-php rule sets to provide coverage for emerging threats from these technologies.

Rule Pack Summary:

For a complete list of new and modified rules, click here.

Warning:

Sourcefire VRT rule packs often utilize enhancements made to Snort. Operators should upgrade to the latest revision or patch level for Snort to ensure these enhancements are available before using these rules.

About the VRT:

The Sourcefire VRT is a group of leading edge intrusion detection and prevention experts working to proactively discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities. This team is also supported by the vast resources of the open source Snort community, making it the largest group dedicated to advances in the network security industry.

why subscribe? || download rules

Posted by on Sep 11, 2012



VRT Rules 2012-09-06

Sourcefire VRT Rules Update

Date: 2012-09-06

Synopsis:

This release adds and modifies rules in several categories.

Details:

The Sourcefire VRT has added and modified multiple rules in the app-detect, blacklist, browser-firefox, exploit-kit, file-executable, file-identify, file-image, file-multimedia, file-office, file-other, file-pdf, indicator-compromise, malware-backdoor, malware-cnc, malware-other, malware-tools, mysql, netbios, oracle, policy-other, specific-threats, spyware-put, telnet, web-activex, web-client and web-php rule sets to provide coverage for emerging threats from these technologies.

Rule Pack Summary:

For a complete list of new and modified rules, click here.

Warning:

Sourcefire VRT rule packs often utilize enhancements made to Snort. Operators should upgrade to the latest revision or patch level for Snort to ensure these enhancements are available before using these rules.

About the VRT:

The Sourcefire VRT is a group of leading edge intrusion detection and prevention experts working to proactively discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities. This team is also supported by the vast resources of the open source Snort community, making it the largest group dedicated to advances in the network security industry.

why subscribe? || download rules

Posted by on Sep 06, 2012



VRT Rules 2012-09-04

Sourcefire VRT Rules Update

Date: 2012-09-04

Synopsis:

This release adds and modifies rules in several categories.

Details:

The Sourcefire VRT has added and modified multiple rules in the blacklist, browser-chrome, browser-firefox, browser-ie, browser-other, browser-webkit, exploit, exploit-kit, file-executable, file-flash, file-identify, file-image, file-multimedia, file-office, file-other, file-pdf, indicator-compromise, indicator-obfuscation, malware-backdoor, malware-cnc, malware-other, malware-tools, mysql, netbios, policy-other, spyware-put, voip, web-activex, web-client, web-iis and web-php rule sets to provide coverage for emerging threats from these technologies.

Rule Pack Summary:

For a complete list of new and modified rules, click here.

Warning:

Sourcefire VRT rule packs often utilize enhancements made to Snort. Operators should upgrade to the latest revision or patch level for Snort to ensure these enhancements are available before using these rules.

About the VRT:

The Sourcefire VRT is a group of leading edge intrusion detection and prevention experts working to proactively discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities. This team is also supported by the vast resources of the open source Snort community, making it the largest group dedicated to advances in the network security industry.

why subscribe? || download rules

Posted by on Sep 04, 2012