Sourcefire VRT Rules Update

Date: 2007-11-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.6.

The format of the file is:

sid - Message (rule group)

New rules:
12692 <-> SMTP RCPT TO IPSwitch proxy overflow attempt (smtp.rules)
12714 <-> WEB-CLIENT WebEx GPCContainer ActiveX clsid access (web-client.rules)
12715 <-> WEB-CLIENT WebEx GPCContainer ActiveX clsid unicode access (web-client.rules)
12716 <-> WEB-CLIENT WebEx GPCContainer ActiveX function call access (web-client.rules)
12717 <-> WEB-CLIENT WebEx GPCContainer ActiveX function call unicode access (web-client.rules)
12718 <-> SPYWARE-PUT Hijacker side find 1.0 runtime detection - initial connection (spyware-put.rules)
12719 <-> SPYWARE-PUT Hijacker side find 1.0 runtime detection - hijacks search engine (spyware-put.rules)
12720 <-> SPYWARE-PUT Adware pestbot runtime detection - update (spyware-put.rules)
12721 <-> SPYWARE-PUT Adware pestbot runtime detection - purchase (spyware-put.rules)
12722 <-> SPYWARE-PUT Hijacker sexyvideoscreensaver runtime detection (spyware-put.rules)
12723 <-> SPYWARE-PUT Trackware winzix 2.2.0 runtime detection (spyware-put.rules)
12724 <-> BACKDOOR dark moon 4.11 runtime detection (backdoor.rules)
12725 <-> BACKDOOR dark moon 4.11 runtime detection (backdoor.rules)
12726 <-> BACKDOOR bandook 1.35 runtime detection (backdoor.rules)
12727 <-> BACKDOOR bandook 1.35 runtime detection (backdoor.rules)
12728 <-> WEB-CLIENT RealNetworks SMIL wallclock stack overflow attempt (web-client.rules)
12729 <-> WEB-CLIENT AOL Radio AmpX ActiveX clsid access (web-client.rules)
12730 <-> WEB-CLIENT AOL Radio AmpX ActiveX clsid unicode access (web-client.rules)
12731 <-> WEB-CLIENT AOL Radio AmpX ActiveX function call access (web-client.rules)
12732 <-> WEB-CLIENT AOL Radio AmpX ActiveX function call unicode access (web-client.rules)
12733 <-> WEB-CLIENT ComponentOne FlexGrid ActiveX clsid access (web-client.rules)
12734 <-> WEB-CLIENT ComponentOne FlexGrid ActiveX clsid unicode access (web-client.rules)
12735 <-> WEB-CLIENT ComponentOne FlexGrid ActiveX function call access (web-client.rules)
12736 <-> WEB-CLIENT ComponentOne FlexGrid ActiveX function call unicode access (web-client.rules)
12737 <-> WEB-CLIENT Xunlei Thunder PPLAYER.DLL ActiveX clsid access (web-client.rules)
12738 <-> WEB-CLIENT Xunlei Thunder PPLAYER.DLL ActiveX clsid unicode access (web-client.rules)
12739 <-> WEB-CLIENT Xunlei Thunder PPLAYER.DLL ActiveX function call access (web-client.rules)
12740 <-> WEB-CLIENT Xunlei Thunder PPLAYER.DLL ActiveX function call unicode access (web-client.rules)
12741 <-> EXPLOIT Apple Quicktime TCP RTSP sdp type buffer overflow attempt (exploit.rules)