Sourcefire VRT Rules Update
Date: 2008-07-29
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.6.
The format of the file is:
sid - Message (rule group)
New rules: 13930 <-> SPYWARE-PUT Trickler pc privacy cleaner runtime detection - order/register request (spyware-put.rules) 13931 <-> SPYWARE-PUT Trickler pc privacy cleaner runtime detection - auto update (spyware-put.rules) 13932 <-> SPYWARE-PUT Trackware rightonadz.biz adrotator runtime detection - post user info to remote server (spyware-put.rules) 13933 <-> SPYWARE-PUT Trackware rightonadz.biz adrotator runtime detection - ads (spyware-put.rules) 13934 <-> SPYWARE-PUT Hijacker mediatubecodec 1.470.0 runtime detection - hijack ie (spyware-put.rules) 13935 <-> SPYWARE-PUT Hijacker mediatubecodec 1.470.0 runtime detection - download other malware (spyware-put.rules) 13936 <-> SPYWARE-PUT Trickler dropper agent.rqg runtime detection - call home (spyware-put.rules) 13937 <-> SPYWARE-PUT Hijacker adware.win32.ejik.ec variant runtime detection - call home (spyware-put.rules) 13938 <-> SPYWARE-PUT Hijacker adware.win32.ejik.ec variant runtime detection (spyware-put.rules) 13939 <-> SPYWARE-PUT Hijacker adware.win32.ejik.ec variant runtime detection - auto update (spyware-put.rules) 13940 <-> SPYWARE-PUT Hijacker win32.bho.bgf runtime detection (spyware-put.rules) 13941 <-> BACKDOOR trojan agent.nac runtime detection - click fraud (backdoor.rules) 13942 <-> BACKDOOR trojan agent.nac runtime detection - call home (backdoor.rules) 13943 <-> SPYWARE-PUT Trickler dropper agent.rqg runtime detection (spyware-put.rules) 13944 <-> BACKDOOR trojan downloader small.gy runtime detection - get whitelist (backdoor.rules) 13945 <-> BACKDOOR trojan downloader small.gy runtime detection - update (backdoor.rules) 13948 <-> DNS large number of NXDOMAIN replies - possible DNS cache poisoning (dns.rules) 13949 <-> DNS excessive outbound NXDOMAIN replies - possible spoof of domain run by local DNS servers (dns.rules) 13950 <-> WEB-CLIENT Sun Java Web Start JNLP attribute buffer overflow attempt (web-client.rules) 13952 <-> SPECIFIC-THREATS b.js download - possible Asprox trojan attack (specific-threats.rules) 13953 <-> SPECIFIC-THREATS Asprox trojan initial query (specific-threats.rules) Updated rules: 12592 <-> SMTP ClamAV recipient command injection attempt (smtp.rules)
