Sourcefire VRT Rules Update

Date: 2009-02-03

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.7.

The format of the file is:

sid - Message (rule group, priority)

New rules:
15292 <-> CHAT QQ protocol detected - version 2006 (chat.rules, High)
15293 <-> CHAT QQ protocol detected - version 2008 (chat.rules, High)
15294 <-> WEB-CLIENT Microsoft Visio file download request (web-client.rules, Low)
15295 <-> SPECIFIC-THREATS Trojan.Bankpatch.C configuration attempt (specific-threats.rules, High)
15296 <-> SPECIFIC-THREATS Trojan.Bankpatch.C malicious file download attempt (specific-threats.rules, High)
15297 <-> SPECIFIC-THREATS Trojan.Bankpatch.C report home attempt (specific-threats.rules, High)