Sourcefire VRT Rules Update

Date: 2008-06-24

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.

The format of the file is:

sid - Message (rule group)

New rules:
13847 <-> SPYWARE-PUT Adware phoenician casino runtime detection (spyware-put.rules)
13848 <-> SPYWARE-PUT Trickler zwinky runtime detection (spyware-put.rules)
13849 <-> SPYWARE-PUT Hijacker rcse 4.4 runtime detection - hijack ie browser (spyware-put.rules)
13850 <-> SPYWARE-PUT Adware roogoo 2.0 runtime detection - popup ads (spyware-put.rules)
13851 <-> SPYWARE-PUT Adware roogoo 2.0 runtime detection - upgrade (spyware-put.rules)
13852 <-> SPYWARE-PUT Hijacker bitroll 5.0 runtime detection (spyware-put.rules)
13853 <-> SPYWARE-PUT Hijacker alot toolbar runtime detection - weather request (spyware-put.rules)
13854 <-> SPYWARE-PUT Hijacker alot toolbar runtime detection - auto update (spyware-put.rules)
13855 <-> SPYWARE-PUT Trackware speed runner runtime detection (spyware-put.rules)
13856 <-> BACKDOOR wintrim.z runtime detection (backdoor.rules)
13857 <-> WEB-CLIENT HP Instant Support DataManager ActiveX clsid access (web-client.rules)
13858 <-> WEB-CLIENT HP Instant Support DataManager ActiveX clsid unicode access (web-client.rules)
13859 <-> WEB-CLIENT HP Instant Support DataManager ActiveX function call access (web-client.rules)
13860 <-> WEB-CLIENT HP Instant Support DataManager ActiveX function call unicode access (web-client.rules)
13861 <-> POLICY Habbo chat client avatar control (policy.rules)
13862 <-> POLICY Habbo chat client item information download (policy.rules)
13863 <-> POLICY Habbo chat client successful login (policy.rules)
13864 <-> POLICY Microsoft Watson error reporting attempt (policy.rules)
13865 <-> WEB-CLIENT Adobe BMP image handler buffer overflow attempt (web-client.rules)

Updated rules:
12741 <-> EXPLOIT Apple Quicktime TCP RTSP sdp type buffer overflow attempt (exploit.rules)
12742 <-> EXPLOIT Apple Quicktime UDP RTSP sdp type buffer overflow attempt (exploit.rules)