Sourcefire VRT Rules Update
Date: 2008-06-24
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.
The format of the file is:
sid - Message (rule group)
New rules: 13847 <-> SPYWARE-PUT Adware phoenician casino runtime detection (spyware-put.rules) 13848 <-> SPYWARE-PUT Trickler zwinky runtime detection (spyware-put.rules) 13849 <-> SPYWARE-PUT Hijacker rcse 4.4 runtime detection - hijack ie browser (spyware-put.rules) 13850 <-> SPYWARE-PUT Adware roogoo 2.0 runtime detection - popup ads (spyware-put.rules) 13851 <-> SPYWARE-PUT Adware roogoo 2.0 runtime detection - upgrade (spyware-put.rules) 13852 <-> SPYWARE-PUT Hijacker bitroll 5.0 runtime detection (spyware-put.rules) 13853 <-> SPYWARE-PUT Hijacker alot toolbar runtime detection - weather request (spyware-put.rules) 13854 <-> SPYWARE-PUT Hijacker alot toolbar runtime detection - auto update (spyware-put.rules) 13855 <-> SPYWARE-PUT Trackware speed runner runtime detection (spyware-put.rules) 13856 <-> BACKDOOR wintrim.z runtime detection (backdoor.rules) 13857 <-> WEB-CLIENT HP Instant Support DataManager ActiveX clsid access (web-client.rules) 13858 <-> WEB-CLIENT HP Instant Support DataManager ActiveX clsid unicode access (web-client.rules) 13859 <-> WEB-CLIENT HP Instant Support DataManager ActiveX function call access (web-client.rules) 13860 <-> WEB-CLIENT HP Instant Support DataManager ActiveX function call unicode access (web-client.rules) 13861 <-> POLICY Habbo chat client avatar control (policy.rules) 13862 <-> POLICY Habbo chat client item information download (policy.rules) 13863 <-> POLICY Habbo chat client successful login (policy.rules) 13864 <-> POLICY Microsoft Watson error reporting attempt (policy.rules) 13865 <-> WEB-CLIENT Adobe BMP image handler buffer overflow attempt (web-client.rules) Updated rules: 12741 <-> EXPLOIT Apple Quicktime TCP RTSP sdp type buffer overflow attempt (exploit.rules) 12742 <-> EXPLOIT Apple Quicktime UDP RTSP sdp type buffer overflow attempt (exploit.rules)
