Snort :: Changes 2009-02-03

Sourcefire VRT Rules Update

Date: 2009-02-03

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.
The format of the file is:
sid - Message (rule group, priority)
New rules:
15228 <-> WEB-ACTIVEX Ciansoft PDFBuilderX ActiveX clsid access (web-activex.rules, High)
15229 <-> WEB-ACTIVEX Ciansoft PDFBuilderX ActiveX clsid unicode access (web-activex.rules, High)
15230 <-> WEB-ACTIVEX Office Viewer 2 ActiveX clsid access (web-activex.rules, High)
15231 <-> WEB-ACTIVEX Office Viewer 2 ActiveX clsid unicode access (web-activex.rules, High)
15232 <-> WEB-ACTIVEX Easy Grid ActiveX clsid access (web-activex.rules, High)
15233 <-> WEB-ACTIVEX Easy Grid ActiveX clsid unicode access (web-activex.rules, High)
15234 <-> WEB-ACTIVEX Easy Grid ActiveX function call access (web-activex.rules, High)
15235 <-> WEB-ACTIVEX Easy Grid ActiveX function call unicode access (web-activex.rules, High)
15243 <-> WEB-ACTIVEX AXIS Camera ActiveX clsid access (web-activex.rules, High)
15244 <-> WEB-ACTIVEX AXIS Camera ActiveX clsid unicode access (web-activex.rules, High)
15245 <-> WEB-ACTIVEX AXIS Camera ActiveX function call access (web-activex.rules, High)
15246 <-> WEB-ACTIVEX AXIS Camera ActiveX function call unicode access (web-activex.rules, High)
15247 <-> WEB-ACTIVEX JamDTA ActiveX clsid access (web-activex.rules, High)
15248 <-> WEB-ACTIVEX JamDTA ActiveX clsid unicode access (web-activex.rules, High)
15249 <-> WEB-ACTIVEX SmartVMD ActiveX clsid access (web-activex.rules, High)
15250 <-> WEB-ACTIVEX SmartVMD ActiveX clsid unicode access (web-activex.rules, High)
15251 <-> WEB-ACTIVEX MetaProducts MetaTreeX ActiveX clsid access (web-activex.rules, High)
15252 <-> WEB-ACTIVEX MetaProducts MetaTreeX ActiveX clsid unicode access (web-activex.rules, High)
15253 <-> WEB-ACTIVEX MetaProducts MetaTreeX ActiveX function call access (web-activex.rules, High)
15254 <-> WEB-ACTIVEX MetaProducts MetaTreeX ActiveX function call unicode access (web-activex.rules, High)
15265 <-> WEB-ACTIVEX NCTAudioFile2 ActiveX function call unicode access (web-activex.rules, High)
15266 <-> WEB-ACTIVEX MW6 Technologies Barcode ActiveX clsid access (web-activex.rules, High)
15267 <-> WEB-ACTIVEX MW6 Technologies Barcode ActiveX clsid unicode access (web-activex.rules, High)
15268 <-> WEB-ACTIVEX MW6 Technologies Barcode ActiveX function call access (web-activex.rules, High)
15269 <-> WEB-ACTIVEX MW6 Technologies Barcode ActiveX function call unicode access (web-activex.rules, High)
15270 <-> WEB-ACTIVEX MW6 Technologies PDF417 ActiveX clsid access (web-activex.rules, High)
15271 <-> WEB-ACTIVEX MW6 Technologies PDF417 ActiveX clsid unicode access (web-activex.rules, High)
15272 <-> WEB-ACTIVEX MW6 Technologies PDF417 ActiveX function call access (web-activex.rules, High)
15273 <-> WEB-ACTIVEX MW6 Technologies PDF417 ActiveX function call unicode access (web-activex.rules, High)
15274 <-> WEB-ACTIVEX MW6 Technologies DataMatrix ActiveX clsid access (web-activex.rules, High)
15275 <-> WEB-ACTIVEX MW6 Technologies DataMatrix ActiveX clsid unicode access (web-activex.rules, High)
15276 <-> WEB-ACTIVEX MW6 Technologies DataMatrix ActiveX function call access (web-activex.rules, High)
15277 <-> WEB-ACTIVEX MW6 Technologies DataMatrix ActiveX function call unicode access (web-activex.rules, High)
15278 <-> WEB-ACTIVEX MW6 Technologies Aztec ActiveX clsid access (web-activex.rules, High)
15279 <-> WEB-ACTIVEX MW6 Technologies Aztec ActiveX clsid unicode access (web-activex.rules, High)
15280 <-> WEB-ACTIVEX MW6 Technologies Aztec ActiveX function call access (web-activex.rules, High)
15281 <-> WEB-ACTIVEX MW6 Technologies Aztec ActiveX function call unicode access (web-activex.rules, High)
15282 <-> WEB-ACTIVEX FlexCell Grid ActiveX clsid access (web-activex.rules, High)
15283 <-> WEB-ACTIVEX FlexCell Grid ActiveX clsid unicode access (web-activex.rules, High)
15284 <-> WEB-ACTIVEX NCTAudioGrabber2 ActiveX clsid access (web-activex.rules, High)
15285 <-> WEB-ACTIVEX NCTAudioGrabber2 ActiveX clsid unicode access (web-activex.rules, High)
15286 <-> WEB-ACTIVEX NCTAudioGrabber2 ActiveX function call access (web-activex.rules, High)
15287 <-> WEB-ACTIVEX NCTAudioGrabber2 ActiveX function call unicode access (web-activex.rules, High)
15288 <-> WEB-ACTIVEX NCTAudioInformation2 ActiveX clsid access (web-activex.rules, High)
15289 <-> WEB-ACTIVEX NCTAudioInformation2 ActiveX clsid unicode access (web-activex.rules, High)
15290 <-> WEB-ACTIVEX NCTAudioInformation2 ActiveX function call access (web-activex.rules, High)
15291 <-> WEB-ACTIVEX NCTAudioInformation2 ActiveX function call unicode access (web-activex.rules, High)
15292 <-> CHAT QQ protocol detected - version 2006 (chat.rules, High)
15293 <-> CHAT QQ protocol detected - version 2008 (chat.rules, High)
15294 <-> WEB-CLIENT Microsoft Visio file download request (web-client.rules, Low)
15295 <-> SPECIFIC-THREATS Trojan.Bankpatch.C configuration attempt (specific-threats.rules, High)
15296 <-> SPECIFIC-THREATS Trojan.Bankpatch.C malicious file download attempt (specific-threats.rules, High)
15297 <-> SPECIFIC-THREATS Trojan.Bankpatch.C report home attempt (specific-threats.rules, High)
Snort

Sourcefire VRT Rules Update

Date: 2009-02-03

Snort Links

Community

Sourcefire
