Sourcefire VRT Rules Update

Date: 2009-05-05

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.

The format of the file is:

sid - Message (rule group, priority)

New rules:
15481 <-> SPECIFIC-THREATS Zbot malware config file download request (specific-threats.rules, High)
15482 <-> EXPLOIT Sun Java System sockd authentication buffer overflow attempt (exploit.rules, High)
15483 <-> WEB-MISC Adobe Shockwave Flash file request (web-misc.rules, Low)
15484 <-> IMAP CRAM-MD5 authentication method buffer overflow (imap.rules, High)
15485 <-> SPECIFIC-THREATS IBM Lotus Notes DOC attachment viewer buffer overflow (specific-threats.rules, High)
15486 <-> BACKDOOR Kraken command and control server search attempt (backdoor.rules, High)
15487 <-> MULTIMEDIA Apple QuickTime SMIL qtnext redirect file execution attempt (multimedia.rules, High)
15488 <-> SPECIFIC-THREATS Oracle Database Application Express Component APEX password hash disclosure attempt (specific-threats.rules, Medium)
15489 <-> CHAT Cerulean Studios Trillian image filename handling XML tag overflow attempt (chat.rules, High)
15490 <-> BAD-TRAFFIC Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt (bad-traffic.rules, High)
15491 <-> EXPLOIT Subversion 1.0.2 dated-rev-report buffer overflow attempt (exploit.rules, High)
15492 <-> SPECIFIC-THREATS Adobe PDF spell.customDictionaryOpen exploit attempt (specific-threats.rules, High)
15493 <-> SPECIFIC-THREATS Adobe PDF getAnnots exploit attempt (specific-threats.rules, High)

Updated rules:
1497 <-> DELETED WEB-MISC cross site scripting attempt (deleted.rules, High)
2421 <-> MULTIMEDIA realplayer .smi playlist download attempt (multimedia.rules, Low)
14601 <-> EXPLOIT Subversion 1.0.2 get-dated-rev buffer overflow attempt (exploit.rules, High)