Sourcefire VRT Rules Update
Date: 2009-11-23
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.
The format of the file is:
sid - Message (rule group, priority)
New rules: 16302 <-> SPECIFIC-THREATS Virut DNS request for C&C attempt (specific-threats.rules, High) 16303 <-> SPECIFIC-THREATS Virut DNS request attempt (specific-threats.rules, High) 16304 <-> SPECIFIC-THREATS Virut DNS request attempt (specific-threats.rules, High) 16305 <-> WEB-ACTIVEX Symantec Altiris Deployment Solution ActiveX clsid access (web-activex.rules, High) 16306 <-> WEB-ACTIVEX Symantec Altiris Deployment Solution ActiveX clsid unicode access (web-activex.rules, High) 16307 <-> WEB-ACTIVEX Symantec Altiris Deployment Solution ActiveX function call access (web-activex.rules, High) 16308 <-> WEB-ACTIVEX Symantec Altiris Deployment Solution ActiveX function call unicode access (web-activex.rules, High) 16309 <-> ORACLE auth_sesskey buffer overflow attempt (oracle.rules, High) 16310 <-> WEB-CLIENT IE 6/7 outerHTML invalid reference arbitrary code execution attempt (web-client.rules, High) Updated rules: 16244 <-> BACKDOOR rogue software xp police antivirus runtime detection - purchase (backdoor.rules, High) 16245 <-> BACKDOOR rogue software xp police antivirus install-timedetection (backdoor.rules, High) 16246 <-> BACKDOOR rogue software spyware protect 2009 runtime detection - purchase request (backdoor.rules, High) 16247 <-> BACKDOOR rogue software spyware protect 2009 runtime detection - block (backdoor.rules, High) 16248 <-> BACKDOOR rogue software ms antispyware 2009 runtime detection - start (backdoor.rules, High) 16249 <-> BACKDOOR rogue software ms antispyware 2009 runtime detection - pay (backdoor.rules, High) 16250 <-> BACKDOOR rogue software win pc defender runtime detection (backdoor.rules, High) 16251 <-> BACKDOOR rogue software win pc defender installtime detection (backdoor.rules, High) 16252 <-> BACKDOOR rogue software pro antispyware 2009 runtime detection - purchase (backdoor.rules, High) 16253 <-> BACKDOOR rogue software system security 2009 runtime detection (backdoor.rules, High) 16254 <-> BACKDOOR rogue software system security 2009 installtime detection (backdoor.rules, High) 16255 <-> BACKDOOR rogue software system security 2009 installtime detection (backdoor.rules, High) 16256 <-> BACKDOOR rogue software coreguard antivirus 2009 runtime detection (backdoor.rules, High) 16257 <-> BACKDOOR rogue software perfect defender 2009 runtime detection - update (backdoor.rules, High) 16258 <-> BACKDOOR rogue software perfect defender 2009 runtime detection - purchase (backdoor.rules, High) 16259 <-> BACKDOOR rogue software antivirusdoktor2009 runtime detection (backdoor.rules, High) 16260 <-> BACKDOOR rogue software xp antivirus protection runtime detection - installation (backdoor.rules, High) 16261 <-> BACKDOOR rogue software xp antivirus protection runtime detection - runtime (backdoor.rules, High) 16262 <-> BACKDOOR rogue software xp-shield runtime detection (backdoor.rules, High) 16263 <-> BACKDOOR rogue software xp-shield runtime detection - installation (backdoor.rules, High) 16266 <-> BACKDOOR rogue software pc antispyware 2010 runtime detection - buy (backdoor.rules, High) 16267 <-> BACKDOOR rogue software pc antispyware 2010 runtime detection - files (backdoor.rules, High)
