Sourcefire VRT Rules Update

Date: 2009-11-23

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.

The format of the file is:

sid - Message (rule group, priority)

New rules:
16302 <-> SPECIFIC-THREATS Virut DNS request for C&C attempt (specific-threats.rules, High)
16303 <-> SPECIFIC-THREATS Virut DNS request attempt (specific-threats.rules, High)
16304 <-> SPECIFIC-THREATS Virut DNS request attempt (specific-threats.rules, High)
16305 <-> WEB-ACTIVEX Symantec Altiris Deployment Solution ActiveX clsid access (web-activex.rules, High)
16306 <-> WEB-ACTIVEX Symantec Altiris Deployment Solution ActiveX clsid unicode access (web-activex.rules, High)
16307 <-> WEB-ACTIVEX Symantec Altiris Deployment Solution ActiveX function call access (web-activex.rules, High)
16308 <-> WEB-ACTIVEX Symantec Altiris Deployment Solution ActiveX function call unicode access (web-activex.rules, High)
16309 <-> ORACLE auth_sesskey buffer overflow attempt (oracle.rules, High)
16310 <-> WEB-CLIENT IE 6/7 outerHTML invalid reference arbitrary code execution attempt (web-client.rules, High)

Updated rules:
16244 <-> BACKDOOR rogue software xp police antivirus runtime detection - purchase (backdoor.rules, High)
16245 <-> BACKDOOR rogue software xp police antivirus install-timedetection (backdoor.rules, High)
16246 <-> BACKDOOR rogue software spyware protect 2009 runtime detection - purchase request (backdoor.rules, High)
16247 <-> BACKDOOR rogue software spyware protect 2009 runtime detection - block (backdoor.rules, High)
16248 <-> BACKDOOR rogue software ms antispyware 2009 runtime detection - start (backdoor.rules, High)
16249 <-> BACKDOOR rogue software ms antispyware 2009 runtime detection - pay (backdoor.rules, High)
16250 <-> BACKDOOR rogue software win pc defender runtime detection (backdoor.rules, High)
16251 <-> BACKDOOR rogue software win pc defender installtime detection (backdoor.rules, High)
16252 <-> BACKDOOR rogue software pro antispyware 2009 runtime detection - purchase (backdoor.rules, High)
16253 <-> BACKDOOR rogue software system security 2009 runtime detection (backdoor.rules, High)
16254 <-> BACKDOOR rogue software system security 2009 installtime detection (backdoor.rules, High)
16255 <-> BACKDOOR rogue software system security 2009 installtime detection (backdoor.rules, High)
16256 <-> BACKDOOR rogue software coreguard antivirus 2009 runtime detection (backdoor.rules, High)
16257 <-> BACKDOOR rogue software perfect defender 2009 runtime detection - update (backdoor.rules, High)
16258 <-> BACKDOOR rogue software perfect defender 2009 runtime detection - purchase (backdoor.rules, High)
16259 <-> BACKDOOR rogue software antivirusdoktor2009 runtime detection (backdoor.rules, High)
16260 <-> BACKDOOR rogue software xp antivirus protection runtime detection - installation (backdoor.rules, High)
16261 <-> BACKDOOR rogue software xp antivirus protection runtime detection - runtime (backdoor.rules, High)
16262 <-> BACKDOOR rogue software xp-shield runtime detection (backdoor.rules, High)
16263 <-> BACKDOOR rogue software xp-shield runtime detection - installation (backdoor.rules, High)
16266 <-> BACKDOOR rogue software pc antispyware 2010 runtime detection - buy (backdoor.rules, High)
16267 <-> BACKDOOR rogue software pc antispyware 2010 runtime detection - files (backdoor.rules, High)