Sourcefire VRT Rules Update

Date: 2010-04-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.

The format of the file is:

sid - Message (rule group, priority)

New rules:
16547 <-> WEB-ACTIVEX Java Web Start ActiveX launch command by CLSID (web-activex.rules, High)
16548 <-> WEB-ACTIVEX Java Web Start ActiveX launch command by JavaScript CLSID (web-activex.rules, High)
16549 <-> WEB-CLIENT Oracle JRE Java Platform SE and Java Deployment Toolkit plugins code execution attempt - npruntime-scriptable-plugin (web-client.rules, High)
16550 <-> WEB-CLIENT Oracle JRE Java Platform SE and Java Deployment Toolkit plugins code execution attempt - java-deployment-toolkit (web-client.rules, High)
16551 <-> SPYWARE-PUT Malware contact to server attempt (spyware-put.rules, High)
16552 <-> WEB-CLIENT Adobe .pfb download attempt (web-client.rules, Medium)
16554 <-> WEB-CLIENT Adobe Acrobat JavaScript getIcon method buffer overflow attempt (web-client.rules, High)
16555 <-> WEB-MISC HP Openview Network Node Manager OvAcceptLang overflow attempt (web-misc.rules, High)
16556 <-> SPECIFIC-THREATS 2imaegshack/lmageshack IM worm get request attempt (specific-threats.rules, Low)
16557 <-> SPECIFIC-THREATS 2imaegshack/lmageshack IM worm inbound communication attempt (specific-threats.rules, Low)
16558 <-> SPECIFIC-THREATS SdBot IRC Trojan server to client communication attempt (specific-threats.rules, High)

Updated rules:
1384 <-> MISC UPnP malformed advertisement (misc.rules, Medium)
2329 <-> SQL probe response overflow attempt (sql.rules, High)
7876 <-> WEB-ACTIVEX Microsoft Office Data Source Control 10.0 ActiveX clsid access (web-activex.rules, High)
7877 <-> WEB-ACTIVEX Microsoft Office Data Source Control 10.0 ActiveX clsid unicode access (web-activex.rules, High)
15574 <-> SMTP MAIL FROM command overflow attempt (smtp.rules, High)
16424 <-> WEB-ACTIVEX Windows Script Host Shell Object ActiveX clsid access (web-activex.rules, High)
16450 <-> DELETED SQL Jive Software Openfire Jabber Server SQL injection attempt (deleted.rules, High)
16473 <-> WEB-CLIENT Microsoft Windows Movie Maker project file download request (web-client.rules, Low)
16474 <-> WEB-CLIENT Microsoft Compound File Binary v3 file download (web-client.rules, Low)
16475 <-> WEB-CLIENT Microsoft Compound File Binary v4 file download (web-client.rules, Low)
16476 <-> WEB-CLIENT Microsoft .MSProducer file download request (web-client.rules, Low)
16477 <-> WEB-CLIENT Microsoft .MSProducerZ file download request (web-client.rules, Low)
16478 <-> WEB-CLIENT Microsoft .MSProducerBF file download request (web-client.rules, Low)