Sourcefire VRT Rules Update
Date: 2010-04-29
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.
The format of the file is:
sid - Message (rule group, priority)
Updated rules: 5830 <-> DELETED SPYWARE-PUT Hijacker comet systems runtime detection - track activity (deleted.rules, Low) 5831 <-> DELETED SPYWARE-PUT Hijacker comet systems runtime detection - update requests (deleted.rules, Low) 5832 <-> DELETED SPYWARE-PUT Hijacker comet systems runtime search detection - search request 1 (deleted.rules, Low) 5833 <-> DELETED SPYWARE-PUT Hijacker comet systems runtime search detection - search request 2 (deleted.rules, Low) 6228 <-> DELETED SPYWARE-PUT Adware exact.bargainbuddy runtime detection - disclaimer text (deleted.rules, Low) 6250 <-> SPYWARE-PUT Adware hotbar runtime detection - hotbar user-agent (spyware-put.rules, Low) 6251 <-> SPYWARE-PUT Adware hotbar runtime detection - hostie user-agent (spyware-put.rules, Low) 6343 <-> SPYWARE-PUT Adware targetsaver runtime detection (spyware-put.rules, Low) 6376 <-> SPYWARE-PUT Hijacker girafa toolbar - toolbar update (spyware-put.rules, Low) 6482 <-> SPYWARE-PUT Hijacker makemesearch toolbar runtime detection - get info (spyware-put.rules, Low) 7126 <-> SPYWARE-PUT Hijacker trojan proxy atiup runtime detection - notification (spyware-put.rules, Low) 12277 <-> EXPLOIT Microsoft IE CSS memory corruption exploit (exploit.rules, High) 13901 <-> NETBIOS SMB server response heap overflow attempt (netbios.rules, High) 15481 <-> SPECIFIC-THREATS Zeus/Zbot malware config file download request (specific-threats.rules, High) 16136 <-> SPYWARE-PUT Hijacker xp antispyware 2009 runtime detection - pre-sale webpage (spyware-put.rules, Low) 16141 <-> SPECIFIC-THREATS Kaspersky Online Scanner trojaned Dll download attempt (specific-threats.rules, High) 16362 <-> SPECIFIC-THREATS SpyForms malware call home attempt (specific-threats.rules, High) 16450 <-> DELETED SQL Jive Software Openfire Jabber Server SQL injection attempt (deleted.rules, High) 16484 <-> SPECIFIC-THREATS Koobface contact to C&C server attempt (specific-threats.rules, Low) 16485 <-> SPECIFIC-THREATS Koobface request for captcha attempt (specific-threats.rules, Low) 16556 <-> SPECIFIC-THREATS 2imaegshack/lmageshack IM worm get request attempt (specific-threats.rules, Low)
