Sourcefire VRT Rules Update

Date: 2010-04-29

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.

The format of the file is:

sid - Message (rule group, priority)

Updated rules:
5830 <-> DELETED SPYWARE-PUT Hijacker comet systems runtime detection - track activity (deleted.rules, Low)
5831 <-> DELETED SPYWARE-PUT Hijacker comet systems runtime detection - update requests (deleted.rules, Low)
5832 <-> DELETED SPYWARE-PUT Hijacker comet systems runtime search detection - search request 1 (deleted.rules, Low)
5833 <-> DELETED SPYWARE-PUT Hijacker comet systems runtime search detection - search request 2 (deleted.rules, Low)
6228 <-> DELETED SPYWARE-PUT Adware exact.bargainbuddy runtime detection - disclaimer text (deleted.rules, Low)
6250 <-> SPYWARE-PUT Adware hotbar runtime detection - hotbar user-agent (spyware-put.rules, Low)
6251 <-> SPYWARE-PUT Adware hotbar runtime detection - hostie user-agent (spyware-put.rules, Low)
6343 <-> SPYWARE-PUT Adware targetsaver runtime detection (spyware-put.rules, Low)
6376 <-> SPYWARE-PUT Hijacker girafa toolbar - toolbar update (spyware-put.rules, Low)
6482 <-> SPYWARE-PUT Hijacker makemesearch toolbar runtime detection - get info (spyware-put.rules, Low)
7126 <-> SPYWARE-PUT Hijacker trojan proxy atiup runtime detection - notification (spyware-put.rules, Low)
12277 <-> EXPLOIT Microsoft IE CSS memory corruption exploit (exploit.rules, High)
13901 <-> NETBIOS SMB server response heap overflow attempt (netbios.rules, High)
15481 <-> SPECIFIC-THREATS Zeus/Zbot malware config file download request (specific-threats.rules, High)
16136 <-> SPYWARE-PUT Hijacker xp antispyware 2009 runtime detection - pre-sale webpage (spyware-put.rules, Low)
16141 <-> SPECIFIC-THREATS Kaspersky Online Scanner trojaned Dll download attempt (specific-threats.rules, High)
16362 <-> SPECIFIC-THREATS SpyForms malware call home attempt (specific-threats.rules, High)
16450 <-> DELETED SQL Jive Software Openfire Jabber Server SQL injection attempt (deleted.rules, High)
16484 <-> SPECIFIC-THREATS Koobface contact to C&C server attempt (specific-threats.rules, Low)
16485 <-> SPECIFIC-THREATS Koobface request for captcha attempt (specific-threats.rules, Low)
16556 <-> SPECIFIC-THREATS 2imaegshack/lmageshack IM worm get request attempt (specific-threats.rules, Low)