Sourcefire VRT Rules Update

Date: 2011-01-11

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.6.1.

The format of the file is:

sid - Message (rule group, priority)

New rules:
18273 <-> WEB-CLIENT Batch file download request (web-misc.rules, Low)
18274 <-> WEB-CLIENT Microsoft Windows Mail file download request (web-misc.rules, Low)
18275 <-> WEB-CLIENT HyperText Markup Language file download request (web-misc.rules, Low)
18279 <-> SPYWARE-PUT Trojan.Win32.Karagany.A contact to server attempt (spyware-put.rules, High)
18281 <-> SPYWARE-PUT Trojan.Win32.VB.njz contact to server attempt (spyware-put.rules, High)

Updated rules:
2974 <-> NETBIOS SMB-DS D$ andx share access (netbios.rules, Low)
2976 <-> NETBIOS SMB C$ andx share access (netbios.rules, Low)
2978 <-> NETBIOS SMB-DS C$ andx share access (netbios.rules, Low)
5712 <-> WEB CLIENT Windows Media Player invalid data offset bitmap heap overflow attempt (web-client.rules, High)
9823 <-> WEB-CLIENT QuickTime RTSP URI overflow attempt (web-client.rules, High)
13799 <-> DELETED WEB-CLIENT IBM Lotus Expeditor cai URI Handler Command Execution attempt (deleted.rules, High)
17276 <-> WEB-MISC Multiple vendor Antivirus magic byte detection evasion attempt (web-misc.rules, High)
17277 <-> WEB-MISC Multiple vendor Antivirus magic byte detection evasion attempt (web-misc.rules, High)
17278 <-> WEB-MISC Multiple vendor Antivirus magic byte detection evasion attempt (web-misc.rules, High)
17376 <-> WEB-MISC IBM Lotus Expeditor cai URI handler command execution attempt (web-misc.rules, High)