Sourcefire VRT Rules Update

Date: 2011-06-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.6.1.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:19179 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player cross-site request forgery attempt (specific-threats.rules)
 * 1:19177 <-> ENABLED <-> WEB-MISC cookiejacking attempt (web-misc.rules)
 * 1:19178 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player cross-site request forgery attempt (specific-threats.rules)
 * 1:19175 <-> ENABLED <-> BLACKLIST USER-AGENT known malicious User-Agent wget 3.0 (blacklist.rules)
 * 1:19176 <-> ENABLED <-> WEB-MISC cookiejacking attempt (web-misc.rules)

Modified Rules:


 * 1:16022 <-> ENABLED <-> SPECIFIC-THREATS Windows Vista Windows mail file execution attempt (specific-threats.rules)
 * 1:15587 <-> ENABLED <-> WEB-CLIENT Word file download request (web-client.rules)
 * 3:18436 <-> ENABLED <-> NETBIOS Acrobat Reader plugin bibutils.dll dll-load exploit attempt (netbios.rules)
 * 3:18629 <-> ENABLED <-> NETBIOS MFC applications mfc100.dll dll-load exploit attempt (netbios.rules)
 * 3:18627 <-> ENABLED <-> NETBIOS MFC applications mfc80.dll dll-load exploit attempt (netbios.rules)
 * 3:18628 <-> ENABLED <-> NETBIOS MFC applications mfc90.dll dll-load exploit attempt (netbios.rules)
 * 3:18426 <-> ENABLED <-> NETBIOS Acrobat Reader plugin sqlite.dll dll-load exploit attempt (netbios.rules)
 * 3:18434 <-> ENABLED <-> NETBIOS Acrobat Reader plugin ace.dll dll-load exploit attempt (netbios.rules)
 * 3:18278 <-> ENABLED <-> NETBIOS Vista Backup Tool fveapi.dll dll-load exploit attempt (netbios.rules)
 * 3:18227 <-> ENABLED <-> NETBIOS Microsoft Windows Media Encoder asferrorenu.dll dll-load exploit attempt (netbios.rules)
 * 3:18226 <-> ENABLED <-> NETBIOS Microsoft Windows Media Encoder winietenu.dll dll-load exploit attempt (netbios.rules)
 * 3:18209 <-> ENABLED <-> NETBIOS Windows 7 Home peerdist.dll dll-load exploit attempt (netbios.rules)
 * 3:18500 <-> ENABLED <-> NETBIOS Groove mso.dll dll-load exploit attempt (netbios.rules)
 * 3:18625 <-> ENABLED <-> NETBIOS MFC applications mfc40.dll dll-load exploit attempt (netbios.rules)
 * 3:18626 <-> ENABLED <-> NETBIOS MFC applications mfc42.dll dll-load exploit attempt (netbios.rules)
 * 3:18225 <-> ENABLED <-> NETBIOS Microsoft Windows Media Encoder wmerrorenu.dll dll-load exploit attempt (netbios.rules)
 * 3:18438 <-> ENABLED <-> NETBIOS Acrobat Reader plugin cryptocme2.dll dll-load exploit attempt (netbios.rules)
 * 3:18650 <-> ENABLED <-> NETBIOS Microsoft Word .dll dll-load exploit attempt (netbios.rules)
 * 3:18433 <-> ENABLED <-> NETBIOS Acrobat Reader d3dref9.dll dll-load exploit attempt (netbios.rules)
 * 3:18497 <-> ENABLED <-> NETBIOS Windows Media Player ehtrace.dll dll-load exploit attempt (netbios.rules)
 * 3:18435 <-> ENABLED <-> NETBIOS Acrobat Reader plugin agm.dll dll-load exploit attempt (netbios.rules)
 * 3:18437 <-> ENABLED <-> NETBIOS Acrobat Reader plugin cooltype.dll dll-load exploit attempt (netbios.rules)
 * 3:18446 <-> ENABLED <-> NETBIOS Acrobat Flash Player nvapi.dll dll-load exploit attempt (netbios.rules)
 * 3:18494 <-> ENABLED <-> NETBIOS Microsoft Remote Desktop Connection .dll dll-load exploit attempt (netbios.rules)
 * 3:18070 <-> ENABLED <-> NETBIOS Microsoft Office pptimpconv.dll dll-load exploit attempt (netbios.rules)