Sourcefire VRT Rules Update

Date: 2011-08-02

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.6.1.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:19660 <-> DISABLED <-> BACKDOOR Win32.Riern.K outbound connection (backdoor.rules)
 * 1:19661 <-> ENABLED <-> EXPLOIT Alucar php shell download attempt (exploit.rules)
 * 1:19657 <-> ENABLED <-> BOTNET-CNC FakeAV variant traffic (botnet-cnc.rules)
 * 1:19659 <-> DISABLED <-> BACKDOOR Win32.Soleseq.A outbound connection (backdoor.rules)
 * 1:19656 <-> DISABLED <-> BACKDOOR Trojan-Dropper.Win32.Peace.lh Runtime Detection (backdoor.rules)
 * 1:19654 <-> DISABLED <-> SPYWARE-PUT Trojan-Spy.Win32.Zbot.wti contact to server attempt (spyware-put.rules)
 * 1:19655 <-> DISABLED <-> SPYWARE-PUT Trojan-Dropper.Agent.IK contact to server attempt (spyware-put.rules)

Modified Rules: