Sourcefire VRT Rules Update

Date: 2010-12-14

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.0.0.

The format of the file is:

sid - Message (rule group, priority)

New rules:
18228 <-> WEB-MISC Microsoft FlashPix file download (web-misc.rules, Low)
18232 <-> WEB-MISC Microsoft OpenType Font file download (web-misc.rules, Low)
18234 <-> WEB-MISC QuickDraw/PICT file download request (web-misc.rules, Low)

Updated rules:
17844 <-> BLACKLIST DNS request for known malware domain www.derquda.com (blacklist.rules, High)
17846 <-> BLACKLIST DNS request for known malware domain trumpetlicks.com (blacklist.rules, High)
17874 <-> BLACKLIST DNS request for known malware domain f19dd4abb8b8bdf2.cn (blacklist.rules, High)
17891 <-> BLACKLIST DNS request for known malware domain bestkind.ru (blacklist.rules, High)
17892 <-> BLACKLIST DNS request for known malware domain clickpotato.tv (blacklist.rules, High)
18196 <-> WEB-CLIENT Microsoft Internet Explorer CSS importer use-after-free attempt (web-client.rules, High)