Sourcefire VRT Rules Update

Date: 2010-11-23

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.0.1.

The format of the file is:

sid - Message (rule group, priority)

New rules:
18133 <-> BLACKLIST DNS request for known malware domain www.001zs.com (blacklist.rules, High)
18134 <-> BLACKLIST DNS request for known malware domain www.551sf.com (blacklist.rules, High)
18135 <-> BLACKLIST DNS request for known malware domain www.555hd.com (blacklist.rules, High)
18136 <-> BLACKLIST DNS request for known malware domain www.66xihu.com (blacklist.rules, High)
18137 <-> BLACKLIST DNS request for known malware domain www.9292cs.cn (blacklist.rules, High)
18138 <-> BLACKLIST DNS request for known malware domain www.chateaulegend.com (blacklist.rules, High)
18139 <-> BLACKLIST DNS request for known malware domain www.china-aoben.com (blacklist.rules, High)
18140 <-> BLACKLIST DNS request for known malware domain www.cqtjg.com (blacklist.rules, High)
18141 <-> BLACKLIST DNS request for known malware domain www.dspenter.com (blacklist.rules, High)
18142 <-> BLACKLIST DNS request for known malware domain www.eastadmin.com (blacklist.rules, High)
18143 <-> BLACKLIST DNS request for known malware domain www.fp0755.cn (blacklist.rules, High)
18144 <-> BLACKLIST DNS request for known malware domain www.fp0769.com (blacklist.rules, High)
18145 <-> BLACKLIST DNS request for known malware domain www.fp360.net (blacklist.rules, High)
18146 <-> BLACKLIST DNS request for known malware domain www.gdfp365.cn (blacklist.rules, High)
18147 <-> BLACKLIST DNS request for known malware domain www.gev.cn (blacklist.rules, High)
18148 <-> BLACKLIST DNS request for known malware domain www.haoleyou.com (blacklist.rules, High)
18149 <-> BLACKLIST DNS request for known malware domain www.haosf08.com (blacklist.rules, High)
18150 <-> BLACKLIST DNS request for known malware domain www.jxbaike.com (blacklist.rules, High)
18151 <-> BLACKLIST DNS request for known malware domain www.kingsoftduba2009.com (blacklist.rules, High)
18152 <-> BLACKLIST DNS request for known malware domain www.mainhu.com (blacklist.rules, High)
18153 <-> BLACKLIST DNS request for known malware domain www.maoyiren.com (blacklist.rules, High)
18154 <-> BLACKLIST DNS request for known malware domain www.nc57.com (blacklist.rules, High)
18155 <-> BLACKLIST DNS request for known malware domain www.pplog.cn (blacklist.rules, High)
18156 <-> BLACKLIST DNS request for known malware domain www.pxflm.com (blacklist.rules, High)
18157 <-> BLACKLIST DNS request for known malware domain www.quyou365.com (blacklist.rules, High)
18158 <-> BLACKLIST DNS request for known malware domain www.shzhaotian.cn (blacklist.rules, High)
18159 <-> BLACKLIST DNS request for known malware domain www.soanala.com (blacklist.rules, High)
18160 <-> BLACKLIST DNS request for known malware domain www.stony-skunk.com (blacklist.rules, High)
18161 <-> BLACKLIST DNS request for known malware domain www.street08.com (blacklist.rules, High)
18162 <-> BLACKLIST DNS request for known malware domain www.weilingcy.com (blacklist.rules, High)
18163 <-> BLACKLIST DNS request for known malware domain www.yisaa.com (blacklist.rules, High)
18164 <-> BLACKLIST DNS request for known malware domain www.yx240.com (blacklist.rules, High)
18165 <-> BLACKLIST DNS request for known malware domain e.mssm.com (blacklist.rules, High)
18166 <-> BLACKLIST DNS request for known malware domain dfgdd.9y6c.co.cc (blacklist.rules, High)
18167 <-> WEB-CLIENT Possible generic javascript heap spray attempt (web-client.rules, High)
18168 <-> WEB-CLIENT Possible generic javascript heap spray attempt (web-client.rules, High)

Updated rules:
17393 <-> SHELLCODE JavaScript var heapspray (shellcode.rules, High)
17551 <-> CHAT MSN Messenger and Windows Live Messenger Code Execution attempt (chat.rules, High)
17810 <-> WEB-MISC potential malware - download of server32.exe (web-misc.rules, Medium)
17811 <-> WEB-MISC potential malware - download of svchost.exe (web-misc.rules, Medium)
17812 <-> WEB-MISC potential malware - download of iexplore.exe (web-misc.rules, Medium)
17813 <-> WEB-MISC potential malware - download of iprinp.dll (web-misc.rules, Medium)
17814 <-> WEB-MISC potential malware - download of winzf32.dll (web-misc.rules, Medium)
18103 <-> BLACKLIST DNS request for known malware domain 5yvod.net (blacklist.rules, High)
18104 <-> BLACKLIST DNS request for known malware domain b.9s3.info (blacklist.rules, High)
18105 <-> BLACKLIST DNS request for known malware domain baidutaobao.gotoip55.com (blacklist.rules, High)
18106 <-> BLACKLIST DNS request for known malware domain e.msssm.com (blacklist.rules, High)
18107 <-> BLACKLIST DNS request for known malware domain jsshmz.gotoip4.com (blacklist.rules, High)
18108 <-> BLACKLIST DNS request for known malware domain phoroshop.es (blacklist.rules, High)
18109 <-> BLACKLIST DNS request for known malware domain talk.cetizen.com (blacklist.rules, High)
18110 <-> BLACKLIST DNS request for known malware domain tiantianzaixian.gotoip1.com (blacklist.rules, High)
18111 <-> BLACKLIST DNS request for known malware domain v.9y9c.co.cc (blacklist.rules, High)
18112 <-> BLACKLIST DNS request for known malware domain wenyixuan.3322.org. (blacklist.rules, High)
18113 <-> BLACKLIST DNS request for known malware domain wusheng03.3322.org (blacklist.rules, High)
18114 <-> BLACKLIST DNS request for known malware domain www.5fqq.com (blacklist.rules, High)
18115 <-> BLACKLIST DNS request for known malware domain www.ajs2002.com (blacklist.rules, High)
18116 <-> BLACKLIST DNS request for known malware domain www.bnbsoft.co.kr (blacklist.rules, High)
18117 <-> BLACKLIST DNS request for known malware domain www.cineseoul.com (blacklist.rules, High)
18118 <-> BLACKLIST DNS request for known malware domain www.hao1345.com (blacklist.rules, High)
18119 <-> BLACKLIST DNS request for known malware domain www.ilbondrama.net (blacklist.rules, High)
18120 <-> BLACKLIST DNS request for known malware domain www.iwebdy.net (blacklist.rules, High)
18121 <-> BLACKLIST DNS request for known malware domain www.linzhiling123.com (blacklist.rules, High)
18122 <-> BLACKLIST DNS request for known malware domain www.opusgame.com (blacklist.rules, High)
18123 <-> BLACKLIST DNS request for known malware domain www.phoroshop.es (blacklist.rules, High)
18124 <-> BLACKLIST DNS request for known malware domain www.sijianfeng.com (blacklist.rules, High)
18125 <-> BLACKLIST DNS request for known malware domain www.tpydb.com (blacklist.rules, High)
18126 <-> BLACKLIST DNS request for known malware domain www.tpydb.com (blacklist.rules, High)
18127 <-> BLACKLIST DNS request for known malware domain www.univus.co.kr (blacklist.rules, High)
18128 <-> BLACKLIST DNS request for known malware domain www.uwonderfull.com (blacklist.rules, High)
18129 <-> BLACKLIST DNS request for known malware domain www.w22rt.com (blacklist.rules, High)
18130 <-> BLACKLIST DNS request for known malware domain www.wwmei.com (blacklist.rules, High)
18131 <-> BLACKLIST DNS request for known malware domain www.ybtour.co.kr (blacklist.rules, High)