Sourcefire VRT Rules Update

Date: 2011-01-06

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.0.1.

The format of the file is:

sid - Message (rule group, priority)

New rules:
18251 <-> BLACKLIST DNS request for known malware domain vcxde.com (blacklist.rules, High)
18252 <-> BLACKLIST DNS request for known malware domain protectyourpc-11.com (blacklist.rules, High)
18253 <-> BLACKLIST DNS request for known malware domain blogsmonitoringservice.com (blacklist.rules, High)
18254 <-> BLACKLIST DNS request for known malware domain checkserverstux.com (blacklist.rules, High)
18255 <-> BLACKLIST DNS request for known malware domain gopheisstoo.cc (blacklist.rules, High)
18256 <-> BLACKLIST DNS request for known malware domain tutubest.com (blacklist.rules, High)
18257 <-> BLACKLIST DNS request for known malware domain dns-check.biz (blacklist.rules, High)
18258 <-> BLACKLIST DNS request for known malware domain ftuny.com (blacklist.rules, High)
18259 <-> BLACKLIST DNS request for known malware domain whysohardx.com (blacklist.rules, High)
18260 <-> BLACKLIST DNS request for known malware domain freenetgameonline.com (blacklist.rules, High)
18261 <-> SPECIFIC-THREATS Mozilla Firefox Javascript engine String.toSource memory corruption attempt (specific-threats.rules, High)
18262 <-> SPECIFIC-THREATS Mozilla Firefox Javascript engine function arguments memory corruption attempt (specific-threats.rules, High)
18263 <-> SPECIFIC-THREATS Mozilla Firefox Javascript deleted frame or window reference attempt (specific-threats.rules, High)
18264 <-> SPECIFIC-THREATS Mozilla Firefox Javascript deleted frame or window reference attempt (specific-threats.rules, High)
18265 <-> WEB-CLIENT Microsoft Office thumbnail bitmap invalid biClrUsed attempt (web-client.rules, High)

Updated rules:
12286 <-> WEB-CLIENT PCRE character class double free overflow attempt (web-client.rules, High)
18244 <-> WEB-CLIENT Sun Java browser plugin docbase overflow attempt (web-client.rules, High)
18245 <-> SPECIFIC-THREATS Sun Java browser plugin docbase overflow attempt (specific-threats.rules, High)