Sourcefire VRT Rules Update
Date: 2011-01-11
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.0.3.
The format of the file is:
sid - Message (rule group, priority)
New rules: 18273 <-> WEB-CLIENT Batch file download request (web-misc.rules, Low) 18274 <-> WEB-CLIENT Microsoft Windows Mail file download request (web-misc.rules, Low) 18275 <-> WEB-CLIENT HyperText Markup Language file download request (web-misc.rules, Low) 18279 <-> SPYWARE-PUT Trojan.Win32.Karagany.A contact to server attempt (spyware-put.rules, High) 18281 <-> SPYWARE-PUT Trojan.Win32.VB.njz contact to server attempt (spyware-put.rules, High) Updated rules: 2974 <-> NETBIOS SMB-DS D$ andx share access (netbios.rules, Low) 2976 <-> NETBIOS SMB C$ andx share access (netbios.rules, Low) 2978 <-> NETBIOS SMB-DS C$ andx share access (netbios.rules, Low) 5712 <-> WEB CLIENT Windows Media Player invalid data offset bitmap heap overflow attempt (web-client.rules, High) 9823 <-> WEB-CLIENT QuickTime RTSP URI overflow attempt (web-client.rules, High) 13799 <-> DELETED WEB-CLIENT IBM Lotus Expeditor cai URI Handler Command Execution attempt (deleted.rules, High) 17276 <-> WEB-MISC Multiple vendor Antivirus magic byte detection evasion attempt (web-misc.rules, High) 17277 <-> WEB-MISC Multiple vendor Antivirus magic byte detection evasion attempt (web-misc.rules, High) 17278 <-> WEB-MISC Multiple vendor Antivirus magic byte detection evasion attempt (web-misc.rules, High) 17376 <-> WEB-MISC IBM Lotus Expeditor cai URI handler command execution attempt (web-misc.rules, High)
