Sourcefire VRT Rules Update

Date: 2012-03-20

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.2.1.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:21610 <-> DISABLED <-> SPYWARE-PUT Trojan.Win32.Refroso.azyg runtime detection (spyware-put.rules)
 * 1:21609 <-> DISABLED <-> WEB-MISC SurgeMail webmail.exe page format string exploit attempt (web-misc.rules)
 * 1:21608 <-> DISABLED <-> VOIP Digium Asterisk IAX2 call number denial of service (voip.rules)
 * 1:21607 <-> DISABLED <-> WEB-CLIENT IBM Installation Manager iim uri code execution attempt (web-client.rules)
 * 1:21606 <-> DISABLED <-> WEB-IIS Microsoft IIS multiple executable extension access attempt (web-iis.rules)
 * 1:21605 <-> DISABLED <-> WEB-IIS Microsoft IIS multiple executable extension access attempt (web-iis.rules)
 * 1:21604 <-> DISABLED <-> WEB-IIS Microsoft IIS multiple executable extension access attempt (web-iis.rules)
 * 1:21603 <-> DISABLED <-> WEB-IIS Microsoft IIS multiple executable extension access attempt (web-iis.rules)
 * 1:21602 <-> DISABLED <-> WEB-IIS Microsoft IIS multiple executable extension access attempt (web-iis.rules)
 * 1:21601 <-> DISABLED <-> WEB-IIS Microsoft IIS multiple executable extension access attempt (web-iis.rules)
 * 1:21600 <-> DISABLED <-> WEB-IIS Microsoft IIS multiple executable extension access attempt (web-iis.rules)
 * 1:21599 <-> DISABLED <-> WEB-IIS Microsoft IIS multiple executable extension access attempt (web-iis.rules)
 * 1:21598 <-> DISABLED <-> BOTNET-CNC Android/Nickispy.D sms logging response detection (botnet-cnc.rules)
 * 1:21597 <-> DISABLED <-> BOTNET-CNC Android/Nickispy.D sms logging request detection (botnet-cnc.rules)
 * 1:21596 <-> DISABLED <-> BOTNET-CNC Android/Nickispy.D initialization response detection (botnet-cnc.rules)
 * 1:21595 <-> DISABLED <-> BOTNET-CNC Android/Nickispy.D initialization request detection (botnet-cnc.rules)
 * 1:21594 <-> DISABLED <-> WEB-MISC Gravity GTD objectname parameter injection attempt (web-misc.rules)
 * 1:21593 <-> ENABLED <-> BOTNET-CNC Trojan.Dropper-23836 outbound connection (botnet-cnc.rules)

Modified Rules:


 * 1:14769 <-> ENABLED <-> EXPLOIT DATAC RealWin SCADA System buffer overflow attempt (exploit.rules)
 * 1:20139 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Word document summary information string overflow attempt (specific-threats.rules)
 * 1:20140 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Word document summary information string overflow attempt (specific-threats.rules)
 * 1:20141 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Word document summary information string overflow attempt (specific-threats.rules)