Sourcefire VRT Rules Update

Date: 2012-09-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.2.3.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:24213 <-> ENABLED <-> FILE-IDENTIFY MP4 file download detected (file-identify.rules)
 * 1:24211 <-> ENABLED <-> MALWARE-CNC RAT update protocol connection (malware-cnc.rules)
 * 1:24212 <-> ENABLED <-> BROWSER-IE Microsoft execCommand use-after-free attempt (browser-ie.rules)

Modified Rules:


 * 1:21342 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 zero length atom 'cprt' field attempt (file-multimedia.rules)
 * 1:21341 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 zero length atom 'dscp' field attempt (file-multimedia.rules)
 * 1:21340 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 zero length atom 'titl' field attempt (file-multimedia.rules)
 * 1:21339 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 zero length atom 'auth' field attempt (file-multimedia.rules)
 * 1:22088 <-> ENABLED <-> EXPLOIT-KIT Blackhole Exploit Kit javascript service method (exploit-kit.rules)
 * 1:23218 <-> ENABLED <-> EXPLOIT-KIT RedKit Repeated Exploit Request Pattern (exploit-kit.rules)
 * 1:23223 <-> ENABLED <-> EXPLOIT-KIT RedKit Landing Page Received - applet and code (exploit-kit.rules)
 * 1:23221 <-> DISABLED <-> EXPLOIT-KIT RedKit Jar File Naming Algorithm (exploit-kit.rules)
 * 1:23225 <-> ENABLED <-> EXPLOIT-KIT RedKit Landing Page Received - applet and flowbit (exploit-kit.rules)
 * 1:24210 <-> ENABLED <-> BROWSER-IE Microsoft execCommand use-after-free attempt (browser-ie.rules)
 * 1:15865 <-> ENABLED <-> FILE-IDENTIFY MP4 file download request (file-identify.rules)