Sourcefire VRT Rules Update

Date: 2012-09-27

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.2.3.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:24260 <-> ENABLED <-> MALWARE-OTHER PwDump7.exe download attempt (malware-other.rules)
 * 1:24259 <-> ENABLED <-> MALWARE-OTHER PwDump7.exe download attempt (malware-other.rules)
 * 1:24257 <-> ENABLED <-> MALWARE-OTHER mygeeksmail.dll download attempt (malware-other.rules)
 * 1:24258 <-> ENABLED <-> MALWARE-OTHER mygeeksmail.dll download attempt (malware-other.rules)
 * 1:24255 <-> ENABLED <-> MALWARE-CNC Sality logo.gif URLs (malware-cnc.rules)
 * 1:24256 <-> ENABLED <-> WEB-PHP phpMyAdmin server_sync.php backdoor access attempt (web-php.rules)
 * 1:24254 <-> DISABLED <-> INDICATOR-COMPROMISE Page with only IP redirect - document.location, possible compromised site (indicator-compromise.rules)
 * 1:24253 <-> DISABLED <-> INDICATOR-COMPROMISE Page with only IP redirect - http-equiv=refresh, possible compromised site (indicator-compromise.rules)
 * 1:24251 <-> DISABLED <-> MALWARE-CNC Android/Fakelash.A!tr.spy trojan command and control channel traffic (malware-cnc.rules)
 * 1:24252 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer execCommand use embedded within javascript tags (browser-ie.rules)
 * 1:24261 <-> ENABLED <-> MALWARE-OTHER Lanman2.dll download attempt (malware-other.rules)
 * 1:24262 <-> ENABLED <-> MALWARE-OTHER Lanman2.dll download attempt (malware-other.rules)

Modified Rules: