Sourcefire VRT Rules Update

Date: 2012-12-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.4.0.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:25015 <-> ENABLED <-> MALWARE-BACKDOOR Arucer backdoor traffic - NOP command attempt (malware-backdoor.rules)
 * 1:25014 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file magic detected (file-identify.rules)
 * 1:25013 <-> DISABLED <-> FILE-OTHER Sophos CAB CFDATA cbData overflow attempt (file-other.rules)
 * 1:25012 <-> DISABLED <-> FILE-OTHER Sophos CAB CFDATA cbData overflow attempt (file-other.rules)
 * 1:25011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules)
 * 1:25010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules)
 * 1:25009 <-> DISABLED <-> BLACKLIST User-Agent known malicious user agent - User-Agent User-Agent (blacklist.rules)
 * 1:25008 <-> DISABLED <-> SERVER-WEBAPP PmWiki pagelist injection attempt (server-webapp.rules)
 * 1:25007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wealwedst variant outbound connection (malware-cnc.rules)
 * 1:25006 <-> ENABLED <-> FILE-OTHER Oracle JavaScript heap exploitation library usage attempt (file-other.rules)

Modified Rules:


 * 1:21484 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules)
 * 1:23614 <-> ENABLED <-> FILE-OTHER Oracle JavaScript heap exploitation library usage attempt (file-other.rules)
 * 1:24649 <-> ENABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules)
 * 1:24650 <-> ENABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules)
 * 1:24652 <-> DISABLED <-> FILE-OTHER Microsoft proxy autoconfig script system namespace import attempt (file-other.rules)
 * 1:24984 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:24986 <-> ENABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules)
 * 1:24985 <-> ENABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules)