Sourcefire VRT Rules Update

Date: 2008-04-02

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version CURRENT.

The format of the file is:

sid - Message (rule group)

New rules:
13635 <-> SPYWARE-PUT Trickler downloader trojan.gen runtime detection - get malicious link (spyware-put.rules)
13636 <-> SPYWARE-PUT Trickler downloader trojan.gen runtime detection - download malicious link (spyware-put.rules)
13637 <-> SPYWARE-PUT Adware virus heat runtime detection - presale request (spyware-put.rules)
13638 <-> SPYWARE-PUT Adware virus heat runtime detection - initial database connection (spyware-put.rules)
13639 <-> SPYWARE-PUT Hijacker locmag toolbar runtime detection - connection to toolbar (spyware-put.rules)
13640 <-> SPYWARE-PUT Hijacker locmag toolbar runtime detection - hijacks address bar (spyware-put.rules)
13641 <-> SPYWARE-PUT Hijacker eclickz toolbar runtime detection - search traffic (spyware-put.rules)
13642 <-> SPYWARE-PUT Keylogger easy Keylogger runtime detection (spyware-put.rules)
13643 <-> SPYWARE-PUT Hijacker zztoolbar runtime detection - toolbar traffic (spyware-put.rules)
13644 <-> SPYWARE-PUT Hijacker zztoolbar runtime detection - search traffic (spyware-put.rules)
13645 <-> SPYWARE-PUT Hijacker mxs toolbar runtime detection (spyware-put.rules)
13646 <-> SPYWARE-PUT Adware registry defender runtime detection - presale request (spyware-put.rules)
13647 <-> SPYWARE-PUT Adware registry defender runtime detection - error report request (spyware-put.rules)
13648 <-> SPYWARE-PUT Hijacker mysearch bar 2.0.2.28 runtime detection (spyware-put.rules)
13649 <-> SPYWARE-PUT Adware spyware stop runtime detection - presale request (spyware-put.rules)
13650 <-> SPYWARE-PUT Adware spyware stop runtime detection - auto updates (spyware-put.rules)
13651 <-> SPYWARE-PUT Keylogger family cyber alert runtime detection - smtp traffic for recorded activities (spyware-put.rules)
13652 <-> SPYWARE-PUT Keylogger all in one Keylogger runtime detection (spyware-put.rules)
13653 <-> SPYWARE-PUT Adware cashfiesta adbar runtime detection - updates traffic (spyware-put.rules)
13654 <-> BACKDOOR nuclear rat 2.1 runtime detection - init connection (backdoor.rules)
13655 <-> BACKDOOR nuclear rat 2.1 runtime detection - init connection (backdoor.rules)
13656 <-> WEB-MISC Cisco Secure Access Control Server UCP Application CSuserCGI.exe Buffer Overflow attempt (web-misc.rules)
13657 <-> WEB-CLIENT BusinessObjects RptViewerAx ActiveX clsid access (web-client.rules)
13658 <-> WEB-CLIENT BusinessObjects RptViewerAx ActiveX clsid unicode access (web-client.rules)
13659 <-> WEB-CLIENT BusinessObjects RptViewerAx ActiveX function call access (web-client.rules)
13660 <-> WEB-CLIENT BusinessObjects RptViewerAx ActiveX function call unicode access (web-client.rules)
13661 <-> WEB-CLIENT VeralSoft HTTP File Upload ActiveX clsid access (web-client.rules)
13662 <-> WEB-CLIENT VeralSoft HTTP File Upload ActiveX clsid unicode access (web-client.rules)
13663 <-> IMAP Alt-N MDaemon IMAP Server FETCH command buffer overflow attempt (imap.rules)
13664 <-> VOIP-SIP hexadecimal characters in IP address portion of Remote-Party-ID field (voip.rules)

Updated rules:
 528 <-> BAD-TRAFFIC loopback traffic (bad-traffic.rules)
2125 <-> FTP CWD Root directory transversal attempt (ftp.rules)
13591 <-> WEB-CGI Trend Micro OfficeScan CGI password decryption buffer overflow attempt (web-cgi.rules)