Sourcefire VRT Rules Update
Date: 2009-11-13
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version CURRENT.
The format of the file is:
sid - Message (rule group, priority)
New rules: 16242 <-> BACKDOOR downloader-ash.gen.b runtime detection - adload (backdoor.rules, High) 16243 <-> BACKDOOR downloader-ash.gen.b runtime detection - 3264.php (backdoor.rules, High) 16244 <-> BACKDOOR rogue software xp police antivirus runtime detection - purchase (backdoor.rules, High) 16245 <-> BACKDOOR rogue software xp police antivirus install-timedetection (backdoor.rules, High) 16246 <-> BACKDOOR rogue software spyware protect 2009 runtime detection - purchase request (backdoor.rules, High) 16247 <-> BACKDOOR rogue software spyware protect 2009 runtime detection - block (backdoor.rules, High) 16248 <-> BACKDOOR rogue software ms antispyware 2009 runtime detection - start (backdoor.rules, High) 16249 <-> BACKDOOR rogue software ms antispyware 2009 runtime detection - pay (backdoor.rules, High) 16250 <-> BACKDOOR rogue software win pc defender runtime detection (backdoor.rules, High) 16251 <-> BACKDOOR rogue software win pc defender installtime detection (backdoor.rules, High) 16252 <-> BACKDOOR rogue software pro antispyware 2009 runtime detection - purchase (backdoor.rules, High) 16253 <-> BACKDOOR rogue software system security 2009 runtime detection (backdoor.rules, High) 16254 <-> BACKDOOR rogue software system security 2009 installtime detection (backdoor.rules, High) 16255 <-> BACKDOOR rogue software system security 2009 installtime detection (backdoor.rules, High) 16256 <-> BACKDOOR rogue software coreguard antivirus 2009 runtime detection (backdoor.rules, High) 16257 <-> BACKDOOR rogue software perfect defender 2009 runtime detection - update (backdoor.rules, High) 16258 <-> BACKDOOR rogue software perfect defender 2009 runtime detection - purchase (backdoor.rules, High) 16259 <-> BACKDOOR rogue software antivirusdoktor2009 runtime detection (backdoor.rules, High) 16260 <-> BACKDOOR rogue software xp antivirus protection runtime detection - installation (backdoor.rules, High) 16261 <-> BACKDOOR rogue software xp antivirus protection runtime detection - runtime (backdoor.rules, High) 16262 <-> BACKDOOR rogue software xp-shield runtime detection (backdoor.rules, High) 16263 <-> BACKDOOR rogue software xp-shield runtime detection - installation (backdoor.rules, High) 16264 <-> BACKDOOR rogue software 007 anti-spyware runtime detection - update (backdoor.rules, High) 16265 <-> BACKDOOR rogue software 007 anti-spyware runtime detection - register (backdoor.rules, High) 16266 <-> BACKDOOR rogue software pc antispyware 2010 runtime detection - buy (backdoor.rules, High) 16267 <-> BACKDOOR rogue software pc antispyware 2010 runtime detection - files (backdoor.rules, High) 16268 <-> BACKDOOR trojan.tdss.1.gen install-time detection - yournewsblog.net (backdoor.rules, High) 16269 <-> BACKDOOR trojan.tdss.1.gen install-time detection - findzproportal1.com (backdoor.rules, High) 16270 <-> BACKDOOR srat 1.6 runtime detection (backdoor.rules, High) 16271 <-> BACKDOOR srat 1.6 runtime detection (backdoor.rules, High) 16272 <-> BACKDOOR trojan-dropper.irc.tkb runtime detection - lordhack (backdoor.rules, High) 16273 <-> BACKDOOR trojan-dropper.irc.tkb runtime detection - dxcpm (backdoor.rules, High) 16274 <-> SPYWARE-PUT Trickler trojan-spy.win32.pophot runtime detection - connect to server (spyware-put.rules, Low) 16275 <-> SPYWARE-PUT Trickler trojan-spy.win32.pophot runtime detection - download files (spyware-put.rules, Low) 16276 <-> SPYWARE-PUT Trickler win32-fakealert.kl runtime detection (spyware-put.rules, Low) 16277 <-> SPYWARE-PUT Trickler win32-fakealert.kl installtime detection - downloads malicious files (spyware-put.rules, Low) 16278 <-> SPYWARE-PUT Trickler win32-fakealert.kl installime detection - updates remote server (spyware-put.rules, Low) 16279 <-> BACKDOOR rogue-software windows antivirus 2008 runtime detection - pre-sale page (backdoor.rules, High) 16280 <-> BACKDOOR rogue-software windows antivirus 2008 runtime detection - registration and payment page (backdoor.rules, High) 16281 <-> P2P BitTorrent scrape request (p2p.rules, High) 16282 <-> P2P Bittorrent uTP peer request (p2p.rules, High) 16283 <-> WEB-MISC Borland StarTeam Multicast Service buffer overflow attempt (web-misc.rules, High) 16284 <-> SPECIFIC-THREATS Mozilla Firefox ClearTextRun exploit attempt (specific-threats.rules, High) 16285 <-> RPC AIX ttdbserv function 15 buffer overflow attempt (rpc.rules, High) Updated rules: 2278 <-> WEB-MISC client negative Content-Length attempt (web-misc.rules, Medium)
