Sourcefire VRT Rules Update

Date: 2010-01-06

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version CURRENT.

The format of the file is:

sid - Message (rule group, priority)

New rules:
16360 <-> WEB-CLIENT Apple QuickTime Image Description Atom sign extension memory corruption attempt (web-client.rules, High)
16361 <-> WEB-CLIENT Microsoft Office BMP header biClrUsed integer overflow attempt (web-client.rules, High)
16362 <-> SPECIFIC-THREATS SpyForms malware call home attempt (specific-threats.rules, High)
16363 <-> POLICY potentially executable file upload via FTP (policy.rules, High)
16364 <-> DOS IGM DB2 database server SQLSTT denial of service attempt (dos.rules, Medium)
16365 <-> SPECIFIC-THREATS Trojan OnlineGames download atttempt (specific-threats.rules, High)

Updated rules:
1147 <-> WEB-MISC cat%20 access (web-misc.rules, Medium)
7187 <-> SPYWARE-PUT Trackware shopathome user-agent detected (spyware-put.rules, Medium)
7839 <-> SPYWARE-PUT Hijacker rx toolbar runtime detection (spyware-put.rules, Low)
16356 <-> WEB-IIS multiple extension code execution attempt (web-iis.rules, High)
16357 <-> FTP multiple extension code execution attempt (ftp.rules, High)