Sourcefire VRT Rules Update

Date: 2010-02-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version CURRENT.

The format of the file is:

sid - Message (rule group, priority)

Updated rules:
3192 <-> WEB-CLIENT Windows Media Player directory traversal via Content-Disposition attempt (web-client.rules, High)
12139 <-> SPYWARE-PUT Trackware stealth website logger 3.4 runtime detection (spyware-put.rules, Medium)
12141 <-> SPYWARE-PUT Keylogger logit v1.0 runtime detection (spyware-put.rules, Medium)
12224 <-> SPYWARE-PUT Adware enbrowser snackman runtime detection (spyware-put.rules, Low)
12226 <-> SPYWARE-PUT Keylogger overspy runtime detection (spyware-put.rules, Medium)
12229 <-> SPYWARE-PUT Adware vroomsearch runtime detection (spyware-put.rules, Low)
12230 <-> SPYWARE-PUT Hacker-Tool hippynotify 2.0 runtime detection (spyware-put.rules, Low)
12294 <-> SPYWARE-PUT Hijacker 3search runtime detection - counter (spyware-put.rules, Low)
12295 <-> SPYWARE-PUT Hijacker 3search runtime detection - hijacking (spyware-put.rules, Low)
12363 <-> SPYWARE-PUT Other-Technologies malware-stopper runtime detection (spyware-put.rules, Low)
12365 <-> SPYWARE-PUT Hijacker proventactics 3.5 runtime detection - redirect searches (spyware-put.rules, Low)
12366 <-> SPYWARE-PUT Hijacker proventactics 3.5 runtime detection - toolbar search function (spyware-put.rules, Low)
12367 <-> SPYWARE-PUT Hijacker imesh mediabar runtime detection - hijack ie searches (spyware-put.rules, Low)
12371 <-> SPYWARE-PUT Hijacker sbu hotbar 4.8.4 runtime detection - user-agent string (spyware-put.rules, Low)
12372 <-> SPYWARE-PUT Keylogger mg-shadow 2.0 runtime detection (spyware-put.rules, Medium)
12379 <-> SPYWARE-PUT Keylogger PaqKeylogger 5.1 runtime detection - ftp (spyware-put.rules, Medium)
12481 <-> SPYWARE-PUT Hijacker 411web toolbar runtime detection (spyware-put.rules, Low)
12482 <-> SPYWARE-PUT Trickler pseudorat 0.1b runtime detection (spyware-put.rules, Low)
12483 <-> SPYWARE-PUT Other-Technologies virusprotectpro 3.7 runtime detection (spyware-put.rules, Low)
12485 <-> SPYWARE-PUT Adware instant buzz runtime detection - random text ads (spyware-put.rules, Low)
12486 <-> SPYWARE-PUT Hijacker soso toolbar runtime detection - get weather information (spyware-put.rules, Low)
16364 <-> DOS IBM DB2 database server SQLSTT denial of service attempt (dos.rules, Medium)