Sourcefire VRT Rules Update

Date: 2010-03-23

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version CURRENT.

The format of the file is:

sid - Message (rule group, priority)

New rules:
16492 <-> WEB-CLIENT Safari inline text box use after free attempt (web-client.rules, High)
16493 <-> SPYWARE-PUT TT-bot botnet contact to C&C server attempt (spyware-put.rules, High)
16494 <-> SPYWARE-PUT Cutwail spambot server communication attempt (spyware-put.rules, High)
16495 <-> SPYWARE-PUT Rustock botnet contact to C&C server attempt (spyware-put.rules, High)
16496 <-> SPYWARE-PUT Trojan hacktool attempt to contact server (spyware-put.rules, High)
16497 <-> SPYWARE-PUT Tear Application downloader attempt to contact server (spyware-put.rules, High)
16498 <-> SPYWARE-PUT PC Antispyware 2010 FakeAV download/update attempt (spyware-put.rules, High)
16499 <-> NETBIOS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt (netbios.rules, High)
16500 <-> NETBIOS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt (netbios.rules, High)

Updated rules:
10603 <-> NETBIOS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt (netbios.rules, High)
10900 <-> NETBIOS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt (netbios.rules, High)
16490 <-> SPECIFIC-THREATS Adobe Reader malformed TIFF remote code execution attempt (specific-threats.rules, High)