Sourcefire VRT Rules Update
Date: 2010-04-15
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version CURRENT.
The format of the file is:
sid - Message (rule group, priority)
New rules: 16547 <-> WEB-ACTIVEX Java Web Start ActiveX launch command by CLSID (web-activex.rules, High) 16548 <-> WEB-ACTIVEX Java Web Start ActiveX launch command by JavaScript CLSID (web-activex.rules, High) 16549 <-> WEB-CLIENT Oracle JRE Java Platform SE and Java Deployment Toolkit plugins code execution attempt - npruntime-scriptable-plugin (web-client.rules, High) 16550 <-> WEB-CLIENT Oracle JRE Java Platform SE and Java Deployment Toolkit plugins code execution attempt - java-deployment-toolkit (web-client.rules, High) 16551 <-> SPYWARE-PUT Malware contact to server attempt (spyware-put.rules, High) 16552 <-> WEB-CLIENT Adobe .pfb download attempt (web-client.rules, Medium) 16554 <-> WEB-CLIENT Adobe Acrobat JavaScript getIcon method buffer overflow attempt (web-client.rules, High) 16555 <-> WEB-MISC HP Openview Network Node Manager OvAcceptLang overflow attempt (web-misc.rules, High) 16556 <-> SPECIFIC-THREATS 2imaegshack/lmageshack IM worm get request attempt (specific-threats.rules, Low) 16557 <-> SPECIFIC-THREATS 2imaegshack/lmageshack IM worm inbound communication attempt (specific-threats.rules, Low) 16558 <-> SPECIFIC-THREATS SdBot IRC Trojan server to client communication attempt (specific-threats.rules, High) Updated rules: 1384 <-> MISC UPnP malformed advertisement (misc.rules, Medium) 2329 <-> SQL probe response overflow attempt (sql.rules, High) 7876 <-> WEB-ACTIVEX Microsoft Office Data Source Control 10.0 ActiveX clsid access (web-activex.rules, High) 7877 <-> WEB-ACTIVEX Microsoft Office Data Source Control 10.0 ActiveX clsid unicode access (web-activex.rules, High) 15574 <-> SMTP MAIL FROM command overflow attempt (smtp.rules, High) 16424 <-> WEB-ACTIVEX Windows Script Host Shell Object ActiveX clsid access (web-activex.rules, High) 16450 <-> DELETED SQL Jive Software Openfire Jabber Server SQL injection attempt (deleted.rules, High) 16473 <-> WEB-CLIENT Microsoft Windows Movie Maker project file download request (web-client.rules, Low) 16474 <-> WEB-CLIENT Microsoft Compound File Binary v3 file download (web-client.rules, Low) 16475 <-> WEB-CLIENT Microsoft Compound File Binary v4 file download (web-client.rules, Low) 16476 <-> WEB-CLIENT Microsoft .MSProducer file download request (web-client.rules, Low) 16477 <-> WEB-CLIENT Microsoft .MSProducerZ file download request (web-client.rules, Low) 16478 <-> WEB-CLIENT Microsoft .MSProducerBF file download request (web-client.rules, Low)
