Sourcefire VRT Update

Date: 2006-07-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.

The format of the file is:

sid <-> Rule State <-> Message (rule group)

New rules:
7049 <-> Disabled <-> SPYWARE-PUT Hijacker extreme biz runtime detection - uniq1 (spyware-put.rules)
7050 <-> Disabled <-> SPYWARE-PUT Hijacker freecruise toolbar runtime detection (spyware-put.rules)
7051 <-> Disabled <-> SPYWARE-PUT Trickler generic downloader.g runtime detection - spyware injection (spyware-put.rules)
7052 <-> Disabled <-> SPYWARE-PUT Trickler generic downloader.g runtime detection - adv (spyware-put.rules)
7053 <-> Disabled <-> SPYWARE-PUT Adware webredir runtime detection (spyware-put.rules)
7054 <-> Disabled <-> SPYWARE-PUT Trickler download arq variant runtime detection (spyware-put.rules)
7055 <-> Disabled <-> SPYWARE-PUT Hijacker vip01 biz runtime detection - adv (spyware-put.rules)
7056 <-> Disabled <-> BACKDOOR amanda 2.0 runtime detection - initial connection (backdoor.rules)
7057 <-> Disabled <-> BACKDOOR charon runtime detection - initial connection (backdoor.rules)
7058 <-> Disabled <-> BACKDOOR charon runtime detection - download file flowbit 1 (backdoor.rules)
7059 <-> Disabled <-> BACKDOOR charon runtime detection - download file flowbit 2 (backdoor.rules)
7060 <-> Disabled <-> BACKDOOR charon runtime detection - download file (backdoor.rules)
7061 <-> Disabled <-> BACKDOOR charon runtime detection - download log flowbit 1 (backdoor.rules)
7062 <-> Disabled <-> BACKDOOR charon runtime detection - download log flowbit 2 (backdoor.rules)
7063 <-> Disabled <-> BACKDOOR charon runtime detection - download log (backdoor.rules)
7064 <-> Disabled <-> BACKDOOR cybernetic 1.62 runtime detection - email notification (backdoor.rules)
7065 <-> Disabled <-> BACKDOOR cybernetic 1.62 runtime detection - reverse connection flowbit 1 (backdoor.rules)
7066 <-> Disabled <-> BACKDOOR cybernetic 1.62 runtime detection - reverse connection flowbit 1 (backdoor.rules)
7067 <-> Disabled <-> BACKDOOR cybernetic 1.62 runtime detection - reverse connection (backdoor.rules)
7068 <-> Disabled <-> BACKDOOR delta source 0.5 beta runtime detection - ping (backdoor.rules)
7069 <-> Disabled <-> BACKDOOR delta source 0.5 beta runtime detection - pc info (backdoor.rules)
7070 <-> Enabled  <-> WEB-MISC encoded cross site scripting attempt (web-misc.rules)
7071 <-> Enabled  <-> WEB-MISC encoded cross site scripting HTML Image tag set to javascript attempt (web-misc.rules)
7072 <-> Disabled <-> BACKDOOR fraggle rock 2.0 lite runtime detection - pc info (backdoor.rules)
7073 <-> Disabled <-> BACKDOOR w32.dumaru.gen@mm runtime detection - notification (backdoor.rules)
7074 <-> Disabled <-> BACKDOOR w32.dumaru.gen@mm runtime detection - cmd (backdoor.rules)
7075 <-> Disabled <-> BACKDOOR bandook 1.0 runtime detection (backdoor.rules)
7076 <-> Disabled <-> BACKDOOR minimo v0.6 runtime detection - cgi notification (backdoor.rules)
7077 <-> Disabled <-> BACKDOOR minimo v0.6 runtime detection - icq notification (backdoor.rules)
7078 <-> Disabled <-> BACKDOOR up and run v1.0 beta runtime detection flowbit 1 (backdoor.rules)
7079 <-> Disabled <-> BACKDOOR up and run v1.0 beta runtime detection flowbit 2 (backdoor.rules)
7080 <-> Disabled <-> BACKDOOR up and run v1.0 beta runtime detection flowbit 3 (backdoor.rules)
7081 <-> Disabled <-> BACKDOOR up and run v1.0 beta runtime detection (backdoor.rules)
7082 <-> Disabled <-> BACKDOOR mosucker3.0 runtime detection - client-to-server (backdoor.rules)
7083 <-> Disabled <-> BACKDOOR mosucker3.0 runtime detection - server-to-client1 (backdoor.rules)
7084 <-> Disabled <-> BACKDOOR erazer v1.1 runtime detection - sin notification (backdoor.rules)
7085 <-> Disabled <-> BACKDOOR erazer v1.1 runtime detection (backdoor.rules)
7086 <-> Disabled <-> BACKDOOR erazer v1.1 runtime detection - init connection (backdoor.rules)
7087 <-> Disabled <-> BACKDOOR sinique 1.0 runtime detection - intial connection with correct password client-to-server (backdoor.rules)
7088 <-> Disabled <-> BACKDOOR sinique 1.0 runtime detection - intial connection with correct password server-to-client (backdoor.rules)
7089 <-> Disabled <-> BACKDOOR sinique 1.0 runtime detection - intial connection with wrong password -client-to-server (backdoor.rules)
7090 <-> Disabled <-> BACKDOOR sinique 1.0 runtime detection - intial connection with wrong password server-to-client (backdoor.rules)
7091 <-> Disabled <-> BACKDOOR serveme runtime detection (backdoor.rules)
7092 <-> Disabled <-> BACKDOOR uprising screen control 1.0 runtime detection (backdoor.rules)
7093 <-> Disabled <-> BACKDOOR uprising screen control 1.0 runtime detection - init connectiion (backdoor.rules)
7094 <-> Disabled <-> BACKDOOR uprising screen control 1.0 runtime detection (backdoor.rules)
7095 <-> Disabled <-> BACKDOOR uprising screen control 1.0 runtime detection - begin capture (backdoor.rules)
7096 <-> Disabled <-> BACKDOOR remote hack 1.5 runtime detection - logon (backdoor.rules)
7097 <-> Disabled <-> BACKDOOR remote hack 1.5 runtime detection - execute file (backdoor.rules)
7098 <-> Disabled <-> BACKDOOR remote hack 1.5 runtime detection - get password (backdoor.rules)
7099 <-> Disabled <-> BACKDOOR remote hack 1.5 runtime detection - start keylogger (backdoor.rules)
7100 <-> Disabled <-> BACKDOOR mass connect 1.1 runtime detection - http (backdoor.rules)
7101 <-> Disabled <-> BACKDOOR gwboy 0.92 runtime detection (backdoor.rules)
7102 <-> Disabled <-> BACKDOOR gwboy 0.92 runtime detection (backdoor.rules)
7103 <-> Disabled <-> BACKDOOR gwboy 0.92 runtime detection - init connection (backdoor.rules)
7104 <-> Disabled <-> BACKDOOR aol admin runtime detection (backdoor.rules)
7105 <-> Disabled <-> BACKDOOR aol admin runtime detection (backdoor.rules)
7106 <-> Disabled <-> BACKDOOR girlfriend runtime detection (backdoor.rules)
7107 <-> Disabled <-> BACKDOOR girlfriend runtime detection (backdoor.rules)
7108 <-> Disabled <-> BACKDOOR undetected runtime detection (backdoor.rules)
7109 <-> Disabled <-> BACKDOOR vampire runtime detection (backdoor.rules)
7110 <-> Disabled <-> BACKDOOR vampire runtime detection (backdoor.rules)
7111 <-> Disabled <-> BACKDOOR fearless lite 1.01 runtime detection (backdoor.rules)
7112 <-> Disabled <-> BACKDOOR fearless lite 1.01 runtime detection (backdoor.rules)
7113 <-> Disabled <-> BACKDOOR donalddick v1.5b3 runtime detection (backdoor.rules)
7114 <-> Disabled <-> BACKDOOR donalddick v1.5b3 runtime detection (backdoor.rules)
7115 <-> Disabled <-> BACKDOOR ghost 2.3 runtime detection (backdoor.rules)
7116 <-> Disabled <-> BACKDOOR y3k 1.2 runtime detection - icq notification (backdoor.rules)
7117 <-> Disabled <-> BACKDOOR y3k 1.2 runtime detection - icq notification (backdoor.rules)
7118 <-> Disabled <-> BACKDOOR y3k 1.2 runtime detection - user-agent string detected (backdoor.rules)
7119 <-> Disabled <-> BACKDOOR y3k 1.2 runtime detection (backdoor.rules)
7120 <-> Disabled <-> BACKDOOR y3k 1.2 runtime detection - init connection 1 (backdoor.rules)
7121 <-> Disabled <-> BACKDOOR y3k 1.2 runtime detection (backdoor.rules)
7122 <-> Disabled <-> BACKDOOR y3k 1.2 runtime detection - init connection 2 (backdoor.rules)
7123 <-> Disabled <-> SPYWARE-PUT Other-Technologies alfacleaner runtime detection - update (spyware-put.rules)
7124 <-> Disabled <-> SPYWARE-PUT Other-Technologies alfacleaner runtime detection - buy (spyware-put.rules)
7125 <-> Disabled <-> SPYWARE-PUT Hijacker traffbest biz runtime detection - adv (spyware-put.rules)
7126 <-> Disabled <-> SPYWARE-PUT Hijacker trojan proxy atiup runtime detection - notification (spyware-put.rules)
7127 <-> Disabled <-> SPYWARE-PUT Hijacker wowok mp3 bar runtime detection - tracking (spyware-put.rules)
7128 <-> Disabled <-> SPYWARE-PUT Hijacker wowok mp3 bar runtime detection - advertising 1 (spyware-put.rules)
7129 <-> Disabled <-> SPYWARE-PUT Hijacker wowok mp3 bar runtime detection - advertising 2 (spyware-put.rules)
7130 <-> Disabled <-> SPYWARE-PUT Hijacker wowok mp3 bar runtime detection - search assissant hijacking (spyware-put.rules)
7131 <-> Disabled <-> SPYWARE-PUT Hijacker wowok mp3 bar runtime detection - tracking (spyware-put.rules)
7132 <-> Disabled <-> SPYWARE-PUT Hijacker wowok mp3 bar runtime detection - advertising 1 (spyware-put.rules)
7133 <-> Disabled <-> SPYWARE-PUT Hijacker wowok mp3 bar runtime detection - advertising 2 (spyware-put.rules)
7134 <-> Disabled <-> SPYWARE-PUT Hijacker wowok mp3 bar runtime detection - search assissant hijacking (spyware-put.rules)
7135 <-> Disabled <-> SPYWARE-PUT Hijacker dsrch runtime detection - config info retrieval (spyware-put.rules)
7136 <-> Disabled <-> SPYWARE-PUT Hijacker dsrch runtime detection - search assistant redirect (spyware-put.rules)
7137 <-> Disabled <-> SPYWARE-PUT Hijacker dsrch runtime detection - side search redirect (spyware-put.rules)
7138 <-> Disabled <-> SPYWARE-PUT Other-Technologies clicktrojan runtime detection - version check (spyware-put.rules)
7139 <-> Disabled <-> SPYWARE-PUT Other-Technologies clicktrojan runtime detection - fake search query (spyware-put.rules)
7140 <-> Disabled <-> SPYWARE-PUT Adware pay-per-click runtime detection - configuration (spyware-put.rules)
7141 <-> Disabled <-> SPYWARE-PUT Adware pay-per-click runtime detection - update (spyware-put.rules)
7142 <-> Disabled <-> SPYWARE-PUT Adware ares flash downloader 2.04 runtime detection (spyware-put.rules)
7143 <-> Disabled <-> SPYWARE-PUT Adware digink.com runtime detection (spyware-put.rules)
7144 <-> Disabled <-> SPYWARE-PUT Hijacker cool search runtime detection (spyware-put.rules)
7145 <-> Disabled <-> SPYWARE-PUT Other-Technologies spam maxy runtime detection (spyware-put.rules)
7146 <-> Disabled <-> SPYWARE-PUT Hacker-Tool sars notifier runtime detection - sin notification (spyware-put.rules)
7147 <-> Disabled <-> SPYWARE-PUT Hacker-Tool sars notifier runtime detection - icq notification (spyware-put.rules)
7148 <-> Disabled <-> SPYWARE-PUT Hacker-Tool sars notifier runtime detection - cgi notification (spyware-put.rules)
7149 <-> Disabled <-> SPYWARE-PUT Hacker-Tool sars notifier runtime detection - php notification (spyware-put.rules)
7150 <-> Disabled <-> SPYWARE-PUT Hacker-Tool sars notifier runtime detection - irc notification (spyware-put.rules)
7151 <-> Disabled <-> SPYWARE-PUT Hacker-Tool sars notifier runtime detection - net send notification (spyware-put.rules)
7152 <-> Disabled <-> SPYWARE-PUT Hijacker cnsmin 3721 runtime detection - installation (spyware-put.rules)
7153 <-> Disabled <-> SPYWARE-PUT Hijacker cnsmin 3721 runtime detection - hijacking (spyware-put.rules)
7154 <-> Disabled <-> SPYWARE-PUT Keylogger active keylogger home runtime detection (spyware-put.rules)
7155 <-> Disabled <-> SPYWARE-PUT Trickler jubster runtime detection (spyware-put.rules)
7156 <-> Disabled <-> SPYWARE-PUT Keylogger win-spy runtime detection - email delivery (spyware-put.rules)
7157 <-> Disabled <-> SPYWARE-PUT Keylogger win-spy runtime detection - remote conn client-to-server (spyware-put.rules)
7158 <-> Disabled <-> SPYWARE-PUT Keylogger win-spy runtime detection - remote conn server-to-client (spyware-put.rules)
7159 <-> Disabled <-> SPYWARE-PUT Keylogger win-spy runtime detection - upload file client-to-server (spyware-put.rules)
7160 <-> Disabled <-> SPYWARE-PUT Keylogger win-spy runtime detection - upload file server-to-client (spyware-put.rules)
7161 <-> Disabled <-> SPYWARE-PUT Keylogger win-spy runtime detection - download file client-to-server (spyware-put.rules)
7162 <-> Disabled <-> SPYWARE-PUT Keylogger win-spy runtime detection - download file server-to-client (spyware-put.rules)
7163 <-> Disabled <-> SPYWARE-PUT Keylogger win-spy runtime detection - execute file client-to-server (spyware-put.rules)
7164 <-> Disabled <-> SPYWARE-PUT Keylogger win-spy runtime detection - execute file server-to-client (spyware-put.rules)
7165 <-> Disabled <-> SPYWARE-PUT Keylogger ab system spy runtime detection - info retrieve (spyware-put.rules)
7166 <-> Disabled <-> SPYWARE-PUT Keylogger ab system spy runtime detection - info retrieve (spyware-put.rules)
7167 <-> Disabled <-> SPYWARE-PUT Keylogger ab system spy runtime detection - info retrieve (spyware-put.rules)
7168 <-> Disabled <-> SPYWARE-PUT Keylogger ab system spy runtime detection - info retrieve (spyware-put.rules)
7169 <-> Disabled <-> SPYWARE-PUT Keylogger ab system spy runtime detection - info retrieve (spyware-put.rules)
7170 <-> Disabled <-> SPYWARE-PUT Keylogger ab system spy runtime detection - info update (spyware-put.rules)
7171 <-> Disabled <-> SPYWARE-PUT Keylogger ab system spy runtime detection - info update (spyware-put.rules)
7172 <-> Disabled <-> SPYWARE-PUT Keylogger ab system spy runtime detection - info update (spyware-put.rules)
7173 <-> Disabled <-> SPYWARE-PUT Keylogger ab system spy runtime detection - info update (spyware-put.rules)
7174 <-> Disabled <-> SPYWARE-PUT Keylogger ab system spy runtime detection - info update (spyware-put.rules)
7175 <-> Disabled <-> SPYWARE-PUT Keylogger ab system spy runtime detection - log retrieve (spyware-put.rules)
7176 <-> Disabled <-> SPYWARE-PUT Keylogger ab system spy runtime detection - log retrieve (spyware-put.rules)
7177 <-> Disabled <-> SPYWARE-PUT Keylogger ab system spy runtime detection - info send through email (spyware-put.rules)
7178 <-> Disabled <-> SPYWARE-PUT Keylogger desktop detective 2000 runtime detection - init connection (spyware-put.rules)
7179 <-> Disabled <-> SPYWARE-PUT Keylogger desktop detective 2000 runtime detection - init connection (spyware-put.rules)
7180 <-> Disabled <-> SPYWARE-PUT Keylogger desktop detective 2000 runtime detection - init connection (spyware-put.rules)
7181 <-> Disabled <-> SPYWARE-PUT Keylogger desktop detective 2000 runtime detection - info request (spyware-put.rules)
7182 <-> Disabled <-> SPYWARE-PUT Keylogger desktop detective 2000 runtime detection - info request (spyware-put.rules)
7183 <-> Disabled <-> SPYWARE-PUT Snoopware barok runtime detection (spyware-put.rules)
7184 <-> Disabled <-> SPYWARE-PUT Keylogger 007 spy software runtime detection - smtp (spyware-put.rules)
7185 <-> Disabled <-> SPYWARE-PUT Keylogger 007 spy software runtime detection - ftp (spyware-put.rules)
7186 <-> Disabled <-> SPYWARE-PUT Keylogger kgb Keylogger runtime detection (spyware-put.rules)
7187 <-> Disabled <-> SPYWARE-PUT Trackware shopathome user-agent detected (spyware-put.rules)
7188 <-> Disabled <-> SPYWARE-PUT Hijacker shop at home select - merchant redirect in progress (spyware-put.rules)
7189 <-> Disabled <-> SPYWARE-PUT Trackware shopathome runtime detection - setcookie request (spyware-put.rules)
7190 <-> Disabled <-> SPYWARE-PUT Adware trustyfiles v3.1.0.1 runtime detection - host retrieval (spyware-put.rules)
7191 <-> Disabled <-> SPYWARE-PUT Adware trustyfiles v3.1.0.1 runtime detection - url retrieval (spyware-put.rules)
7192 <-> Disabled <-> SPYWARE-PUT Adware trustyfiles v3.1.0.1 runtime detection - sponsor selection (spyware-put.rules)
7193 <-> Disabled <-> SPYWARE-PUT Adware trustyfiles v3.1.0.1 runtime detection - startup access (spyware-put.rules)
7194 <-> Disabled <-> SPYWARE-PUT Hijacker shopprreports runtime detection - services requests (spyware-put.rules)
7195 <-> Disabled <-> SPYWARE-PUT Hijacker shopprreports runtime detection - track/upgrade/report activities (spyware-put.rules)

Updated rules:
 208 <-> Disabled <-> BACKDOOR PhaseZero Server Active on Network (backdoor.rules)
1497 <-> Enabled  <-> WEB-MISC cross site scripting attempt (web-misc.rules)