Sourcefire VRT Update

Date: 2006-09-21

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.

The format of the file is:

sid - Message (rule group)

     Disabled <-> SPYWARE-PUT Adware desktopmedia runtime detection - ads popup (spyware-put.rules)
8353 <-> Disabled <-> SPYWARE-PUT Adware desktopmedia runtime detection - auto update (spyware-put.rules)
8354 <-> Disabled <-> SPYWARE-PUT Adware desktopmedia runtime detection - surf monitoring (spyware-put.rules)
8355 <-> Disabled <-> SPYWARE-PUT Keylogger spybuddy 3.72 runtime detection (spyware-put.rules)
8356 <-> Disabled <-> SPYWARE-PUT Keylogger spybuddy 3.72 runtime detection - send log out through email (spyware-put.rules)
8357 <-> Disabled <-> SPYWARE-PUT Keylogger spybuddy 3.72 runtime detection - send alert out through email (spyware-put.rules)
8358 <-> Disabled <-> SPYWARE-PUT Hijacker yok supersearch runtime detection - addressbar keyword search hijack (spyware-put.rules)
8359 <-> Disabled <-> SPYWARE-PUT Hijacker yok supersearch runtime detection - target website display (spyware-put.rules)
8360 <-> Disabled <-> SPYWARE-PUT Hijacker yok supersearch runtime detection - search info collect (spyware-put.rules)
8361 <-> Disabled <-> BACKDOOR black curse 4.0 runtime detection - inverse init connection (backdoor.rules)
8362 <-> Disabled <-> BACKDOOR black curse 4.0 runtime detection - normal init connection (backdoor.rules)
8363 <-> Enabled  <-> WEB-CLIENT Business Object Factory ActiveX CLSID access (web-client.rules)
8364 <-> Enabled  <-> WEB-CLIENT Business Object Factory ActiveX CLSID unicode access (web-client.rules)
8365 <-> Enabled  <-> WEB-CLIENT DExplore.AppObj.8.0 ActiveX CLSID access (web-client.rules)
8366 <-> Enabled  <-> WEB-CLIENT DExplore.AppObj.8.0 ActiveX CLSID unicode access (web-client.rules)
8367 <-> Enabled  <-> WEB-CLIENT Microsoft.DbgClr.DTE.8.0 ActiveX CLSID access (web-client.rules)
8368 <-> Enabled  <-> WEB-CLIENT Microsoft.DbgClr.DTE.8.0 ActiveX CLSID unicode access (web-client.rules)
8369 <-> Enabled  <-> WEB-CLIENT WMIScriptUtils.WMIObjectBroker2.1 ActiveX CLSID access (web-client.rules)
8370 <-> Enabled  <-> WEB-CLIENT WMIScriptUtils.WMIObjectBroker2.1 ActiveX CLSID unicode access (web-client.rules)
8371 <-> Enabled  <-> WEB-CLIENT Outlook.Application ActiveX CLSID access (web-client.rules)
8372 <-> Enabled  <-> WEB-CLIENT Outlook.Application ActiveX CLSID unicode access (web-client.rules)
8373 <-> Enabled  <-> WEB-CLIENT VsmIDE.DTE ActiveX CLSID access (web-client.rules)
8374 <-> Enabled  <-> WEB-CLIENT VsmIDE.DTE ActiveX CLSID unicode access (web-client.rules)
8375 <-> Enabled  <-> WEB-CLIENT QuickTime Object ActiveX CLSID access (web-client.rules)
8376 <-> Enabled  <-> WEB-CLIENT QuickTime Object ActiveX CLSID unicode access (web-client.rules)
8377 <-> Enabled  <-> WEB-CLIENT RealPlayer Download Handler ActiveX CLSID access (web-client.rules)
8378 <-> Enabled  <-> WEB-CLIENT RealPlayer Download Handler ActiveX CLSID unicode access (web-client.rules)
8379 <-> Enabled  <-> WEB-CLIENT Xml2Dex ActiveX CLSID access (web-client.rules)
8380 <-> Enabled  <-> WEB-CLIENT Xml2Dex ActiveX CLSID unicode access (web-client.rules)
8381 <-> Enabled  <-> WEB-CLIENT RealPlayer SMIL Download Handler ActiveX CLSID access (web-client.rules)
8382 <-> Enabled  <-> WEB-CLIENT RealPlayer SMIL Download Handler ActiveX CLSID unicode access (web-client.rules)
8383 <-> Enabled  <-> WEB-CLIENT RealPlayer RAM Download Handler ActiveX CLSID access (web-client.rules)
8384 <-> Enabled  <-> WEB-CLIENT RealPlayer RAM Download Handler ActiveX CLSID unicode access (web-client.rules)
8385 <-> Enabled  <-> WEB-CLIENT RealPlayer Playback Handler ActiveX CLSID access (web-client.rules)
8386 <-> Enabled  <-> WEB-CLIENT RealPlayer Playback Handler ActiveX CLSID unicode access (web-client.rules)
8387 <-> Enabled  <-> WEB-CLIENT RealPlayer RNX Download Handler ActiveX CLSID access (web-client.rules)
8388 <-> Enabled  <-> WEB-CLIENT RealPlayer RNX Download Handler ActiveX CLSID unicode access (web-client.rules)
8389 <-> Enabled  <-> WEB-CLIENT RealPlayer RMP Download Handler ActiveX CLSID access (web-client.rules)
8390 <-> Enabled  <-> WEB-CLIENT RealPlayer RMP Download Handler ActiveX CLSID unicode access (web-client.rules)
8391 <-> Enabled  <-> WEB-CLIENT RFXInstMgr Class ActiveX CLSID access (web-client.rules)
8392 <-> Enabled  <-> WEB-CLIENT RFXInstMgr Class ActiveX CLSID unicode access (web-client.rules)
8393 <-> Enabled  <-> WEB-CLIENT WebDetectFrm ActiveX CLSID access (web-client.rules)
8394 <-> Enabled  <-> WEB-CLIENT WebDetectFrm ActiveX CLSID unicode access (web-client.rules)
8395 <-> Enabled  <-> WEB-CLIENT DX3DTransform.Microsoft.CrShatter ActiveX CLSID access (web-client.rules)
8396 <-> Enabled  <-> WEB-CLIENT DX3DTransform.Microsoft.CrShatter ActiveX CLSID unicode access (web-client.rules)
8397 <-> Enabled  <-> WEB-CLIENT Microsoft Office List 11.0 ActiveX CLSID access (web-client.rules)
8398 <-> Enabled  <-> WEB-CLIENT Microsoft Office List 11.0 ActiveX CLSID unicode access (web-client.rules)
8399 <-> Enabled  <-> WEB-CLIENT Microsoft.WebCapture ActiveX CLSID access (web-client.rules)
8400 <-> Enabled  <-> WEB-CLIENT Microsoft.WebCapture ActiveX CLSID unicode access (web-client.rules)
8401 <-> Enabled  <-> WEB-CLIENT Windows Media Services DRM Storage ActiveX CLSID access (web-client.rules)
8402 <-> Enabled  <-> WEB-CLIENT Windows Media Services DRM Storage ActiveX CLSID unicode access (web-client.rules)
8403 <-> Enabled  <-> WEB-CLIENT XML Schmea Cache 6.0 ActiveX CLSID access (web-client.rules)
8404 <-> Enabled  <-> WEB-CLIENT XML Schmea Cache 6.0 ActiveX CLSID unicode access (web-client.rules)
8405 <-> Enabled  <-> WEB-CLIENT XML HTTP 6.0 ActiveX CLSID access (web-client.rules)
8406 <-> Enabled  <-> WEB-CLIENT XML HTTP 6.0 ActiveX CLSID unicode access (web-client.rules)
8407 <-> Enabled  <-> WEB-CLIENT VisualExec Control ActiveX CLSID access (web-client.rules)
8408 <-> Enabled  <-> WEB-CLIENT VisualExec Control ActiveX CLSID unicode access (web-client.rules)
8409 <-> Enabled  <-> WEB-CLIENT RealPlayer Stream Handler ActiveX CLSID access (web-client.rules)
8410 <-> Enabled  <-> WEB-CLIENT RealPlayer Stream Handler ActiveX CLSID unicode access (web-client.rules)
8411 <-> Enabled  <-> WEB-CLIENT DocFind Command ActiveX CLSID access (web-client.rules)
8412 <-> Enabled  <-> WEB-CLIENT DocFind Command ActiveX CLSID unicode access (web-client.rules)
8413 <-> Disabled <-> WEB-CLIENT HCP URI uplddrvinfo access (web-client.rules)
8414 <-> Disabled <-> WEB-CLIENT GIF image width descriptor buffer overflow attempt (web-client.rules)
8415 <-> Enabled  <-> FTP SIZE overflow attempt (ftp.rules)
8416 <-> Enabled  <-> WEB-CLIENT VML fill method overflow attempt (web-client.rules)

Updated rules:
7842 <-> Disabled <-> SPYWARE-PUT Hacker-Tool davps runtime detection (spyware-put.rules)


    ]]>