VRT Rules 2014-09-23
This release adds and modifies rules in several categories.

The VRT has added and modified multiple rules in the blacklist, exploit-kit, file-java, malware-cnc, server-mail and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2014-09-23 15:18:48 UTC

Sourcefire VRT Rules Update

Date: 2014-09-23

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2956.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:31929 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (malware-cnc.rules)
 * 1:31928 <-> ENABLED <-> MALWARE-CNC Win.Trojan-Downloader.Becontr variant outbound connection attempt (malware-cnc.rules)
 * 1:31931 <-> ENABLED <-> BLACKLIST DNS request for known malware domain adawareblock.com - Win.Trojan.Xagent (blacklist.rules)
 * 1:31966 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit payload delivery (exploit-kit.rules)
 * 1:31946 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start arbitrary command execution attempt (file-java.rules)
 * 1:31944 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tavdig outbound communication (malware-cnc.rules)
 * 1:31945 <-> DISABLED <-> SERVER-WEBAPP PhpWiki Ploticus plugin command injection attempt (server-webapp.rules)
 * 1:31942 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Admin Service FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:31940 <-> DISABLED <-> SERVER-WEBAPP password sent via URL parameter (server-webapp.rules)
 * 1:31941 <-> ENABLED <-> MALWARE-CNC Win.Trojan-Downloader.Pedrp variant outbound connection attempt (malware-cnc.rules)
 * 1:31937 <-> ENABLED <-> BLACKLIST DNS request for known malware domain microsofi.org - Win.Trojan.Xagent (blacklist.rules)
 * 1:31939 <-> DISABLED <-> SERVER-WEBAPP password sent via POST parameter (server-webapp.rules)
 * 1:31936 <-> ENABLED <-> BLACKLIST DNS request for known malware domain testservice24.net - Win.Trojan.Xagent (blacklist.rules)
 * 1:31933 <-> ENABLED <-> BLACKLIST DNS request for known malware domain scanmalware.info - Win.Trojan.Xagent (blacklist.rules)
 * 1:31934 <-> ENABLED <-> BLACKLIST DNS request for known malware domain updatepc.org - Win.Trojan.Xagent (blacklist.rules)
 * 1:31930 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (malware-cnc.rules)
 * 1:31973 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Chebri variant outbound connection attempt (malware-cnc.rules)
 * 1:31932 <-> ENABLED <-> BLACKLIST DNS request for known malware domain checkmalware.info - Win.Trojan.Xagent (blacklist.rules)
 * 1:31970 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit redirection attempt (exploit-kit.rules)
 * 1:31971 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit multiple exploit download request (exploit-kit.rules)
 * 1:31972 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit payload delivery (exploit-kit.rules)
 * 1:31935 <-> ENABLED <-> BLACKLIST DNS request for known malware domain updatesoftware24.com - Win.Trojan.Xagent (blacklist.rules)
 * 1:31938 <-> ENABLED <-> BLACKLIST DNS request for known malware domain microsof-update.com - Win.Trojan.Xagent (blacklist.rules)
 * 1:31968 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit Adobe Flash exploit payload request (exploit-kit.rules)
 * 1:31967 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit payload delivery (exploit-kit.rules)
 * 1:31969 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit payload request (exploit-kit.rules)
 * 1:31943 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope EmailServlet directory traversal attempt (server-webapp.rules)
 * 1:31947 <-> ENABLED <-> BLACKLIST USER-AGENT known malicious User-Agent string - HttpCall - Win.Trojan.Rukypee (blacklist.rules)
 * 1:31948 <-> ENABLED <-> BLACKLIST USER-AGENT known malicious User-Agent string - MyProgramm - Win.Trojan.Rukypee (blacklist.rules)
 * 1:31949 <-> ENABLED <-> BLACKLIST USER-AGENT known malicious User-Agent string - Skypee - Win.Trojan.Rukypee (blacklist.rules)
 * 1:31950 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ahmedfaiez.info - Win.Trojan.Rukypee (blacklist.rules)
 * 1:31951 <-> ENABLED <-> BLACKLIST DNS request for known malware domain flushupate.com - Win.Trojan.Rukypee (blacklist.rules)
 * 1:31952 <-> ENABLED <-> BLACKLIST DNS request for known malware domain pstcmedia.com - Win.Trojan.Rukypee (blacklist.rules)
 * 1:31954 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (malware-cnc.rules)
 * 1:31955 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (malware-cnc.rules)
 * 1:31956 <-> DISABLED <-> SERVER-WEBAPP Rejetto HttpFileServer command injection attempt (server-webapp.rules)
 * 1:31957 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Torct variant outbound connection attempt (malware-cnc.rules)
 * 1:31958 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ambi.cc - Win.Trojan.Caphaw (blacklist.rules)
 * 1:31959 <-> ENABLED <-> BLACKLIST DNS request for known malware domain edal.cc - Win.Trojan.Caphaw (blacklist.rules)
 * 1:31962 <-> ENABLED <-> BLACKLIST DNS request for known malware domain sted.cc - Win.Trojan.Caphaw (blacklist.rules)
 * 1:31961 <-> ENABLED <-> BLACKLIST DNS request for known malware domain modern-shipping.biz - Win.Trojan.Caphaw (blacklist.rules)
 * 1:31960 <-> ENABLED <-> BLACKLIST DNS request for known malware domain express-shippingus.net - Win.Trojan.Caphaw (blacklist.rules)
 * 1:31965 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit landing page (exploit-kit.rules)
 * 1:31963 <-> ENABLED <-> BLACKLIST DNS request for known malware domain useushippinginc.com - Win.Trojan.Caphaw (blacklist.rules)
 * 1:31974 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zegorg variant outbound connection attempt (malware-cnc.rules)
 * 1:31953 <-> ENABLED <-> BLACKLIST DNS request for known malware domain companies-search.com - Win.Trojan.Ezbro (blacklist.rules)
 * 1:31964 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)

Modified Rules:


 * 1:25136 <-> ENABLED <-> EXPLOIT-KIT Styx exploit kit plugin detection connection (exploit-kit.rules)
 * 1:30060 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Coresh outbound identification request (malware-cnc.rules)
 * 1:3824 <-> DISABLED <-> SERVER-MAIL AUTH user overflow attempt (server-mail.rules)
 * 1:26350 <-> ENABLED <-> EXPLOIT-KIT TDS redirection - may lead to exploit kit (exploit-kit.rules)
 * 1:29871 <-> ENABLED <-> SERVER-ORACLE Oracle Reports server remote code execution attempt (server-oracle.rules)
 * 1:26011 <-> ENABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (malware-cnc.rules)
 * 1:26010 <-> ENABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (malware-cnc.rules)
 * 1:21481 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start arbitrary command execution attempt (file-java.rules)
 * 1:18743 <-> DISABLED <-> SERVER-WEBAPP VLC player web interface format string attack (server-webapp.rules)

2014-09-23 15:18:48 UTC

Sourcefire VRT Rules Update

Date: 2014-09-23

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2961.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:31946 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start arbitrary command execution attempt (file-java.rules)
 * 1:31944 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tavdig outbound communication (malware-cnc.rules)
 * 1:31945 <-> DISABLED <-> SERVER-WEBAPP PhpWiki Ploticus plugin command injection attempt (server-webapp.rules)
 * 1:31942 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Admin Service FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:31940 <-> DISABLED <-> SERVER-WEBAPP password sent via URL parameter (server-webapp.rules)
 * 1:31941 <-> ENABLED <-> MALWARE-CNC Win.Trojan-Downloader.Pedrp variant outbound connection attempt (malware-cnc.rules)
 * 1:31937 <-> ENABLED <-> BLACKLIST DNS request for known malware domain microsofi.org - Win.Trojan.Xagent (blacklist.rules)
 * 1:31939 <-> DISABLED <-> SERVER-WEBAPP password sent via POST parameter (server-webapp.rules)
 * 1:31936 <-> ENABLED <-> BLACKLIST DNS request for known malware domain testservice24.net - Win.Trojan.Xagent (blacklist.rules)
 * 1:31934 <-> ENABLED <-> BLACKLIST DNS request for known malware domain updatepc.org - Win.Trojan.Xagent (blacklist.rules)
 * 1:31933 <-> ENABLED <-> BLACKLIST DNS request for known malware domain scanmalware.info - Win.Trojan.Xagent (blacklist.rules)
 * 1:31930 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (malware-cnc.rules)
 * 1:31929 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (malware-cnc.rules)
 * 1:31928 <-> ENABLED <-> MALWARE-CNC Win.Trojan-Downloader.Becontr variant outbound connection attempt (malware-cnc.rules)
 * 1:31931 <-> ENABLED <-> BLACKLIST DNS request for known malware domain adawareblock.com - Win.Trojan.Xagent (blacklist.rules)
 * 1:31932 <-> ENABLED <-> BLACKLIST DNS request for known malware domain checkmalware.info - Win.Trojan.Xagent (blacklist.rules)
 * 1:31935 <-> ENABLED <-> BLACKLIST DNS request for known malware domain updatesoftware24.com - Win.Trojan.Xagent (blacklist.rules)
 * 1:31938 <-> ENABLED <-> BLACKLIST DNS request for known malware domain microsof-update.com - Win.Trojan.Xagent (blacklist.rules)
 * 1:31943 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope EmailServlet directory traversal attempt (server-webapp.rules)
 * 1:31947 <-> ENABLED <-> BLACKLIST USER-AGENT known malicious User-Agent string - HttpCall - Win.Trojan.Rukypee (blacklist.rules)
 * 1:31948 <-> ENABLED <-> BLACKLIST USER-AGENT known malicious User-Agent string - MyProgramm - Win.Trojan.Rukypee (blacklist.rules)
 * 1:31949 <-> ENABLED <-> BLACKLIST USER-AGENT known malicious User-Agent string - Skypee - Win.Trojan.Rukypee (blacklist.rules)
 * 1:31950 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ahmedfaiez.info - Win.Trojan.Rukypee (blacklist.rules)
 * 1:31951 <-> ENABLED <-> BLACKLIST DNS request for known malware domain flushupate.com - Win.Trojan.Rukypee (blacklist.rules)
 * 1:31952 <-> ENABLED <-> BLACKLIST DNS request for known malware domain pstcmedia.com - Win.Trojan.Rukypee (blacklist.rules)
 * 1:31953 <-> ENABLED <-> BLACKLIST DNS request for known malware domain companies-search.com - Win.Trojan.Ezbro (blacklist.rules)
 * 1:31954 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (malware-cnc.rules)
 * 1:31955 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (malware-cnc.rules)
 * 1:31956 <-> DISABLED <-> SERVER-WEBAPP Rejetto HttpFileServer command injection attempt (server-webapp.rules)
 * 1:31957 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Torct variant outbound connection attempt (malware-cnc.rules)
 * 1:31958 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ambi.cc - Win.Trojan.Caphaw (blacklist.rules)
 * 1:31959 <-> ENABLED <-> BLACKLIST DNS request for known malware domain edal.cc - Win.Trojan.Caphaw (blacklist.rules)
 * 1:31960 <-> ENABLED <-> BLACKLIST DNS request for known malware domain express-shippingus.net - Win.Trojan.Caphaw (blacklist.rules)
 * 1:31961 <-> ENABLED <-> BLACKLIST DNS request for known malware domain modern-shipping.biz - Win.Trojan.Caphaw (blacklist.rules)
 * 1:31962 <-> ENABLED <-> BLACKLIST DNS request for known malware domain sted.cc - Win.Trojan.Caphaw (blacklist.rules)
 * 1:31963 <-> ENABLED <-> BLACKLIST DNS request for known malware domain useushippinginc.com - Win.Trojan.Caphaw (blacklist.rules)
 * 1:31974 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zegorg variant outbound connection attempt (malware-cnc.rules)
 * 1:31973 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Chebri variant outbound connection attempt (malware-cnc.rules)
 * 1:31972 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit payload delivery (exploit-kit.rules)
 * 1:31971 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit multiple exploit download request (exploit-kit.rules)
 * 1:31970 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit redirection attempt (exploit-kit.rules)
 * 1:31969 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit payload request (exploit-kit.rules)
 * 1:31966 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit payload delivery (exploit-kit.rules)
 * 1:31967 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit payload delivery (exploit-kit.rules)
 * 1:31968 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit Adobe Flash exploit payload request (exploit-kit.rules)
 * 1:31964 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:31965 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit landing page (exploit-kit.rules)

Modified Rules:


 * 1:3824 <-> DISABLED <-> SERVER-MAIL AUTH user overflow attempt (server-mail.rules)
 * 1:30060 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Coresh outbound identification request (malware-cnc.rules)
 * 1:29871 <-> ENABLED <-> SERVER-ORACLE Oracle Reports server remote code execution attempt (server-oracle.rules)
 * 1:26350 <-> ENABLED <-> EXPLOIT-KIT TDS redirection - may lead to exploit kit (exploit-kit.rules)
 * 1:26010 <-> ENABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (malware-cnc.rules)
 * 1:26011 <-> ENABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (malware-cnc.rules)
 * 1:21481 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start arbitrary command execution attempt (file-java.rules)
 * 1:25136 <-> ENABLED <-> EXPLOIT-KIT Styx exploit kit plugin detection connection (exploit-kit.rules)
 * 1:18743 <-> DISABLED <-> SERVER-WEBAPP VLC player web interface format string attack (server-webapp.rules)

2014-09-23 15:18:48 UTC

Sourcefire VRT Rules Update

Date: 2014-09-23

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:31974 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zegorg variant outbound connection attempt (malware-cnc.rules)
 * 1:31973 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Chebri variant outbound connection attempt (malware-cnc.rules)
 * 1:31972 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit payload delivery (exploit-kit.rules)
 * 1:31971 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit multiple exploit download request (exploit-kit.rules)
 * 1:31970 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit redirection attempt (exploit-kit.rules)
 * 1:31969 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit payload request (exploit-kit.rules)
 * 1:31968 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit Adobe Flash exploit payload request (exploit-kit.rules)
 * 1:31967 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit payload delivery (exploit-kit.rules)
 * 1:31966 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit payload delivery (exploit-kit.rules)
 * 1:31965 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit landing page (exploit-kit.rules)
 * 1:31964 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:31963 <-> ENABLED <-> BLACKLIST DNS request for known malware domain useushippinginc.com - Win.Trojan.Caphaw (blacklist.rules)
 * 1:31962 <-> ENABLED <-> BLACKLIST DNS request for known malware domain sted.cc - Win.Trojan.Caphaw (blacklist.rules)
 * 1:31961 <-> ENABLED <-> BLACKLIST DNS request for known malware domain modern-shipping.biz - Win.Trojan.Caphaw (blacklist.rules)
 * 1:31960 <-> ENABLED <-> BLACKLIST DNS request for known malware domain express-shippingus.net - Win.Trojan.Caphaw (blacklist.rules)
 * 1:31959 <-> ENABLED <-> BLACKLIST DNS request for known malware domain edal.cc - Win.Trojan.Caphaw (blacklist.rules)
 * 1:31958 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ambi.cc - Win.Trojan.Caphaw (blacklist.rules)
 * 1:31957 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Torct variant outbound connection attempt (malware-cnc.rules)
 * 1:31956 <-> DISABLED <-> SERVER-WEBAPP Rejetto HttpFileServer command injection attempt (server-webapp.rules)
 * 1:31955 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (malware-cnc.rules)
 * 1:31954 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (malware-cnc.rules)
 * 1:31953 <-> ENABLED <-> BLACKLIST DNS request for known malware domain companies-search.com - Win.Trojan.Ezbro (blacklist.rules)
 * 1:31952 <-> ENABLED <-> BLACKLIST DNS request for known malware domain pstcmedia.com - Win.Trojan.Rukypee (blacklist.rules)
 * 1:31951 <-> ENABLED <-> BLACKLIST DNS request for known malware domain flushupate.com - Win.Trojan.Rukypee (blacklist.rules)
 * 1:31950 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ahmedfaiez.info - Win.Trojan.Rukypee (blacklist.rules)
 * 1:31949 <-> ENABLED <-> BLACKLIST USER-AGENT known malicious User-Agent string - Skypee - Win.Trojan.Rukypee (blacklist.rules)
 * 1:31948 <-> ENABLED <-> BLACKLIST USER-AGENT known malicious User-Agent string - MyProgramm - Win.Trojan.Rukypee (blacklist.rules)
 * 1:31947 <-> ENABLED <-> BLACKLIST USER-AGENT known malicious User-Agent string - HttpCall - Win.Trojan.Rukypee (blacklist.rules)
 * 1:31946 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start arbitrary command execution attempt (file-java.rules)
 * 1:31945 <-> DISABLED <-> SERVER-WEBAPP PhpWiki Ploticus plugin command injection attempt (server-webapp.rules)
 * 1:31944 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tavdig outbound communication (malware-cnc.rules)
 * 1:31943 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope EmailServlet directory traversal attempt (server-webapp.rules)
 * 1:31942 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Admin Service FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:31941 <-> ENABLED <-> MALWARE-CNC Win.Trojan-Downloader.Pedrp variant outbound connection attempt (malware-cnc.rules)
 * 1:31940 <-> DISABLED <-> SERVER-WEBAPP password sent via URL parameter (server-webapp.rules)
 * 1:31939 <-> DISABLED <-> SERVER-WEBAPP password sent via POST parameter (server-webapp.rules)
 * 1:31938 <-> ENABLED <-> BLACKLIST DNS request for known malware domain microsof-update.com - Win.Trojan.Xagent (blacklist.rules)
 * 1:31937 <-> ENABLED <-> BLACKLIST DNS request for known malware domain microsofi.org - Win.Trojan.Xagent (blacklist.rules)
 * 1:31936 <-> ENABLED <-> BLACKLIST DNS request for known malware domain testservice24.net - Win.Trojan.Xagent (blacklist.rules)
 * 1:31935 <-> ENABLED <-> BLACKLIST DNS request for known malware domain updatesoftware24.com - Win.Trojan.Xagent (blacklist.rules)
 * 1:31934 <-> ENABLED <-> BLACKLIST DNS request for known malware domain updatepc.org - Win.Trojan.Xagent (blacklist.rules)
 * 1:31933 <-> ENABLED <-> BLACKLIST DNS request for known malware domain scanmalware.info - Win.Trojan.Xagent (blacklist.rules)
 * 1:31932 <-> ENABLED <-> BLACKLIST DNS request for known malware domain checkmalware.info - Win.Trojan.Xagent (blacklist.rules)
 * 1:31931 <-> ENABLED <-> BLACKLIST DNS request for known malware domain adawareblock.com - Win.Trojan.Xagent (blacklist.rules)
 * 1:31930 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (malware-cnc.rules)
 * 1:31929 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (malware-cnc.rules)
 * 1:31928 <-> ENABLED <-> MALWARE-CNC Win.Trojan-Downloader.Becontr variant outbound connection attempt (malware-cnc.rules)

Modified Rules:


 * 1:18743 <-> DISABLED <-> SERVER-WEBAPP VLC player web interface format string attack (server-webapp.rules)
 * 1:21481 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start arbitrary command execution attempt (file-java.rules)
 * 1:25136 <-> ENABLED <-> EXPLOIT-KIT Styx exploit kit plugin detection connection (exploit-kit.rules)
 * 1:26010 <-> ENABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (malware-cnc.rules)
 * 1:26011 <-> ENABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (malware-cnc.rules)
 * 1:26350 <-> ENABLED <-> EXPLOIT-KIT TDS redirection - may lead to exploit kit (exploit-kit.rules)
 * 1:29871 <-> ENABLED <-> SERVER-ORACLE Oracle Reports server remote code execution attempt (server-oracle.rules)
 * 1:30060 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Coresh outbound identification request (malware-cnc.rules)
 * 1:3824 <-> DISABLED <-> SERVER-MAIL AUTH user overflow attempt (server-mail.rules)