Sourcefire VRT Update

Date: 2006-08-02

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.

The format of the file is:

sid - Message (rule group)

New rules:
7196 <-> ENABLED  <-> EXPLOIT Microsoft DHCP option overflow attempt
7197 <-> Disabled <-> WEB-CLIENT excel MSO.DLL malformed string parsing single byte buffer over attempt (web-client.rules)
7198 <-> Disabled <-> WEB-CLIENT excel MSO.DLL malformed string parsing multi byte buffer over attempt (web-client.rules)
7199 <-> Disabled <-> WEB-CLIENT excel label record overflow attempt (web-client.rules)
7200 <-> Disabled <-> WEB-CLIENT microsoft word document summary information null string overflow attempt (web-client.rules)
7201 <-> Disabled <-> WEB-CLIENT microsoft word summary information null string overflow attempt (web-client.rules)
7202 <-> Disabled <-> WEB-CLIENT microsoft word document summary information string overflow attempt (web-client.rules)
7203 <-> Disabled <-> WEB-CLIENT microsoft word information string overflow attempt (web-client.rules)
7204 <-> Disabled <-> WEB-CLIENT excel object ftCmo overflow attempt (web-client.rules)
7205 <-> Disabled <-> WEB-CLIENT excel FngGroupCount record overflow attempt (web-client.rules)

Updated rules:
7035 <-> Enabled  <-> NETBIOS SMB Trans mailslot heap overflow attempt (netbios.rules)
7036 <-> Enabled  <-> NETBIOS SMB Trans unicode mailslot heap overflow attempt (netbios.rules)
7037 <-> Enabled  <-> NETBIOS SMB-DS Trans mailslot heap overflow attempt (netbios.rules)
7038 <-> Enabled  <-> NETBIOS SMB-DS Trans unicode mailslot heap overflow attempt (netbios.rules)
7039 <-> Enabled  <-> NETBIOS-DG SMB Trans mailslot heap overflow attempt (netbios.rules)
7040 <-> Enabled  <-> NETBIOS-DG SMB Trans unicode mailslot heap overflow attempt (netbios.rules)
7041 <-> Enabled  <-> NETBIOS SMB Trans andx mailslot heap overflow attempt (netbios.rules)
7042 <-> Enabled  <-> NETBIOS SMB Trans unicode andx mailslot heap overflow attempt (netbios.rules)
7043 <-> Enabled  <-> NETBIOS SMB-DS Trans andx mailslot heap overflow attempt (netbios.rules)
7044 <-> Enabled  <-> NETBIOS SMB-DS Trans unicode andx mailslot heap overflow attempt (netbios.rules)
7045 <-> Enabled  <-> NETBIOS-DG SMB Trans andx mailslot heap overflow attempt (netbios.rules)
7046 <-> Enabled  <-> NETBIOS-DG SMB Trans unicode andx mailslot heap overflow attempt (netbios.rules)
7056 <-> Disabled <-> DELETED BACKDOOR amanda 2.0 runtime detection - initial connection (deleted.rules)
7109 <-> Disabled <-> DELETED BACKDOOR vampire runtime detection (deleted.rules)
7110 <-> Disabled <-> DELETED BACKDOOR vampire runtime detection (deleted.rules)
7117 <-> Disabled <-> DELETED BACKDOOR y3k 1.2 runtime detection - icq notification (deleted.rules)
7131 <-> Disabled <-> DELETED SPYWARE-PUT Hijacker wowok mp3 bar runtime detection - tracking (deleted.rules)
7132 <-> Disabled <-> DELETED SPYWARE-PUT Hijacker wowok mp3 bar runtime detection - advertising 1 (deleted.rules)
7133 <-> Disabled <-> DELETED SPYWARE-PUT Hijacker wowok mp3 bar runtime detection - advertising 2 (deleted.rules)
7134 <-> Disabled <-> DELETED SPYWARE-PUT Hijacker wowok mp3 bar runtime detection - search assissant hijacking (deleted.rules)
7182 <-> Disabled <-> DELETED SPYWARE-PUT Keylogger desktop detective 2000 runtime detection - info request (deleted.rules)