Sourcefire VRT Update

Date: 2006-06-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.

The format of the file is:

sid - Message (rule group)

New rules:
6513 - EXPLOIT Asterisk IAX2 truncated video mini-frame packet overflow attempt (exploit.rules)
6514 - EXPLOIT Asterisk IAX2 truncated full-frame packet overflow attempt (exploit.rules)
6515 - EXPLOIT Asterisk IAX2 truncated mini-frame packet overflow attempt (exploit.rules)
6516 - WEB-CLIENT DXImageTransform.Microsoft.Light ActiveX function call access (web-client.rules)
6517 - WEB-CLIENT DXImageTransform.Microsoft.Light ActiveX CLSID access (web-client.rules)
6518 - WEB-CLIENT DXImageTransform.Microsoft.Light ActiveX CLSID unicode access (web-client.rules)
6519 - DELETED WEB-CLIENT DXImageTransform.Microsoft.Light ActiveX function call access (deleted.rules)
6520 - NETBIOS SMB rras alter context attempt (netbios.rules)
6521 - NETBIOS SMB rras unicode alter context attempt (netbios.rules)
6522 - NETBIOS SMB rras WriteAndX alter context attempt (netbios.rules)
6523 - NETBIOS SMB rras WriteAndX unicode alter context attempt (netbios.rules)
6524 - NETBIOS SMB-DS rras alter context attempt (netbios.rules)
6525 - NETBIOS SMB-DS rras WriteAndX alter context attempt (netbios.rules)
6526 - NETBIOS SMB-DS rras unicode alter context attempt (netbios.rules)
6527 - NETBIOS SMB-DS rras WriteAndX unicode alter context attempt (netbios.rules)
6528 - NETBIOS SMB rras little endian alter context attempt (netbios.rules)
6529 - NETBIOS SMB rras WriteAndX little endian alter context attempt (netbios.rules)
6530 - NETBIOS SMB rras unicode little endian alter context attempt (netbios.rules)
6531 - NETBIOS SMB rras WriteAndX unicode little endian alter context attempt (netbios.rules)
6532 - NETBIOS SMB-DS rras little endian alter context attempt (netbios.rules)
6533 - NETBIOS SMB-DS rras WriteAndX little endian alter context attempt (netbios.rules)
6534 - NETBIOS SMB-DS rras unicode little endian alter context attempt (netbios.rules)
6535 - NETBIOS SMB-DS rras WriteAndX unicode little endian alter context attempt (netbios.rules)
6536 - NETBIOS SMB rras bind attempt (netbios.rules)
6537 - NETBIOS SMB rras unicode bind attempt (netbios.rules)
6538 - NETBIOS SMB rras WriteAndX bind attempt (netbios.rules)
6539 - NETBIOS SMB rras WriteAndX unicode bind attempt (netbios.rules)
6540 - NETBIOS SMB-DS rras bind attempt (netbios.rules)
6541 - NETBIOS SMB-DS rras WriteAndX bind attempt (netbios.rules)
6542 - NETBIOS SMB-DS rras unicode bind attempt (netbios.rules)
6543 - NETBIOS SMB-DS rras WriteAndX unicode bind attempt (netbios.rules)
6544 - NETBIOS SMB rras little endian bind attempt (netbios.rules)
6545 - NETBIOS SMB rras WriteAndX little endian bind attempt (netbios.rules)
6546 - NETBIOS SMB rras unicode little endian bind attempt (netbios.rules)
6547 - NETBIOS SMB rras WriteAndX unicode little endian bind attempt (netbios.rules)
6548 - NETBIOS SMB-DS rras little endian bind attempt (netbios.rules)
6549 - NETBIOS SMB-DS rras WriteAndX little endian bind attempt (netbios.rules)
6550 - NETBIOS SMB-DS rras unicode little endian bind attempt (netbios.rules)
6551 - NETBIOS SMB-DS rras WriteAndX unicode little endian bind attempt (netbios.rules)
6552 - NETBIOS SMB rras andx alter context attempt (netbios.rules)
6553 - NETBIOS SMB rras unicode andx alter context attempt (netbios.rules)
6554 - NETBIOS SMB rras WriteAndX andx alter context attempt (netbios.rules)
6555 - NETBIOS SMB rras WriteAndX unicode andx alter context attempt (netbios.rules)
6556 - NETBIOS SMB-DS rras andx alter context attempt (netbios.rules)
6557 - NETBIOS SMB-DS rras WriteAndX andx alter context attempt (netbios.rules)
6558 - NETBIOS SMB-DS rras unicode andx alter context attempt (netbios.rules)
6559 - NETBIOS SMB-DS rras WriteAndX unicode andx alter context attempt (netbios.rules)
6560 - NETBIOS SMB rras little endian andx alter context attempt (netbios.rules)
6561 - NETBIOS SMB rras WriteAndX little endian andx alter context attempt (netbios.rules)
6562 - NETBIOS SMB rras unicode little endian andx alter context attempt (netbios.rules)
6563 - NETBIOS SMB rras WriteAndX unicode little endian andx alter context attempt (netbios.rules)
6564 - NETBIOS SMB-DS rras little endian andx alter context attempt (netbios.rules)
6565 - NETBIOS SMB-DS rras WriteAndX little endian andx alter context attempt (netbios.rules)
6566 - NETBIOS SMB-DS rras unicode little endian andx alter context attempt (netbios.rules)
6567 - NETBIOS SMB-DS rras WriteAndX unicode little endian andx alter context attempt (netbios.rules)
6568 - NETBIOS SMB rras andx bind attempt (netbios.rules)
6569 - NETBIOS SMB rras unicode andx bind attempt (netbios.rules)
6570 - NETBIOS SMB rras WriteAndX andx bind attempt (netbios.rules)
6571 - NETBIOS SMB rras WriteAndX unicode andx bind attempt (netbios.rules)
6572 - NETBIOS SMB-DS rras andx bind attempt (netbios.rules)
6573 - NETBIOS SMB-DS rras WriteAndX andx bind attempt (netbios.rules)
6574 - NETBIOS SMB-DS rras unicode andx bind attempt (netbios.rules)
6575 - NETBIOS SMB-DS rras WriteAndX unicode andx bind attempt (netbios.rules)
6576 - NETBIOS SMB rras little endian andx bind attempt (netbios.rules)
6577 - NETBIOS SMB rras WriteAndX little endian andx bind attempt (netbios.rules)
6578 - NETBIOS SMB rras unicode little endian andx bind attempt (netbios.rules)
6579 - NETBIOS SMB rras WriteAndX unicode little endian andx bind attempt (netbios.rules)
6580 - NETBIOS SMB-DS rras little endian andx bind attempt (netbios.rules)
6581 - NETBIOS SMB-DS rras WriteAndX little endian andx bind attempt (netbios.rules)
6582 - NETBIOS SMB-DS rras unicode little endian andx bind attempt (netbios.rules)
6583 - NETBIOS SMB-DS rras WriteAndX unicode little endian andx bind attempt (netbios.rules)
6584 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest little endian overflow attempt (netbios.rules)
6585 - NETBIOS SMB v4 rras RasRpcSubmitRequest WriteAndX little endian overflow attempt (netbios.rules)
6586 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest WriteAndX unicode overflow attempt (netbios.rules)
6587 - NETBIOS SMB v4 rras RasRpcSubmitRequest unicode little endian overflow attempt (netbios.rules)
6588 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest WriteAndX little endian overflow attempt (netbios.rules)
6589 - NETBIOS SMB v4 rras RasRpcSubmitRequest WriteAndX unicode little endian overflow attempt (netbios.rules)
6590 - NETBIOS SMB rras RasRpcSubmitRequest overflow attempt (netbios.rules)
6591 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX overflow attempt (netbios.rules)
6592 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX unicode overflow attempt (netbios.rules)
6593 - NETBIOS SMB rras RasRpcSubmitRequest unicode overflow attempt (netbios.rules)
6594 - NETBIOS SMB-DS rras RasRpcSubmitRequest unicode overflow attempt (netbios.rules)
6595 - NETBIOS SMB v4 rras RasRpcSubmitRequest overflow attempt (netbios.rules)
6596 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest WriteAndX overflow attempt (netbios.rules)
6597 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest unicode little endian overflow attempt (netbios.rules)
6598 - NETBIOS SMB v4 rras RasRpcSubmitRequest WriteAndX unicode overflow attempt (netbios.rules)
6599 - NETBIOS SMB v4 rras RasRpcSubmitRequest unicode overflow attempt (netbios.rules)
6600 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest unicode overflow attempt (netbios.rules)
6601 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest overflow attempt (netbios.rules)
6602 - NETBIOS SMB v4 rras RasRpcSubmitRequest WriteAndX overflow attempt (netbios.rules)
6603 - NETBIOS SMB-DS rras RasRpcSubmitRequest little endian overflow attempt (netbios.rules)
6604 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX unicode little endian overflow attempt (netbios.rules)
6605 - NETBIOS SMB rras RasRpcSubmitRequest little endian overflow attempt (netbios.rules)
6606 - NETBIOS SMB v4 rras RasRpcSubmitRequest little endian overflow attempt (netbios.rules)
6607 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX unicode little endian overflow attempt (netbios.rules)
6608 - NETBIOS SMB-DS rras RasRpcSubmitRequest little endian object call overflow attempt (netbios.rules)
6609 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX unicode little endian object call overflow attempt (netbios.rules)
6610 - NETBIOS SMB rras RasRpcSubmitRequest little endian object call overflow attempt (netbios.rules)
6611 - NETBIOS SMB-DS rras RasRpcSubmitRequest overflow attempt (netbios.rules)
6612 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX overflow attempt (netbios.rules)
6613 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX unicode overflow attempt (netbios.rules)
6614 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX little endian overflow attempt (netbios.rules)
6615 - NETBIOS SMB rras RasRpcSubmitRequest unicode little endian overflow attempt (netbios.rules)
6616 - NETBIOS SMB-DS rras RasRpcSubmitRequest unicode little endian overflow attempt (netbios.rules)
6617 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX little endian overflow attempt (netbios.rules)
6618 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest WriteAndX unicode little endian overflow attempt (netbios.rules)
6619 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX unicode little endian object call overflow attempt (netbios.rules)
6620 - NETBIOS SMB rras RasRpcSubmitRequest object call overflow attempt (netbios.rules)
6621 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX object call overflow attempt (netbios.rules)
6622 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX unicode object call overflow attempt (netbios.rules)
6623 - NETBIOS SMB rras RasRpcSubmitRequest unicode object call overflow attempt (netbios.rules)
6624 - NETBIOS SMB-DS rras RasRpcSubmitRequest unicode object call overflow attempt (netbios.rules)
6625 - NETBIOS SMB-DS rras RasRpcSubmitRequest object call overflow attempt (netbios.rules)
6626 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX object call overflow attempt (netbios.rules)
6627 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX unicode object call overflow attempt (netbios.rules)
6628 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX little endian object call overflow attempt (netbios.rules)
6629 - NETBIOS SMB rras RasRpcSubmitRequest unicode little endian object call overflow attempt (netbios.rules)
6630 - NETBIOS SMB-DS rras RasRpcSubmitRequest unicode little endian object call overflow attempt (netbios.rules)
6631 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX little endian object call overflow attempt (netbios.rules)
6632 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest little endian andx overflow attempt (netbios.rules)
6633 - NETBIOS SMB v4 rras RasRpcSubmitRequest WriteAndX little endian andx overflow attempt (netbios.rules)
6634 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest WriteAndX unicode andx overflow attempt (netbios.rules)
6635 - NETBIOS SMB v4 rras RasRpcSubmitRequest unicode little endian andx overflow attempt (netbios.rules)
6636 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest WriteAndX little endian andx overflow attempt (netbios.rules)
6637 - NETBIOS SMB v4 rras RasRpcSubmitRequest WriteAndX unicode little endian andx overflow attempt (netbios.rules)
6638 - NETBIOS SMB rras RasRpcSubmitRequest andx overflow attempt (netbios.rules)
6639 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX andx overflow attempt (netbios.rules)
6640 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX unicode andx overflow attempt (netbios.rules)
6641 - NETBIOS SMB rras RasRpcSubmitRequest unicode andx overflow attempt (netbios.rules)
6642 - NETBIOS SMB-DS rras RasRpcSubmitRequest unicode andx overflow attempt (netbios.rules)
6643 - NETBIOS SMB v4 rras RasRpcSubmitRequest andx overflow attempt (netbios.rules)
6644 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest WriteAndX andx overflow attempt (netbios.rules)
6645 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest unicode little endian andx overflow attempt (netbios.rules)
6646 - NETBIOS SMB v4 rras RasRpcSubmitRequest WriteAndX unicode andx overflow attempt (netbios.rules)
6647 - NETBIOS SMB v4 rras RasRpcSubmitRequest unicode andx overflow attempt (netbios.rules)
6648 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest unicode andx overflow attempt (netbios.rules)
6649 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest andx overflow attempt (netbios.rules)
6650 - NETBIOS SMB v4 rras RasRpcSubmitRequest WriteAndX andx overflow attempt (netbios.rules)
6651 - NETBIOS SMB-DS rras RasRpcSubmitRequest little endian andx overflow attempt (netbios.rules)
6652 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX unicode little endian andx overflow attempt (netbios.rules)
6653 - NETBIOS SMB rras RasRpcSubmitRequest little endian andx overflow attempt (netbios.rules)
6654 - NETBIOS SMB v4 rras RasRpcSubmitRequest little endian andx overflow attempt (netbios.rules)
6655 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX unicode little endian andx overflow attempt (netbios.rules)
6656 - NETBIOS SMB-DS rras RasRpcSubmitRequest little endian andx object call overflow attempt (netbios.rules)
6657 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX unicode little endian andx object call overflow attempt (netbios.rules)
6658 - NETBIOS SMB rras RasRpcSubmitRequest little endian andx object call overflow attempt (netbios.rules)
6659 - NETBIOS SMB-DS rras RasRpcSubmitRequest andx overflow attempt (netbios.rules)
6660 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX andx overflow attempt (netbios.rules)
6661 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX unicode andx overflow attempt (netbios.rules)
6662 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX little endian andx overflow attempt (netbios.rules)
6663 - NETBIOS SMB rras RasRpcSubmitRequest unicode little endian andx overflow attempt (netbios.rules)
6664 - NETBIOS SMB-DS rras RasRpcSubmitRequest unicode little endian andx overflow attempt (netbios.rules)
6665 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX little endian andx overflow attempt (netbios.rules)
6666 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest WriteAndX unicode little endian andx overflow attempt (netbios.rules)
6667 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX unicode little endian andx object call overflow attempt (netbios.rules)
6668 - NETBIOS SMB rras RasRpcSubmitRequest andx object call overflow attempt (netbios.rules)
6669 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX andx object call overflow attempt (netbios.rules)
6670 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX unicode andx object call overflow attempt (netbios.rules)
6671 - NETBIOS SMB rras RasRpcSubmitRequest unicode andx object call overflow attempt (netbios.rules)
6672 - NETBIOS SMB-DS rras RasRpcSubmitRequest unicode andx object call overflow attempt (netbios.rules)
6673 - NETBIOS SMB-DS rras RasRpcSubmitRequest andx object call overflow attempt (netbios.rules)
6674 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX andx object call overflow attempt (netbios.rules)
6675 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX unicode andx object call overflow attempt (netbios.rules)
6676 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX little endian andx object call overflow attempt (netbios.rules)
6677 - NETBIOS SMB rras RasRpcSubmitRequest unicode little endian andx object call overflow attempt (netbios.rules)
6678 - NETBIOS SMB-DS rras RasRpcSubmitRequest unicode little endian andx object call overflow attempt (netbios.rules)
6679 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX little endian andx object call overflow attempt (netbios.rules)
6680 - WEB-CLIENT Windows Media Transform Effects ActiveX CLSID unicode access (web-client.rules)
6681 - WEB-CLIENT Windows Media Transform Effects ActiveX CLSID access (web-client.rules)
6682 - WEB-CLIENT DXImageTransform.Microsoft.MMSpecialEffect2Inputs ActiveX function call access (web-client.rules)
6683 - WEB-CLIENT DXImageTransform.Microsoft.MMSpecialEffect1Input ActiveX CLSID unicode access (web-client.rules)
6684 - WEB-CLIENT DXImageTransform.Microsoft.MMSpecialEffect1Input ActiveX CLSID access (web-client.rules)
6685 - WEB-CLIENT DXImageTransform.Microsoft.MMSpecialEffect2Inputs ActiveX CLSID unicode access (web-client.rules)
6686 - WEB-CLIENT DXImageTransform.Microsoft.MMSpecialEffect2Inputs ActiveX CLSID access (web-client.rules)
6687 - WEB-CLIENT DXImageTransform.Microsoft.MMSpecialEffect1Input ActiveX function call access (web-client.rules)
6688 - WEB-CLIENT PNG file transfer (web-client.rules)
6689 - WEB-CLIENT Malformed PNG detected cHRM overflow attempt (web-client.rules)
6690 - WEB-CLIENT Malformed PNG detected iCCP overflow attempt (web-client.rules)
6691 - WEB-CLIENT Malformed PNG detected sBIT overflow attempt (web-client.rules)
6692 - WEB-CLIENT Malformed PNG detected sRGB overflow attempt (web-client.rules)
6693 - WEB-CLIENT Malformed PNG detected bKGD overflow attempt (web-client.rules)
6694 - WEB-CLIENT Malformed PNG detected hIST overflow attempt (web-client.rules)
6695 - WEB-CLIENT Malformed PNG detected tRNS overflow attempt (web-client.rules)
6696 - WEB-CLIENT Malformed PNG detected pHYs overflow attempt (web-client.rules)
6697 - WEB-CLIENT Malformed PNG detected sPLT overflow attempt (web-client.rules)
6698 - WEB-CLIENT Malformed PNG detected tIME overflow attempt (web-client.rules)
6699 - WEB-CLIENT Malformed PNG detected iTXt overflow attempt (web-client.rules)
6700 - WEB-CLIENT Malformed PNG detected tEXt overflow attempt (web-client.rules)
6701 - WEB-CLIENT Malformed PNG detected zTXt overflow attempt (web-client.rules)

Updated rules:
3628 - POLICY Data Rescue IDA Pro startup license check attempt (policy.rules)
5913 - SPYWARE-PUT Trickler smasoft webdownloader runtime detection (spyware-put.rules)