Talos Rules 2015-05-21
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the app-detect, blacklist, file-flash, file-multimedia, file-other, file-pdf, malware-backdoor, malware-cnc, os-windows, policy-other and server-other rule sets to provide coverage for emerging threats from these technologies.

Change logs

2015-05-21 14:35:35 UTC

Snort Subscriber Rules Update

Date: 2015-05-21

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:34556 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer overflow attempt (file-flash.rules)
 * 1:34555 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer overflow attempt (file-flash.rules)
 * 1:34554 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer overflow attempt (file-flash.rules)
 * 1:34558 <-> ENABLED <-> FILE-PDF Adobe Reader embedded JavaScript remote code execution attempt (file-pdf.rules)
 * 1:34561 <-> ENABLED <-> FILE-FLASH Adobe Flash Player asynchronous shader changes memory corruption attempt (file-flash.rules)
 * 1:34563 <-> ENABLED <-> FILE-FLASH Adobe Flash Player asynchronous shader changes memory corruption attempt (file-flash.rules)
 * 1:34564 <-> ENABLED <-> FILE-FLASH Adobe Flash Player asynchronous shader changes memory corruption attempt (file-flash.rules)
 * 1:34560 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader openDoc dangling pointer attempt (file-pdf.rules)
 * 1:34562 <-> ENABLED <-> FILE-FLASH Adobe Flash Player asynchronous shader changes memory corruption attempt (file-flash.rules)
 * 1:34559 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader openDoc dangling pointer attempt (file-pdf.rules)
 * 1:34544 <-> ENABLED <-> FILE-FLASH Adobe Flash Player GIF sprite kernel memory leak attempt (file-flash.rules)
 * 1:34545 <-> ENABLED <-> FILE-FLASH Adobe Flash Player GIF sprite kernel memory leak attempt (file-flash.rules)
 * 1:34546 <-> ENABLED <-> FILE-PDF Adobe Reader PCR null pointer dereference attempt (file-pdf.rules)
 * 1:34539 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:34543 <-> ENABLED <-> FILE-FLASH Adobe Flash Player GIF sprite kernel memory leak attempt (file-flash.rules)
 * 1:34541 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dalexis variant outbound connection (malware-cnc.rules)
 * 1:34542 <-> ENABLED <-> FILE-FLASH Adobe Flash Player GIF sprite kernel memory leak attempt (file-flash.rules)
 * 1:34538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:34540 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dalexis variant outbound connection (malware-cnc.rules)
 * 1:34537 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:34534 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PRC invalid index attempt (file-pdf.rules)
 * 1:34535 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PRC invalid index attempt (file-pdf.rules)
 * 1:34536 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:34533 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader customDictionaryExport information disclosure attempt (file-pdf.rules)
 * 1:34532 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader customDictionaryExport information disclosure attempt (file-pdf.rules)
 * 1:34529 <-> ENABLED <-> FILE-PDF Adobe Reader AVDoc use-after-free attempt (file-pdf.rules)
 * 1:34530 <-> DISABLED <-> FILE-OTHER Microsoft CAB incorrect version multiple antivirus evasion attempt (file-other.rules)
 * 1:34531 <-> DISABLED <-> FILE-OTHER Microsoft CAB incorrect version multiple antivirus evasion attempt (file-other.rules)
 * 1:34524 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType blend memory corruption attempt (file-pdf.rules)
 * 1:34528 <-> ENABLED <-> FILE-PDF Adobe Reader AVDoc use-after-free attempt (file-pdf.rules)
 * 1:34527 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Cooltype callother memory corruption attempt (file-pdf.rules)
 * 1:34525 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType blend memory corruption attempt (file-pdf.rules)
 * 1:34526 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Cooltype callother memory corruption attempt (file-pdf.rules)
 * 1:34521 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Button.filters type confusion remote code execution attempt (file-flash.rules)
 * 1:34523 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Button.filters type confusion remote code execution attempt (file-flash.rules)
 * 1:34519 <-> ENABLED <-> FILE-OTHER Adobe Flash Player invalid mpd memory corruption attempt (file-other.rules)
 * 1:34522 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Button.filters type confusion remote code execution attempt (file-flash.rules)
 * 1:34515 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader addAnnot invalid type conversion attempt (file-pdf.rules)
 * 1:34520 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Button.filters type confusion remote code execution attempt (file-flash.rules)
 * 1:34518 <-> ENABLED <-> FILE-OTHER Adobe Flash Player invalid mpd memory corruption attempt (file-other.rules)
 * 1:34514 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader addAnnot invalid type conversion attempt (file-pdf.rules)
 * 1:34517 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader addAnnot invalid type conversion attempt (file-pdf.rules)
 * 1:34516 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader addAnnot invalid type conversion attempt (file-pdf.rules)
 * 1:34513 <-> ENABLED <-> FILE-OTHER Adobe Flash Player mp4 avcC atom memory corruption attempt (file-other.rules)
 * 1:34511 <-> ENABLED <-> FILE-OTHER Adobe Flash Player mp4 avcC atom memory corruption attempt (file-other.rules)
 * 1:34509 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setSubscribedTagsForBackgroundManifest memory corruption attempt (file-flash.rules)
 * 1:34512 <-> ENABLED <-> FILE-OTHER Adobe Flash Player mp4 avcC atom memory corruption attempt (file-other.rules)
 * 1:34508 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setSubscribedTagsForBackgroundManifest memory corruption attempt (file-flash.rules)
 * 1:34510 <-> ENABLED <-> FILE-OTHER Adobe Flash Player mp4 avcC atom memory corruption attempt (file-other.rules)
 * 1:34507 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setCuePointTags memory corruption attempt (file-flash.rules)
 * 1:34504 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setSubscribedTags memory corruption attempt (file-flash.rules)
 * 1:34505 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setSubscribedTags memory corruption attempt (file-flash.rules)
 * 1:34506 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setCuePointTags memory corruption attempt (file-flash.rules)
 * 1:34501 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Wekby Torn variant outbound connection (malware-cnc.rules)
 * 1:34503 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript AVSS memory corruption attempt (file-flash.rules)
 * 1:34499 <-> DISABLED <-> OS-WINDOWS  Win32k.sys kernel-mode driver privilege escalation attempt (os-windows.rules)
 * 1:34502 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript AVSS memory corruption attempt (file-flash.rules)
 * 1:34498 <-> DISABLED <-> OS-WINDOWS  Win32k.sys kernel-mode driver privilege escalation attempt (os-windows.rules)
 * 1:34500 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Wekby Torn variant outbound connection (malware-backdoor.rules)
 * 1:34497 <-> DISABLED <-> APP-DETECT Your-Freedom DNS tunneling query response attempt (app-detect.rules)
 * 1:34494 <-> ENABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules)
 * 1:34495 <-> ENABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules)
 * 1:34496 <-> DISABLED <-> APP-DETECT Your-Freedom DNS tunneling query attempt (app-detect.rules)
 * 1:34493 <-> ENABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules)
 * 1:34492 <-> ENABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules)
 * 1:34490 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ngusto-uro.ru (blacklist.rules)
 * 1:34491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MalPutty variant outbound connection attempt (malware-cnc.rules)
 * 1:34557 <-> ENABLED <-> FILE-PDF Adobe Reader embedded JavaScript remote code execution attempt (file-pdf.rules)
 * 1:34553 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer overflow attempt (file-flash.rules)
 * 1:34551 <-> ENABLED <-> FILE-PDF Adobe Reader JavaScript API trustPropagatorFunction execution bypass attempt (file-pdf.rules)
 * 1:34489 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nalodew variant outbound connection attempt (malware-cnc.rules)
 * 1:34548 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader 11.0.09 keystroke combobox use after free attempt (file-pdf.rules)
 * 1:34550 <-> ENABLED <-> FILE-PDF Adobe Reader JavaScript API trustPropagatorFunction execution bypass attempt (file-pdf.rules)
 * 1:34547 <-> ENABLED <-> FILE-PDF Adobe Reader PCR null pointer dereference attempt (file-pdf.rules)
 * 1:34549 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader 11.0.09 keystroke combobox use after free attempt (file-pdf.rules)
 * 1:34552 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules)

Modified Rules:


 * 1:31376 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer mpeg width integer memory underflow attempt (file-multimedia.rules)
 * 1:34225 <-> DISABLED <-> PROTOCOL-FTP ProFTPD mod_copy remote code execution attempt (protocol-ftp.rules)
 * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules)
 * 1:28361 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules)
 * 1:21112 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer mpeg width integer memory underflow attempt (file-multimedia.rules)
 * 3:16534 <-> ENABLED <-> SERVER-OTHER Windows Server2000/2003/2008 SMTP service DNS MX lookup denial of service attempt (server-other.rules)

2015-05-21 14:35:35 UTC

Snort Subscriber Rules Update

Date: 2015-05-21

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2970.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:34563 <-> ENABLED <-> FILE-FLASH Adobe Flash Player asynchronous shader changes memory corruption attempt (file-flash.rules)
 * 1:34564 <-> ENABLED <-> FILE-FLASH Adobe Flash Player asynchronous shader changes memory corruption attempt (file-flash.rules)
 * 1:34559 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader openDoc dangling pointer attempt (file-pdf.rules)
 * 1:34562 <-> ENABLED <-> FILE-FLASH Adobe Flash Player asynchronous shader changes memory corruption attempt (file-flash.rules)
 * 1:34560 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader openDoc dangling pointer attempt (file-pdf.rules)
 * 1:34546 <-> ENABLED <-> FILE-PDF Adobe Reader PCR null pointer dereference attempt (file-pdf.rules)
 * 1:34544 <-> ENABLED <-> FILE-FLASH Adobe Flash Player GIF sprite kernel memory leak attempt (file-flash.rules)
 * 1:34545 <-> ENABLED <-> FILE-FLASH Adobe Flash Player GIF sprite kernel memory leak attempt (file-flash.rules)
 * 1:34542 <-> ENABLED <-> FILE-FLASH Adobe Flash Player GIF sprite kernel memory leak attempt (file-flash.rules)
 * 1:34543 <-> ENABLED <-> FILE-FLASH Adobe Flash Player GIF sprite kernel memory leak attempt (file-flash.rules)
 * 1:34540 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dalexis variant outbound connection (malware-cnc.rules)
 * 1:34541 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dalexis variant outbound connection (malware-cnc.rules)
 * 1:34538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:34539 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:34536 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:34537 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:34534 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PRC invalid index attempt (file-pdf.rules)
 * 1:34535 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PRC invalid index attempt (file-pdf.rules)
 * 1:34532 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader customDictionaryExport information disclosure attempt (file-pdf.rules)
 * 1:34533 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader customDictionaryExport information disclosure attempt (file-pdf.rules)
 * 1:34530 <-> DISABLED <-> FILE-OTHER Microsoft CAB incorrect version multiple antivirus evasion attempt (file-other.rules)
 * 1:34531 <-> DISABLED <-> FILE-OTHER Microsoft CAB incorrect version multiple antivirus evasion attempt (file-other.rules)
 * 1:34528 <-> ENABLED <-> FILE-PDF Adobe Reader AVDoc use-after-free attempt (file-pdf.rules)
 * 1:34529 <-> ENABLED <-> FILE-PDF Adobe Reader AVDoc use-after-free attempt (file-pdf.rules)
 * 1:34526 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Cooltype callother memory corruption attempt (file-pdf.rules)
 * 1:34527 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Cooltype callother memory corruption attempt (file-pdf.rules)
 * 1:34525 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType blend memory corruption attempt (file-pdf.rules)
 * 1:34524 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType blend memory corruption attempt (file-pdf.rules)
 * 1:34523 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Button.filters type confusion remote code execution attempt (file-flash.rules)
 * 1:34521 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Button.filters type confusion remote code execution attempt (file-flash.rules)
 * 1:34522 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Button.filters type confusion remote code execution attempt (file-flash.rules)
 * 1:34519 <-> ENABLED <-> FILE-OTHER Adobe Flash Player invalid mpd memory corruption attempt (file-other.rules)
 * 1:34520 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Button.filters type confusion remote code execution attempt (file-flash.rules)
 * 1:34517 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader addAnnot invalid type conversion attempt (file-pdf.rules)
 * 1:34518 <-> ENABLED <-> FILE-OTHER Adobe Flash Player invalid mpd memory corruption attempt (file-other.rules)
 * 1:34515 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader addAnnot invalid type conversion attempt (file-pdf.rules)
 * 1:34516 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader addAnnot invalid type conversion attempt (file-pdf.rules)
 * 1:34513 <-> ENABLED <-> FILE-OTHER Adobe Flash Player mp4 avcC atom memory corruption attempt (file-other.rules)
 * 1:34514 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader addAnnot invalid type conversion attempt (file-pdf.rules)
 * 1:34511 <-> ENABLED <-> FILE-OTHER Adobe Flash Player mp4 avcC atom memory corruption attempt (file-other.rules)
 * 1:34512 <-> ENABLED <-> FILE-OTHER Adobe Flash Player mp4 avcC atom memory corruption attempt (file-other.rules)
 * 1:34509 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setSubscribedTagsForBackgroundManifest memory corruption attempt (file-flash.rules)
 * 1:34510 <-> ENABLED <-> FILE-OTHER Adobe Flash Player mp4 avcC atom memory corruption attempt (file-other.rules)
 * 1:34507 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setCuePointTags memory corruption attempt (file-flash.rules)
 * 1:34508 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setSubscribedTagsForBackgroundManifest memory corruption attempt (file-flash.rules)
 * 1:34505 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setSubscribedTags memory corruption attempt (file-flash.rules)
 * 1:34506 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setCuePointTags memory corruption attempt (file-flash.rules)
 * 1:34503 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript AVSS memory corruption attempt (file-flash.rules)
 * 1:34504 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setSubscribedTags memory corruption attempt (file-flash.rules)
 * 1:34501 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Wekby Torn variant outbound connection (malware-cnc.rules)
 * 1:34502 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript AVSS memory corruption attempt (file-flash.rules)
 * 1:34499 <-> DISABLED <-> OS-WINDOWS  Win32k.sys kernel-mode driver privilege escalation attempt (os-windows.rules)
 * 1:34500 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Wekby Torn variant outbound connection (malware-backdoor.rules)
 * 1:34497 <-> DISABLED <-> APP-DETECT Your-Freedom DNS tunneling query response attempt (app-detect.rules)
 * 1:34498 <-> DISABLED <-> OS-WINDOWS  Win32k.sys kernel-mode driver privilege escalation attempt (os-windows.rules)
 * 1:34495 <-> ENABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules)
 * 1:34496 <-> DISABLED <-> APP-DETECT Your-Freedom DNS tunneling query attempt (app-detect.rules)
 * 1:34493 <-> ENABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules)
 * 1:34494 <-> ENABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules)
 * 1:34491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MalPutty variant outbound connection attempt (malware-cnc.rules)
 * 1:34492 <-> ENABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules)
 * 1:34490 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ngusto-uro.ru (blacklist.rules)
 * 1:34556 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer overflow attempt (file-flash.rules)
 * 1:34555 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer overflow attempt (file-flash.rules)
 * 1:34554 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer overflow attempt (file-flash.rules)
 * 1:34551 <-> ENABLED <-> FILE-PDF Adobe Reader JavaScript API trustPropagatorFunction execution bypass attempt (file-pdf.rules)
 * 1:34553 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer overflow attempt (file-flash.rules)
 * 1:34558 <-> ENABLED <-> FILE-PDF Adobe Reader embedded JavaScript remote code execution attempt (file-pdf.rules)
 * 1:34561 <-> ENABLED <-> FILE-FLASH Adobe Flash Player asynchronous shader changes memory corruption attempt (file-flash.rules)
 * 1:34489 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nalodew variant outbound connection attempt (malware-cnc.rules)
 * 1:34557 <-> ENABLED <-> FILE-PDF Adobe Reader embedded JavaScript remote code execution attempt (file-pdf.rules)
 * 1:34552 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules)
 * 1:34550 <-> ENABLED <-> FILE-PDF Adobe Reader JavaScript API trustPropagatorFunction execution bypass attempt (file-pdf.rules)
 * 1:34549 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader 11.0.09 keystroke combobox use after free attempt (file-pdf.rules)
 * 1:34548 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader 11.0.09 keystroke combobox use after free attempt (file-pdf.rules)
 * 1:34547 <-> ENABLED <-> FILE-PDF Adobe Reader PCR null pointer dereference attempt (file-pdf.rules)

Modified Rules:


 * 1:21112 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer mpeg width integer memory underflow attempt (file-multimedia.rules)
 * 1:31376 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer mpeg width integer memory underflow attempt (file-multimedia.rules)
 * 1:28361 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules)
 * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules)
 * 1:34225 <-> DISABLED <-> PROTOCOL-FTP ProFTPD mod_copy remote code execution attempt (protocol-ftp.rules)
 * 3:16534 <-> ENABLED <-> SERVER-OTHER Windows Server2000/2003/2008 SMTP service DNS MX lookup denial of service attempt (server-other.rules)

2015-05-21 14:35:35 UTC

Snort Subscriber Rules Update

Date: 2015-05-21

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2972.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:34546 <-> ENABLED <-> FILE-PDF Adobe Reader PCR null pointer dereference attempt (file-pdf.rules)
 * 1:34545 <-> ENABLED <-> FILE-FLASH Adobe Flash Player GIF sprite kernel memory leak attempt (file-flash.rules)
 * 1:34543 <-> ENABLED <-> FILE-FLASH Adobe Flash Player GIF sprite kernel memory leak attempt (file-flash.rules)
 * 1:34544 <-> ENABLED <-> FILE-FLASH Adobe Flash Player GIF sprite kernel memory leak attempt (file-flash.rules)
 * 1:34542 <-> ENABLED <-> FILE-FLASH Adobe Flash Player GIF sprite kernel memory leak attempt (file-flash.rules)
 * 1:34540 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dalexis variant outbound connection (malware-cnc.rules)
 * 1:34541 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dalexis variant outbound connection (malware-cnc.rules)
 * 1:34538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:34539 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:34536 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:34537 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:34535 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PRC invalid index attempt (file-pdf.rules)
 * 1:34533 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader customDictionaryExport information disclosure attempt (file-pdf.rules)
 * 1:34534 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PRC invalid index attempt (file-pdf.rules)
 * 1:34531 <-> DISABLED <-> FILE-OTHER Microsoft CAB incorrect version multiple antivirus evasion attempt (file-other.rules)
 * 1:34532 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader customDictionaryExport information disclosure attempt (file-pdf.rules)
 * 1:34529 <-> ENABLED <-> FILE-PDF Adobe Reader AVDoc use-after-free attempt (file-pdf.rules)
 * 1:34530 <-> DISABLED <-> FILE-OTHER Microsoft CAB incorrect version multiple antivirus evasion attempt (file-other.rules)
 * 1:34527 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Cooltype callother memory corruption attempt (file-pdf.rules)
 * 1:34528 <-> ENABLED <-> FILE-PDF Adobe Reader AVDoc use-after-free attempt (file-pdf.rules)
 * 1:34525 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType blend memory corruption attempt (file-pdf.rules)
 * 1:34526 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Cooltype callother memory corruption attempt (file-pdf.rules)
 * 1:34523 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Button.filters type confusion remote code execution attempt (file-flash.rules)
 * 1:34524 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType blend memory corruption attempt (file-pdf.rules)
 * 1:34521 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Button.filters type confusion remote code execution attempt (file-flash.rules)
 * 1:34522 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Button.filters type confusion remote code execution attempt (file-flash.rules)
 * 1:34519 <-> ENABLED <-> FILE-OTHER Adobe Flash Player invalid mpd memory corruption attempt (file-other.rules)
 * 1:34520 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Button.filters type confusion remote code execution attempt (file-flash.rules)
 * 1:34517 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader addAnnot invalid type conversion attempt (file-pdf.rules)
 * 1:34518 <-> ENABLED <-> FILE-OTHER Adobe Flash Player invalid mpd memory corruption attempt (file-other.rules)
 * 1:34516 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader addAnnot invalid type conversion attempt (file-pdf.rules)
 * 1:34515 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader addAnnot invalid type conversion attempt (file-pdf.rules)
 * 1:34513 <-> ENABLED <-> FILE-OTHER Adobe Flash Player mp4 avcC atom memory corruption attempt (file-other.rules)
 * 1:34514 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader addAnnot invalid type conversion attempt (file-pdf.rules)
 * 1:34511 <-> ENABLED <-> FILE-OTHER Adobe Flash Player mp4 avcC atom memory corruption attempt (file-other.rules)
 * 1:34512 <-> ENABLED <-> FILE-OTHER Adobe Flash Player mp4 avcC atom memory corruption attempt (file-other.rules)
 * 1:34509 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setSubscribedTagsForBackgroundManifest memory corruption attempt (file-flash.rules)
 * 1:34510 <-> ENABLED <-> FILE-OTHER Adobe Flash Player mp4 avcC atom memory corruption attempt (file-other.rules)
 * 1:34507 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setCuePointTags memory corruption attempt (file-flash.rules)
 * 1:34508 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setSubscribedTagsForBackgroundManifest memory corruption attempt (file-flash.rules)
 * 1:34505 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setSubscribedTags memory corruption attempt (file-flash.rules)
 * 1:34506 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setCuePointTags memory corruption attempt (file-flash.rules)
 * 1:34503 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript AVSS memory corruption attempt (file-flash.rules)
 * 1:34504 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setSubscribedTags memory corruption attempt (file-flash.rules)
 * 1:34501 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Wekby Torn variant outbound connection (malware-cnc.rules)
 * 1:34502 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript AVSS memory corruption attempt (file-flash.rules)
 * 1:34499 <-> DISABLED <-> OS-WINDOWS  Win32k.sys kernel-mode driver privilege escalation attempt (os-windows.rules)
 * 1:34500 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Wekby Torn variant outbound connection (malware-backdoor.rules)
 * 1:34497 <-> DISABLED <-> APP-DETECT Your-Freedom DNS tunneling query response attempt (app-detect.rules)
 * 1:34498 <-> DISABLED <-> OS-WINDOWS  Win32k.sys kernel-mode driver privilege escalation attempt (os-windows.rules)
 * 1:34495 <-> ENABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules)
 * 1:34496 <-> DISABLED <-> APP-DETECT Your-Freedom DNS tunneling query attempt (app-detect.rules)
 * 1:34493 <-> ENABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules)
 * 1:34494 <-> ENABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules)
 * 1:34491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MalPutty variant outbound connection attempt (malware-cnc.rules)
 * 1:34492 <-> ENABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules)
 * 1:34490 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ngusto-uro.ru (blacklist.rules)
 * 1:34489 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nalodew variant outbound connection attempt (malware-cnc.rules)
 * 1:34564 <-> ENABLED <-> FILE-FLASH Adobe Flash Player asynchronous shader changes memory corruption attempt (file-flash.rules)
 * 1:34563 <-> ENABLED <-> FILE-FLASH Adobe Flash Player asynchronous shader changes memory corruption attempt (file-flash.rules)
 * 1:34562 <-> ENABLED <-> FILE-FLASH Adobe Flash Player asynchronous shader changes memory corruption attempt (file-flash.rules)
 * 1:34561 <-> ENABLED <-> FILE-FLASH Adobe Flash Player asynchronous shader changes memory corruption attempt (file-flash.rules)
 * 1:34560 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader openDoc dangling pointer attempt (file-pdf.rules)
 * 1:34559 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader openDoc dangling pointer attempt (file-pdf.rules)
 * 1:34558 <-> ENABLED <-> FILE-PDF Adobe Reader embedded JavaScript remote code execution attempt (file-pdf.rules)
 * 1:34557 <-> ENABLED <-> FILE-PDF Adobe Reader embedded JavaScript remote code execution attempt (file-pdf.rules)
 * 1:34556 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer overflow attempt (file-flash.rules)
 * 1:34555 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer overflow attempt (file-flash.rules)
 * 1:34554 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer overflow attempt (file-flash.rules)
 * 1:34553 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer overflow attempt (file-flash.rules)
 * 1:34551 <-> ENABLED <-> FILE-PDF Adobe Reader JavaScript API trustPropagatorFunction execution bypass attempt (file-pdf.rules)
 * 1:34552 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules)
 * 1:34550 <-> ENABLED <-> FILE-PDF Adobe Reader JavaScript API trustPropagatorFunction execution bypass attempt (file-pdf.rules)
 * 1:34549 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader 11.0.09 keystroke combobox use after free attempt (file-pdf.rules)
 * 1:34548 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader 11.0.09 keystroke combobox use after free attempt (file-pdf.rules)
 * 1:34547 <-> ENABLED <-> FILE-PDF Adobe Reader PCR null pointer dereference attempt (file-pdf.rules)

Modified Rules:


 * 1:34225 <-> DISABLED <-> PROTOCOL-FTP ProFTPD mod_copy remote code execution attempt (protocol-ftp.rules)
 * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules)
 * 1:31376 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer mpeg width integer memory underflow attempt (file-multimedia.rules)
 * 1:21112 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer mpeg width integer memory underflow attempt (file-multimedia.rules)
 * 1:28361 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules)
 * 3:16534 <-> ENABLED <-> SERVER-OTHER Windows Server2000/2003/2008 SMTP service DNS MX lookup denial of service attempt (server-other.rules)

2015-05-21 14:35:35 UTC

Snort Subscriber Rules Update

Date: 2015-05-21

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2973.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:34564 <-> ENABLED <-> FILE-FLASH Adobe Flash Player asynchronous shader changes memory corruption attempt (file-flash.rules)
 * 1:34563 <-> ENABLED <-> FILE-FLASH Adobe Flash Player asynchronous shader changes memory corruption attempt (file-flash.rules)
 * 1:34562 <-> ENABLED <-> FILE-FLASH Adobe Flash Player asynchronous shader changes memory corruption attempt (file-flash.rules)
 * 1:34561 <-> ENABLED <-> FILE-FLASH Adobe Flash Player asynchronous shader changes memory corruption attempt (file-flash.rules)
 * 1:34560 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader openDoc dangling pointer attempt (file-pdf.rules)
 * 1:34559 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader openDoc dangling pointer attempt (file-pdf.rules)
 * 1:34558 <-> ENABLED <-> FILE-PDF Adobe Reader embedded JavaScript remote code execution attempt (file-pdf.rules)
 * 1:34557 <-> ENABLED <-> FILE-PDF Adobe Reader embedded JavaScript remote code execution attempt (file-pdf.rules)
 * 1:34556 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer overflow attempt (file-flash.rules)
 * 1:34555 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer overflow attempt (file-flash.rules)
 * 1:34554 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer overflow attempt (file-flash.rules)
 * 1:34553 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer overflow attempt (file-flash.rules)
 * 1:34552 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules)
 * 1:34551 <-> ENABLED <-> FILE-PDF Adobe Reader JavaScript API trustPropagatorFunction execution bypass attempt (file-pdf.rules)
 * 1:34550 <-> ENABLED <-> FILE-PDF Adobe Reader JavaScript API trustPropagatorFunction execution bypass attempt (file-pdf.rules)
 * 1:34549 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader 11.0.09 keystroke combobox use after free attempt (file-pdf.rules)
 * 1:34548 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader 11.0.09 keystroke combobox use after free attempt (file-pdf.rules)
 * 1:34547 <-> ENABLED <-> FILE-PDF Adobe Reader PCR null pointer dereference attempt (file-pdf.rules)
 * 1:34546 <-> ENABLED <-> FILE-PDF Adobe Reader PCR null pointer dereference attempt (file-pdf.rules)
 * 1:34545 <-> ENABLED <-> FILE-FLASH Adobe Flash Player GIF sprite kernel memory leak attempt (file-flash.rules)
 * 1:34544 <-> ENABLED <-> FILE-FLASH Adobe Flash Player GIF sprite kernel memory leak attempt (file-flash.rules)
 * 1:34543 <-> ENABLED <-> FILE-FLASH Adobe Flash Player GIF sprite kernel memory leak attempt (file-flash.rules)
 * 1:34542 <-> ENABLED <-> FILE-FLASH Adobe Flash Player GIF sprite kernel memory leak attempt (file-flash.rules)
 * 1:34541 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dalexis variant outbound connection (malware-cnc.rules)
 * 1:34540 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dalexis variant outbound connection (malware-cnc.rules)
 * 1:34539 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:34538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:34537 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:34536 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:34535 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PRC invalid index attempt (file-pdf.rules)
 * 1:34534 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PRC invalid index attempt (file-pdf.rules)
 * 1:34533 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader customDictionaryExport information disclosure attempt (file-pdf.rules)
 * 1:34532 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader customDictionaryExport information disclosure attempt (file-pdf.rules)
 * 1:34531 <-> DISABLED <-> FILE-OTHER Microsoft CAB incorrect version multiple antivirus evasion attempt (file-other.rules)
 * 1:34530 <-> DISABLED <-> FILE-OTHER Microsoft CAB incorrect version multiple antivirus evasion attempt (file-other.rules)
 * 1:34529 <-> ENABLED <-> FILE-PDF Adobe Reader AVDoc use-after-free attempt (file-pdf.rules)
 * 1:34528 <-> ENABLED <-> FILE-PDF Adobe Reader AVDoc use-after-free attempt (file-pdf.rules)
 * 1:34527 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Cooltype callother memory corruption attempt (file-pdf.rules)
 * 1:34526 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Cooltype callother memory corruption attempt (file-pdf.rules)
 * 1:34525 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType blend memory corruption attempt (file-pdf.rules)
 * 1:34524 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType blend memory corruption attempt (file-pdf.rules)
 * 1:34523 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Button.filters type confusion remote code execution attempt (file-flash.rules)
 * 1:34522 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Button.filters type confusion remote code execution attempt (file-flash.rules)
 * 1:34521 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Button.filters type confusion remote code execution attempt (file-flash.rules)
 * 1:34520 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Button.filters type confusion remote code execution attempt (file-flash.rules)
 * 1:34519 <-> ENABLED <-> FILE-OTHER Adobe Flash Player invalid mpd memory corruption attempt (file-other.rules)
 * 1:34518 <-> ENABLED <-> FILE-OTHER Adobe Flash Player invalid mpd memory corruption attempt (file-other.rules)
 * 1:34517 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader addAnnot invalid type conversion attempt (file-pdf.rules)
 * 1:34516 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader addAnnot invalid type conversion attempt (file-pdf.rules)
 * 1:34515 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader addAnnot invalid type conversion attempt (file-pdf.rules)
 * 1:34514 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader addAnnot invalid type conversion attempt (file-pdf.rules)
 * 1:34513 <-> ENABLED <-> FILE-OTHER Adobe Flash Player mp4 avcC atom memory corruption attempt (file-other.rules)
 * 1:34512 <-> ENABLED <-> FILE-OTHER Adobe Flash Player mp4 avcC atom memory corruption attempt (file-other.rules)
 * 1:34511 <-> ENABLED <-> FILE-OTHER Adobe Flash Player mp4 avcC atom memory corruption attempt (file-other.rules)
 * 1:34510 <-> ENABLED <-> FILE-OTHER Adobe Flash Player mp4 avcC atom memory corruption attempt (file-other.rules)
 * 1:34509 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setSubscribedTagsForBackgroundManifest memory corruption attempt (file-flash.rules)
 * 1:34508 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setSubscribedTagsForBackgroundManifest memory corruption attempt (file-flash.rules)
 * 1:34507 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setCuePointTags memory corruption attempt (file-flash.rules)
 * 1:34506 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setCuePointTags memory corruption attempt (file-flash.rules)
 * 1:34505 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setSubscribedTags memory corruption attempt (file-flash.rules)
 * 1:34504 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setSubscribedTags memory corruption attempt (file-flash.rules)
 * 1:34503 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript AVSS memory corruption attempt (file-flash.rules)
 * 1:34502 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript AVSS memory corruption attempt (file-flash.rules)
 * 1:34501 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Wekby Torn variant outbound connection (malware-cnc.rules)
 * 1:34500 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Wekby Torn variant outbound connection (malware-backdoor.rules)
 * 1:34499 <-> DISABLED <-> OS-WINDOWS  Win32k.sys kernel-mode driver privilege escalation attempt (os-windows.rules)
 * 1:34498 <-> DISABLED <-> OS-WINDOWS  Win32k.sys kernel-mode driver privilege escalation attempt (os-windows.rules)
 * 1:34497 <-> DISABLED <-> APP-DETECT Your-Freedom DNS tunneling query response attempt (app-detect.rules)
 * 1:34496 <-> DISABLED <-> APP-DETECT Your-Freedom DNS tunneling query attempt (app-detect.rules)
 * 1:34495 <-> ENABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules)
 * 1:34494 <-> ENABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules)
 * 1:34493 <-> ENABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules)
 * 1:34492 <-> ENABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules)
 * 1:34491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MalPutty variant outbound connection attempt (malware-cnc.rules)
 * 1:34490 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ngusto-uro.ru (blacklist.rules)
 * 1:34489 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nalodew variant outbound connection attempt (malware-cnc.rules)

Modified Rules:


 * 1:21112 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer mpeg width integer memory underflow attempt (file-multimedia.rules)
 * 1:28361 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules)
 * 1:31376 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer mpeg width integer memory underflow attempt (file-multimedia.rules)
 * 1:34225 <-> DISABLED <-> PROTOCOL-FTP ProFTPD mod_copy remote code execution attempt (protocol-ftp.rules)
 * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules)
 * 3:16534 <-> ENABLED <-> SERVER-OTHER Windows Server2000/2003/2008 SMTP service DNS MX lookup denial of service attempt (server-other.rules)