Talos has added and modified multiple rules in the content-replace and malware-other rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56835 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TroubleGrabber outbound communication attempt (malware-cnc.rules) * 1:56834 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TroubleGrabber outbound communication attempt (malware-cnc.rules) * 1:56836 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.TroubleGrabber external tools download attempt (malware-other.rules) * 1:56837 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.TroubleGrabber external tools download attempt (malware-other.rules)
* 1:12031 <-> DISABLED <-> CONTENT-REPLACE MSN deny in-bound file transfer attempts (content-replace.rules) * 1:12032 <-> DISABLED <-> CONTENT-REPLACE MSN deny out-bound file transfer attempts (content-replace.rules) * 1:12033 <-> DISABLED <-> CONTENT-REPLACE Jabber deny in-bound file transfer attempts (content-replace.rules) * 1:12034 <-> DISABLED <-> CONTENT-REPLACE Jabber deny out-bound file transfer attempts (content-replace.rules) * 1:12035 <-> DISABLED <-> CONTENT-REPLACE IRC deny in-bound file transfer attempts (content-replace.rules) * 1:12036 <-> DISABLED <-> CONTENT-REPLACE IRC deny out-bound file transfer attempts (content-replace.rules) * 1:12037 <-> DISABLED <-> CONTENT-REPLACE AIM deny in-bound file transfer attempts (content-replace.rules) * 1:12038 <-> DISABLED <-> CONTENT-REPLACE AIM deny out-bound file transfer attempts (content-replace.rules) * 1:12039 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny in-bound file transfer attempts (content-replace.rules) * 1:12040 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny out-bound file transfer attempts (content-replace.rules) * 1:12041 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger V7 deny in-bound file transfer attempts (content-replace.rules) * 1:12042 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger V7 deny out-bound file transfer attempts (content-replace.rules) * 1:15415 <-> DISABLED <-> CONTENT-REPLACE AIM or ICQ deny unencrypted login connection (content-replace.rules) * 1:15417 <-> DISABLED <-> CONTENT-REPLACE AIM deny server certificate for encrypted login (content-replace.rules) * 1:15420 <-> DISABLED <-> CONTENT-REPLACE MSN deny login (content-replace.rules) * 1:15429 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny outbound login attempt (content-replace.rules) * 1:15438 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny udp login (content-replace.rules) * 1:15439 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny tcp login (content-replace.rules) * 1:15440 <-> DISABLED <-> CONTENT-REPLACE QQ 2008 deny udp login (content-replace.rules) * 1:15441 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny tcp login (content-replace.rules) * 1:15570 <-> DISABLED <-> CONTENT-REPLACE Google Talk deny login (content-replace.rules) * 1:18469 <-> DISABLED <-> CONTENT-REPLACE Microsoft Windows Encrypted DCERPC request attempt (content-replace.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56834 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TroubleGrabber outbound communication attempt (malware-cnc.rules) * 1:56835 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TroubleGrabber outbound communication attempt (malware-cnc.rules) * 1:56836 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.TroubleGrabber external tools download attempt (malware-other.rules) * 1:56837 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.TroubleGrabber external tools download attempt (malware-other.rules)
* 1:12037 <-> DISABLED <-> CONTENT-REPLACE AIM deny in-bound file transfer attempts (content-replace.rules) * 1:12036 <-> DISABLED <-> CONTENT-REPLACE IRC deny out-bound file transfer attempts (content-replace.rules) * 1:12039 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny in-bound file transfer attempts (content-replace.rules) * 1:12038 <-> DISABLED <-> CONTENT-REPLACE AIM deny out-bound file transfer attempts (content-replace.rules) * 1:12041 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger V7 deny in-bound file transfer attempts (content-replace.rules) * 1:12040 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny out-bound file transfer attempts (content-replace.rules) * 1:15415 <-> DISABLED <-> CONTENT-REPLACE AIM or ICQ deny unencrypted login connection (content-replace.rules) * 1:12042 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger V7 deny out-bound file transfer attempts (content-replace.rules) * 1:15417 <-> DISABLED <-> CONTENT-REPLACE AIM deny server certificate for encrypted login (content-replace.rules) * 1:15420 <-> DISABLED <-> CONTENT-REPLACE MSN deny login (content-replace.rules) * 1:15429 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny outbound login attempt (content-replace.rules) * 1:12032 <-> DISABLED <-> CONTENT-REPLACE MSN deny out-bound file transfer attempts (content-replace.rules) * 1:15438 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny udp login (content-replace.rules) * 1:15439 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny tcp login (content-replace.rules) * 1:15441 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny tcp login (content-replace.rules) * 1:12033 <-> DISABLED <-> CONTENT-REPLACE Jabber deny in-bound file transfer attempts (content-replace.rules) * 1:12034 <-> DISABLED <-> CONTENT-REPLACE Jabber deny out-bound file transfer attempts (content-replace.rules) * 1:12035 <-> DISABLED <-> CONTENT-REPLACE IRC deny in-bound file transfer attempts (content-replace.rules) * 1:12031 <-> DISABLED <-> CONTENT-REPLACE MSN deny in-bound file transfer attempts (content-replace.rules) * 1:15440 <-> DISABLED <-> CONTENT-REPLACE QQ 2008 deny udp login (content-replace.rules) * 1:15570 <-> DISABLED <-> CONTENT-REPLACE Google Talk deny login (content-replace.rules) * 1:18469 <-> DISABLED <-> CONTENT-REPLACE Microsoft Windows Encrypted DCERPC request attempt (content-replace.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56836 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.TroubleGrabber external tools download attempt (malware-other.rules) * 1:56837 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.TroubleGrabber external tools download attempt (malware-other.rules) * 1:56834 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TroubleGrabber outbound communication attempt (malware-cnc.rules) * 1:56835 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TroubleGrabber outbound communication attempt (malware-cnc.rules)
* 1:12034 <-> DISABLED <-> CONTENT-REPLACE Jabber deny out-bound file transfer attempts (content-replace.rules) * 1:12031 <-> DISABLED <-> CONTENT-REPLACE MSN deny in-bound file transfer attempts (content-replace.rules) * 1:12032 <-> DISABLED <-> CONTENT-REPLACE MSN deny out-bound file transfer attempts (content-replace.rules) * 1:12040 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny out-bound file transfer attempts (content-replace.rules) * 1:12033 <-> DISABLED <-> CONTENT-REPLACE Jabber deny in-bound file transfer attempts (content-replace.rules) * 1:15415 <-> DISABLED <-> CONTENT-REPLACE AIM or ICQ deny unencrypted login connection (content-replace.rules) * 1:15570 <-> DISABLED <-> CONTENT-REPLACE Google Talk deny login (content-replace.rules) * 1:18469 <-> DISABLED <-> CONTENT-REPLACE Microsoft Windows Encrypted DCERPC request attempt (content-replace.rules) * 1:12035 <-> DISABLED <-> CONTENT-REPLACE IRC deny in-bound file transfer attempts (content-replace.rules) * 1:15440 <-> DISABLED <-> CONTENT-REPLACE QQ 2008 deny udp login (content-replace.rules) * 1:15438 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny udp login (content-replace.rules) * 1:15429 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny outbound login attempt (content-replace.rules) * 1:15441 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny tcp login (content-replace.rules) * 1:15439 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny tcp login (content-replace.rules) * 1:12036 <-> DISABLED <-> CONTENT-REPLACE IRC deny out-bound file transfer attempts (content-replace.rules) * 1:12041 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger V7 deny in-bound file transfer attempts (content-replace.rules) * 1:12042 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger V7 deny out-bound file transfer attempts (content-replace.rules) * 1:12037 <-> DISABLED <-> CONTENT-REPLACE AIM deny in-bound file transfer attempts (content-replace.rules) * 1:12038 <-> DISABLED <-> CONTENT-REPLACE AIM deny out-bound file transfer attempts (content-replace.rules) * 1:15417 <-> DISABLED <-> CONTENT-REPLACE AIM deny server certificate for encrypted login (content-replace.rules) * 1:12039 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny in-bound file transfer attempts (content-replace.rules) * 1:15420 <-> DISABLED <-> CONTENT-REPLACE MSN deny login (content-replace.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56837 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.TroubleGrabber external tools download attempt (malware-other.rules) * 1:56836 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.TroubleGrabber external tools download attempt (malware-other.rules) * 1:56835 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TroubleGrabber outbound communication attempt (malware-cnc.rules) * 1:56834 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TroubleGrabber outbound communication attempt (malware-cnc.rules)
* 1:12035 <-> DISABLED <-> CONTENT-REPLACE IRC deny in-bound file transfer attempts (content-replace.rules) * 1:15420 <-> DISABLED <-> CONTENT-REPLACE MSN deny login (content-replace.rules) * 1:15438 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny udp login (content-replace.rules) * 1:12032 <-> DISABLED <-> CONTENT-REPLACE MSN deny out-bound file transfer attempts (content-replace.rules) * 1:15440 <-> DISABLED <-> CONTENT-REPLACE QQ 2008 deny udp login (content-replace.rules) * 1:18469 <-> DISABLED <-> CONTENT-REPLACE Microsoft Windows Encrypted DCERPC request attempt (content-replace.rules) * 1:12033 <-> DISABLED <-> CONTENT-REPLACE Jabber deny in-bound file transfer attempts (content-replace.rules) * 1:15570 <-> DISABLED <-> CONTENT-REPLACE Google Talk deny login (content-replace.rules) * 1:12031 <-> DISABLED <-> CONTENT-REPLACE MSN deny in-bound file transfer attempts (content-replace.rules) * 1:15429 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny outbound login attempt (content-replace.rules) * 1:12034 <-> DISABLED <-> CONTENT-REPLACE Jabber deny out-bound file transfer attempts (content-replace.rules) * 1:15439 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny tcp login (content-replace.rules) * 1:12036 <-> DISABLED <-> CONTENT-REPLACE IRC deny out-bound file transfer attempts (content-replace.rules) * 1:15441 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny tcp login (content-replace.rules) * 1:12037 <-> DISABLED <-> CONTENT-REPLACE AIM deny in-bound file transfer attempts (content-replace.rules) * 1:12038 <-> DISABLED <-> CONTENT-REPLACE AIM deny out-bound file transfer attempts (content-replace.rules) * 1:12039 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny in-bound file transfer attempts (content-replace.rules) * 1:12040 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny out-bound file transfer attempts (content-replace.rules) * 1:12041 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger V7 deny in-bound file transfer attempts (content-replace.rules) * 1:12042 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger V7 deny out-bound file transfer attempts (content-replace.rules) * 1:15415 <-> DISABLED <-> CONTENT-REPLACE AIM or ICQ deny unencrypted login connection (content-replace.rules) * 1:15417 <-> DISABLED <-> CONTENT-REPLACE AIM deny server certificate for encrypted login (content-replace.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56836 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.TroubleGrabber external tools download attempt (malware-other.rules) * 1:56837 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.TroubleGrabber external tools download attempt (malware-other.rules) * 1:56834 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TroubleGrabber outbound communication attempt (malware-cnc.rules) * 1:56835 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TroubleGrabber outbound communication attempt (malware-cnc.rules)
* 1:12032 <-> DISABLED <-> CONTENT-REPLACE MSN deny out-bound file transfer attempts (content-replace.rules) * 1:15570 <-> DISABLED <-> CONTENT-REPLACE Google Talk deny login (content-replace.rules) * 1:18469 <-> DISABLED <-> CONTENT-REPLACE Microsoft Windows Encrypted DCERPC request attempt (content-replace.rules) * 1:12033 <-> DISABLED <-> CONTENT-REPLACE Jabber deny in-bound file transfer attempts (content-replace.rules) * 1:15440 <-> DISABLED <-> CONTENT-REPLACE QQ 2008 deny udp login (content-replace.rules) * 1:12031 <-> DISABLED <-> CONTENT-REPLACE MSN deny in-bound file transfer attempts (content-replace.rules) * 1:15438 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny udp login (content-replace.rules) * 1:12036 <-> DISABLED <-> CONTENT-REPLACE IRC deny out-bound file transfer attempts (content-replace.rules) * 1:12037 <-> DISABLED <-> CONTENT-REPLACE AIM deny in-bound file transfer attempts (content-replace.rules) * 1:12038 <-> DISABLED <-> CONTENT-REPLACE AIM deny out-bound file transfer attempts (content-replace.rules) * 1:12039 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny in-bound file transfer attempts (content-replace.rules) * 1:12040 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny out-bound file transfer attempts (content-replace.rules) * 1:15439 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny tcp login (content-replace.rules) * 1:12041 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger V7 deny in-bound file transfer attempts (content-replace.rules) * 1:15429 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny outbound login attempt (content-replace.rules) * 1:12034 <-> DISABLED <-> CONTENT-REPLACE Jabber deny out-bound file transfer attempts (content-replace.rules) * 1:15441 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny tcp login (content-replace.rules) * 1:12042 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger V7 deny out-bound file transfer attempts (content-replace.rules) * 1:15415 <-> DISABLED <-> CONTENT-REPLACE AIM or ICQ deny unencrypted login connection (content-replace.rules) * 1:15417 <-> DISABLED <-> CONTENT-REPLACE AIM deny server certificate for encrypted login (content-replace.rules) * 1:12035 <-> DISABLED <-> CONTENT-REPLACE IRC deny in-bound file transfer attempts (content-replace.rules) * 1:15420 <-> DISABLED <-> CONTENT-REPLACE MSN deny login (content-replace.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56834 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TroubleGrabber outbound communication attempt (malware-cnc.rules) * 1:56835 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TroubleGrabber outbound communication attempt (malware-cnc.rules) * 1:56837 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.TroubleGrabber external tools download attempt (malware-other.rules) * 1:56836 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.TroubleGrabber external tools download attempt (malware-other.rules)
* 1:15440 <-> DISABLED <-> CONTENT-REPLACE QQ 2008 deny udp login (content-replace.rules) * 1:12037 <-> DISABLED <-> CONTENT-REPLACE AIM deny in-bound file transfer attempts (content-replace.rules) * 1:12042 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger V7 deny out-bound file transfer attempts (content-replace.rules) * 1:12041 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger V7 deny in-bound file transfer attempts (content-replace.rules) * 1:15415 <-> DISABLED <-> CONTENT-REPLACE AIM or ICQ deny unencrypted login connection (content-replace.rules) * 1:15441 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny tcp login (content-replace.rules) * 1:18469 <-> DISABLED <-> CONTENT-REPLACE Microsoft Windows Encrypted DCERPC request attempt (content-replace.rules) * 1:15570 <-> DISABLED <-> CONTENT-REPLACE Google Talk deny login (content-replace.rules) * 1:12040 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny out-bound file transfer attempts (content-replace.rules) * 1:15429 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny outbound login attempt (content-replace.rules) * 1:15420 <-> DISABLED <-> CONTENT-REPLACE MSN deny login (content-replace.rules) * 1:15417 <-> DISABLED <-> CONTENT-REPLACE AIM deny server certificate for encrypted login (content-replace.rules) * 1:15439 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny tcp login (content-replace.rules) * 1:15438 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny udp login (content-replace.rules) * 1:12033 <-> DISABLED <-> CONTENT-REPLACE Jabber deny in-bound file transfer attempts (content-replace.rules) * 1:12036 <-> DISABLED <-> CONTENT-REPLACE IRC deny out-bound file transfer attempts (content-replace.rules) * 1:12035 <-> DISABLED <-> CONTENT-REPLACE IRC deny in-bound file transfer attempts (content-replace.rules) * 1:12038 <-> DISABLED <-> CONTENT-REPLACE AIM deny out-bound file transfer attempts (content-replace.rules) * 1:12039 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny in-bound file transfer attempts (content-replace.rules) * 1:12032 <-> DISABLED <-> CONTENT-REPLACE MSN deny out-bound file transfer attempts (content-replace.rules) * 1:12034 <-> DISABLED <-> CONTENT-REPLACE Jabber deny out-bound file transfer attempts (content-replace.rules) * 1:12031 <-> DISABLED <-> CONTENT-REPLACE MSN deny in-bound file transfer attempts (content-replace.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56834 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TroubleGrabber outbound communication attempt (malware-cnc.rules) * 1:56835 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TroubleGrabber outbound communication attempt (malware-cnc.rules) * 1:56836 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.TroubleGrabber external tools download attempt (malware-other.rules) * 1:56837 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.TroubleGrabber external tools download attempt (malware-other.rules)
* 1:15438 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny udp login (content-replace.rules) * 1:12032 <-> DISABLED <-> CONTENT-REPLACE MSN deny out-bound file transfer attempts (content-replace.rules) * 1:15441 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny tcp login (content-replace.rules) * 1:12033 <-> DISABLED <-> CONTENT-REPLACE Jabber deny in-bound file transfer attempts (content-replace.rules) * 1:18469 <-> DISABLED <-> CONTENT-REPLACE Microsoft Windows Encrypted DCERPC request attempt (content-replace.rules) * 1:15429 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny outbound login attempt (content-replace.rules) * 1:12036 <-> DISABLED <-> CONTENT-REPLACE IRC deny out-bound file transfer attempts (content-replace.rules) * 1:12037 <-> DISABLED <-> CONTENT-REPLACE AIM deny in-bound file transfer attempts (content-replace.rules) * 1:15439 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny tcp login (content-replace.rules) * 1:12038 <-> DISABLED <-> CONTENT-REPLACE AIM deny out-bound file transfer attempts (content-replace.rules) * 1:12035 <-> DISABLED <-> CONTENT-REPLACE IRC deny in-bound file transfer attempts (content-replace.rules) * 1:12039 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny in-bound file transfer attempts (content-replace.rules) * 1:15570 <-> DISABLED <-> CONTENT-REPLACE Google Talk deny login (content-replace.rules) * 1:12040 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny out-bound file transfer attempts (content-replace.rules) * 1:12041 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger V7 deny in-bound file transfer attempts (content-replace.rules) * 1:12042 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger V7 deny out-bound file transfer attempts (content-replace.rules) * 1:15420 <-> DISABLED <-> CONTENT-REPLACE MSN deny login (content-replace.rules) * 1:15415 <-> DISABLED <-> CONTENT-REPLACE AIM or ICQ deny unencrypted login connection (content-replace.rules) * 1:12034 <-> DISABLED <-> CONTENT-REPLACE Jabber deny out-bound file transfer attempts (content-replace.rules) * 1:12031 <-> DISABLED <-> CONTENT-REPLACE MSN deny in-bound file transfer attempts (content-replace.rules) * 1:15417 <-> DISABLED <-> CONTENT-REPLACE AIM deny server certificate for encrypted login (content-replace.rules) * 1:15440 <-> DISABLED <-> CONTENT-REPLACE QQ 2008 deny udp login (content-replace.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56834 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TroubleGrabber outbound communication attempt (malware-cnc.rules) * 1:56835 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TroubleGrabber outbound communication attempt (malware-cnc.rules) * 1:56837 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.TroubleGrabber external tools download attempt (malware-other.rules) * 1:56836 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.TroubleGrabber external tools download attempt (malware-other.rules)
* 1:15420 <-> DISABLED <-> CONTENT-REPLACE MSN deny login (content-replace.rules) * 1:15441 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny tcp login (content-replace.rules) * 1:12042 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger V7 deny out-bound file transfer attempts (content-replace.rules) * 1:18469 <-> DISABLED <-> CONTENT-REPLACE Microsoft Windows Encrypted DCERPC request attempt (content-replace.rules) * 1:15438 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny udp login (content-replace.rules) * 1:12036 <-> DISABLED <-> CONTENT-REPLACE IRC deny out-bound file transfer attempts (content-replace.rules) * 1:15570 <-> DISABLED <-> CONTENT-REPLACE Google Talk deny login (content-replace.rules) * 1:12032 <-> DISABLED <-> CONTENT-REPLACE MSN deny out-bound file transfer attempts (content-replace.rules) * 1:12033 <-> DISABLED <-> CONTENT-REPLACE Jabber deny in-bound file transfer attempts (content-replace.rules) * 1:12035 <-> DISABLED <-> CONTENT-REPLACE IRC deny in-bound file transfer attempts (content-replace.rules) * 1:12031 <-> DISABLED <-> CONTENT-REPLACE MSN deny in-bound file transfer attempts (content-replace.rules) * 1:15440 <-> DISABLED <-> CONTENT-REPLACE QQ 2008 deny udp login (content-replace.rules) * 1:12037 <-> DISABLED <-> CONTENT-REPLACE AIM deny in-bound file transfer attempts (content-replace.rules) * 1:12038 <-> DISABLED <-> CONTENT-REPLACE AIM deny out-bound file transfer attempts (content-replace.rules) * 1:12034 <-> DISABLED <-> CONTENT-REPLACE Jabber deny out-bound file transfer attempts (content-replace.rules) * 1:12039 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny in-bound file transfer attempts (content-replace.rules) * 1:15439 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny tcp login (content-replace.rules) * 1:15417 <-> DISABLED <-> CONTENT-REPLACE AIM deny server certificate for encrypted login (content-replace.rules) * 1:15415 <-> DISABLED <-> CONTENT-REPLACE AIM or ICQ deny unencrypted login connection (content-replace.rules) * 1:12040 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny out-bound file transfer attempts (content-replace.rules) * 1:12041 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger V7 deny in-bound file transfer attempts (content-replace.rules) * 1:15429 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny outbound login attempt (content-replace.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56834 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TroubleGrabber outbound communication attempt (snort3-malware-cnc.rules) * 1:56837 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.TroubleGrabber external tools download attempt (snort3-malware-other.rules) * 1:56836 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.TroubleGrabber external tools download attempt (snort3-malware-other.rules) * 1:56835 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TroubleGrabber outbound communication attempt (snort3-malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56837 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.TroubleGrabber external tools download attempt (malware-other.rules) * 1:56834 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TroubleGrabber outbound communication attempt (malware-cnc.rules) * 1:56835 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TroubleGrabber outbound communication attempt (malware-cnc.rules) * 1:56836 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.TroubleGrabber external tools download attempt (malware-other.rules)
* 1:12035 <-> DISABLED <-> CONTENT-REPLACE IRC deny in-bound file transfer attempts (content-replace.rules) * 1:15429 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny outbound login attempt (content-replace.rules) * 1:18469 <-> DISABLED <-> CONTENT-REPLACE Microsoft Windows Encrypted DCERPC request attempt (content-replace.rules) * 1:15570 <-> DISABLED <-> CONTENT-REPLACE Google Talk deny login (content-replace.rules) * 1:12031 <-> DISABLED <-> CONTENT-REPLACE MSN deny in-bound file transfer attempts (content-replace.rules) * 1:12033 <-> DISABLED <-> CONTENT-REPLACE Jabber deny in-bound file transfer attempts (content-replace.rules) * 1:15420 <-> DISABLED <-> CONTENT-REPLACE MSN deny login (content-replace.rules) * 1:15440 <-> DISABLED <-> CONTENT-REPLACE QQ 2008 deny udp login (content-replace.rules) * 1:12034 <-> DISABLED <-> CONTENT-REPLACE Jabber deny out-bound file transfer attempts (content-replace.rules) * 1:15441 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny tcp login (content-replace.rules) * 1:12036 <-> DISABLED <-> CONTENT-REPLACE IRC deny out-bound file transfer attempts (content-replace.rules) * 1:12037 <-> DISABLED <-> CONTENT-REPLACE AIM deny in-bound file transfer attempts (content-replace.rules) * 1:12038 <-> DISABLED <-> CONTENT-REPLACE AIM deny out-bound file transfer attempts (content-replace.rules) * 1:12039 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny in-bound file transfer attempts (content-replace.rules) * 1:12032 <-> DISABLED <-> CONTENT-REPLACE MSN deny out-bound file transfer attempts (content-replace.rules) * 1:12040 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny out-bound file transfer attempts (content-replace.rules) * 1:12041 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger V7 deny in-bound file transfer attempts (content-replace.rules) * 1:15439 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny tcp login (content-replace.rules) * 1:12042 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger V7 deny out-bound file transfer attempts (content-replace.rules) * 1:15438 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny udp login (content-replace.rules) * 1:15415 <-> DISABLED <-> CONTENT-REPLACE AIM or ICQ deny unencrypted login connection (content-replace.rules) * 1:15417 <-> DISABLED <-> CONTENT-REPLACE AIM deny server certificate for encrypted login (content-replace.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
