VRT Rules 2014-08-06
This release adds and modifies rules in several categories.

The VRT has added and modified multiple rules in the bad-traffic and policy-other rule sets to provide coverage for emerging threats from these technologies.

Change logs

2014-08-06 15:01:48 UTC

Sourcefire VRT Rules Update

Date: 2014-08-06

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:31614 <-> DISABLED <-> POLICY-OTHER Adobe Flash Player cross-domain bypass attempt (policy-other.rules)
 * 3:31616 <-> ENABLED <-> BAD-TRAFFIC Cisco IOS EnergyWise malformed packet denial of service attempt (bad-traffic.rules)
 * 3:31615 <-> ENABLED <-> BAD-TRAFFIC Cisco IOS EnergyWise malformed packet denial of service attempt (bad-traffic.rules)

Modified Rules:


 * 1:27247 <-> ENABLED <-> BLACKLIST DNS request for known malware domain restless.su - Gamarue Trojan (blacklist.rules)

2014-08-06 15:01:48 UTC

Sourcefire VRT Rules Update

Date: 2014-08-06

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2961.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:31614 <-> DISABLED <-> POLICY-OTHER Adobe Flash Player cross-domain bypass attempt (policy-other.rules)
 * 3:31616 <-> ENABLED <-> BAD-TRAFFIC Cisco IOS EnergyWise malformed packet denial of service attempt (bad-traffic.rules)
 * 3:31615 <-> ENABLED <-> BAD-TRAFFIC Cisco IOS EnergyWise malformed packet denial of service attempt (bad-traffic.rules)

Modified Rules:


 * 1:27247 <-> ENABLED <-> BLACKLIST DNS request for known malware domain restless.su - Gamarue Trojan (blacklist.rules)

2014-08-06 15:01:48 UTC

Sourcefire VRT Rules Update

Date: 2014-08-06

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2956.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:31614 <-> DISABLED <-> POLICY-OTHER Adobe Flash Player cross-domain bypass attempt (policy-other.rules)
 * 3:31616 <-> ENABLED <-> BAD-TRAFFIC Cisco IOS EnergyWise malformed packet denial of service attempt (bad-traffic.rules)
 * 3:31615 <-> ENABLED <-> BAD-TRAFFIC Cisco IOS EnergyWise malformed packet denial of service attempt (bad-traffic.rules)

Modified Rules:


 * 1:27247 <-> ENABLED <-> BLACKLIST DNS request for known malware domain restless.su - Gamarue Trojan (blacklist.rules)