[Snort-sigs] Snort Community Rules Update
research at ...435...
Tue May 23 08:06:04 EDT 2006
This message is to announce the availability of an update for the
Sourcefire community rule set, which can be downloaded free of cost or
registration from http://www.snort.org/pub-bin/downloads.cgi.
New rules in this release are identified as SIDs 100000310-100000312.
This update includes rules which detect DNS queries and HTTP POST
requests made by the Ginwui.B virus, which attacks users of Microsoft Word.
Sourcefire would like to thank urleet at ...2420... for submitting a rule
which was slightly modified to create SIDs 100000310 and 100000311. As a
reminder, anyone who wishes to submit rules may do so at
A list of modified rules and their SIDs follows.
Community Rules Maintainer
100000310 || COMMUNITY VIRUS Ginwui.B command server dns query attempt -
100000311 || COMMUNITY VIRUS Ginwui.B command server dns query attempt -
100000312 || COMMUNITY VIRUS Ginwui.B POST attempt
More information about the Snort-sigs