[Snort-sigs] Snort Community Rules Update

Sourcefire VRT research at ...435...
Tue May 23 08:06:04 EDT 2006


This message is to announce the availability of an update for the 
Sourcefire community rule set, which can be downloaded free of cost or 
registration from http://www.snort.org/pub-bin/downloads.cgi.

New rules in this release are identified as SIDs 100000310-100000312. 
This update includes rules which detect DNS queries and HTTP POST 
requests made by the Ginwui.B virus, which attacks users of Microsoft Word.

Sourcefire would like to thank urleet at ...2420... for submitting a rule 
which was slightly modified to create SIDs 100000310 and 100000311. As a 
reminder, anyone who wishes to submit rules may do so at 
http://www.snort.org/reg-bin/rulesubmit.cgi.

A list of modified rules and their SIDs follows.

Alex Kirk
Community Rules Maintainer
Sourcefire, Inc.

100000310 || COMMUNITY VIRUS Ginwui.B command server dns query attempt - 
scfzf.xicp.net
100000311 || COMMUNITY VIRUS Ginwui.B command server dns query attempt - 
localhosts.3322.org
100000312 || COMMUNITY VIRUS Ginwui.B POST attempt




More information about the Snort-sigs mailing list