[Snort-sigs] Sourcefire VRT Certified Snort Rules Update 2010-11-02

Nigel Houghton nhoughton at ...435...
Wed Nov 3 10:56:58 EDT 2010


On Wed, 3 Nov 2010 09:44:50 -0500, infosec posts wrote:
> My update routine didn't find any changes last night, and I can't find
> any of these signatures in the tarballs I'm pulling this morning:
> 
> 17808 <-> SPECIFIC-THREATS Adobe Flash authplay.dll memory corruption
> attempt (specific-threats.rules, High)
> 17809 <-> WEB-CLIENT quicktime movie file transfer (web-client.rules, Low)
> 17810 <-> WEB-MISC potential malware - download of server32.exe
> (web-misc.rules, Medium)
> 17811 <-> WEB-MISC potential malware - download of svchost.exe
> (web-misc.rules, Medium)
> 17812 <-> WEB-MISC potential malware - download of iexplore.exe
> (web-misc.rules, Medium)
> 17813 <-> WEB-MISC potential malware - download of iprinp.dll
> (web-misc.rules, Medium)
> 17814 <-> WEB-MISC potential malware - download of winzf32.dll
> (web-misc.rules, Medium)
> 
> 
> I pulled 2.8.6.0, 2.8.6.1, and 2.8.9.0 a few minutes ago, but I didn't
> find the new signatures in any of them.  Now I'm getting 403/Forbidden
> on 2.8.6.0 and 2.8.9.0, so I'm going to guess that you've realized you
> forgot to actually include the new signatures again, and you're fixing
> it now?

There's nothing to fix. All those rules are in the rule packs for 
subscribers.

--
Nigel Houghton
Head Mentalist
SF VRT Department of Intelligence Excellence
http://vrt-sourcefire.blogspot.com && http://labs.snort.org/




More information about the Snort-sigs mailing list