Thursday, March 15, 2012

VRT Rule Release for 03/15/2012

Joel is on vacation in Disneyland, hopefully Disney will not mistake him for one of Snow White's companions and he will be able to return next week. While he is out sunning himself, playing on the swing sets and strolling on the beach he asked me for a huge favor, he wanted me to keep everyone up to date on our rule issuances. So, here's what we just released today:

We added and modified multiple rules in the blacklist, botnet-cnc, dos, exploit, file-identify, policy, scada, specific-threats, web-activex and web-misc rule sets. In total, there were 15 new rule additions and 30 rule modifications.

Also, this release features a rule contribution by Nathan Fowler (check out the Snort mailing lists if you don't know who he is). GID 1, SID 21583 is brought to you courtesy of Nathan and his work on detecting the mis-doings of the Blackhole exploit kit. We appreciate the contribution and I'm sure you will too.

You can find the change logs at the usual place on snort.org here: http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2012-03-15.html.

Also, he wanted me to add the following to the end of the post, so here it is:

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!