Thursday, February 28, 2013

Snort 2.9.2.3 is now EOL!

Snort 2.9.2.3 is now EOL for rule support.

As I let you all know back in early January, here in this blog post, Snort 2.9.2.3 is now EOL for rule support.

This means we will no longer be releasing updates for this version of the rule engine.  Users of this version are now encouraged to upgrade to the latest version of Snort, which is now Snort 2.9.4.0. Snort 2.9.4.1 will be released soon.

Time to upgrade!  Thanks all!

Sourcefire VRT Certified Snort Rules Update for 02/28/2013

Just released: Sourcefire VRT Certified Snort Rules Update for 02/28/2013

We welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 40 new rules and made modifications to 18 additional rules. This is also the last rule release that will have support for version Snort 2.9.2.3.

There were no changes made to the snort.conf in this release.

The VRT would like to thank Joerg Weber for his work on rule:
26020


In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the browser-ie, deleted, exploit-kit, file-flash, file-identify, file-multimedia, file-office, file-pdf, indicator-compromise, indicator-obfuscation and netbios rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Wednesday, February 27, 2013

Sourcefire VRT Certified Snort Rules Update for 02/27/2013

Just released: Sourcefire VRT Certified Snort Rules Update for 02/27/2013

We welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 74 new rules and made modifications to 86 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank Avery Tarasov for his contributions in rules:
25946
25947
25949

The VRT would like to thank James Lay for his contributions in the rules:
25948


In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the app-detect, blacklist, browser-ie, browser-other, exploit-kit, file-identify, file-office, malware-backdoor, malware-cnc, malware-tools, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Thursday, February 21, 2013

Sourcefire VRT Certified Snort Rules Update for 02/21/2013

Just released: Sourcefire VRT Certified Snort Rules Update for 02/21/2013

We welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 53 new rules and made modifications to 69 additional rules.

There were no changes made to the snort.conf in this release.

In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the blacklist, browser-ie, exploit-kit, file-identify, file-multimedia, file-pdf, malware-cnc, malware-tools, server-other and telnet rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Tuesday, February 19, 2013

Sourcefire VRT Certified Snort Rules Update for 02/19/2013

Just released: Sourcefire VRT Certified Snort Rules Update for 02/19/2013

We welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 26 new rules and made modifications to 17 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank the following people for their contributions:
Avery Tarasov:
25829
25854

rmkml:
25805
25798


In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the browser-ie, exploit-kit, file-flash, file-other, indicator-compromise, malware-cnc, netbios, os-windows, policy-other, scada, server-oracle and web-client rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Thursday, February 14, 2013

Sourcefire VRT Certified Snort Rules Update for 02/14/2013

Just released: Sourcefire VRT Certified Snort Rules Update for 02/14/2013

We welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 22 new rules and made modifications to 10 additional rules.

There were no changes made to the snort.conf in this release.

The Sourcefire VRT would like to thank Avery Tarasov for his contributions to rules:
25807
25809


In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the blacklist, browser-ie, dos, exploit-kit, file-flash, file-other, file-pdf, malware-cnc, malware-other and web-client rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Tuesday, February 12, 2013

Sourcefire VRT Certified Snort Rules Update for 02/12/2013, MSTuesday

Just released: Sourcefire VRT Certified Snort Rules Update for 02/12/2013

We welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 41 new rules and made modifications to 98 additional rules.

There were no changes made to the snort.conf in this release.

The Sourcefire VRT would like to thank Avery Tarasov for his work on sid: 25766
and James Lay for his inspiration on the development of sid 25782

In VRT's rule release:
Microsoft Security Bulletin MS13-009:
Microsoft Internet Explorer contains programming errors that may allow
a remote attacker to execute code on a vulnerable system.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 25769 through 25778,
25784 through 25789 and 25792 through 25794.

Microsoft Security Bulletin MS13-010:
Microsoft Internet Explorer contains a programming error that may allow
a remote attacker to execute code on a vulnerable system via a Vector
Markup Language (VML) object.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 1, SID 25773.

Microsoft Security Bulletin MS13-011:
Microsoft Windows DirectShow contains a programming error that may
allow a remote attacker to execute code on an affected system.

Rules to detect attacks targeting this vulnerability are included in
this release and are identified with GID 1, SIDs 25795 and 25796.

Microsoft Security Bulletin MS13-018:
The Microsoft Windows networking stack contains a programming error
that may allow a remote attacker to cause a Denial of Service (DoS)
against a vulnerable system.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 1, SID 25774. 
Microsoft Security Bulletin MS13-020:
The Microsoft Office ActiveX control contains a programming error that
may allow a remote attacker to execute code on a vulnerable system.

Previously released rules will detect attacks targeting this
vulnerability and are included in this release with updated reference
information. They are identified with GID 1, SIDs 23844, 23845 and
24006.

Additionally, the Sourcefire VRT has added and modified multiple rules in the blacklist, browser-firefox, browser-ie, browser-webkit, exploit-kit, file-executable, file-flash, file-identify, file-image, file-multimedia, file-office, file-other, file-pdf, indicator-obfuscation, indicator-shellcode, malware-cnc, malware-other, os-windows, server-mail, server-mssql and server-webapp rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Saturday, February 9, 2013

Sourcefire VRT Certified Snort Rules Update for 02/08/2013, Adobe 0day

Sourcefire VRT Certified Snort Rules Update for 02/08/2013

We welcome the introduction of the newest rule release for yesterday from the VRT. In this release we introduced 2 new rules and made modifications to 14 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank Avery Tarasov for his contributions in rule: 25765


In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the blacklist, browser-plugins, file-flash and malware-other rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Friday, February 8, 2013

Where do I ask questions about Snort?

I get a ton of email with Snort questions.  I love it.  The community is very vibrant and enthusiastic and we are all willing to help each other out.

But I can't answer all the email alone.  People write me directly, or they'll find our contact-us page on Snort.org, and they'll write the Snort team, or they'll leave questions as comments on this blog.  This is totally not the best way to get your questions answered, and doesn't allow the community to also benefit from your question (most of the time, lots of people have the same question).

We ask that you write the Snort mailing lists:


http://www.snort.org/community/mailing-lists

We have a mailing list for just the usage of Snort (Snort-users), a mailing list for the discussion and submittal of Snort rules to the VRT (Snort-sigs), and a mailing list just for the discussion of development of Snort (Snort-devel).

These three lists are subscribed to by thousands of people (10's of thousands!), and allows everyone to be active, involved and helpful.

Thanks!

Thursday, February 7, 2013

Sourcefire VRT Certified Snort Rules Update for 02/07/2013, Adobe Updates

Just released: Sourcefire VRT Certified Snort Rules Update for 02/07/2013

We welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 159 new rules and made modifications to 85 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank Avery Tarasov for his work on the following SIDS:
25627
25652
25675


In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the blacklist, browser-firefox, browser-ie, browser-other, browser-plugins, dos, exploit, exploit-kit, file-flash, file-identify, file-image, file-multimedia, file-office, file-other, file-pdf, indicator-shellcode, malware-backdoor, malware-cnc, os-other, os-windows, policy-other, protocol-voip, server-apache, server-iis, server-other, server-webapp and web-client rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Tuesday, February 5, 2013

Reminder: Snort 2.9.2.3 EOL is coming at the end of February

Hey Snort 2.9.2.3 users, this is a reminder that VRT rule support for Snort version 2.9.2.3 will end on February 28th, 2013.

Please take a look at our EOL policy for further details about what we support and for how long:

http://www.snort.org/vrt/rules/eol_policy

Thanks!

Sourcefire VRT Certified Snort Rules Update for 02/05/2013

Just released: Sourcefire VRT Certified Snort Rules Update for 02/05/2013

We welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 27 new rules and made modifications to 35 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank Avery Tarasov for his work on sids:
25577
25578
25579
25580


In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the browser-ie, browser-plugins, exploit-kit, file-office, file-pdf, indicator-obfuscation, malware-backdoor, malware-cnc, malware-other, scada and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Saturday, February 2, 2013

Sourcefire VRT Certified Snort Rules Update for 02/01/2013

Sourcefire VRT Certified Snort Rules Update for 02/01/2013

We welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 24 new rules and made modifications to 13 additional rules.

There were no changes made to the snort.conf in this release.

In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the blacklist, browser-plugins, exploit-kit, file-identify, file-other, file-pdf, malware-cnc and server-other rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!