Snort Subscriber Rule Set Update for 07/10/2014

Just released:
Snort Subscriber Rule Set Update for 07/10/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 18 new rules and made modifications to 26 additional rules.

There were no changes made to the snort.conf in this release.


In VRT's rule release:

Synopsis: This release adds and modifies rules in several categories. 

Details: The Sourcefire VRT has added and modified multiple rules in the browser-firefox, browser-ie, browser-plugins, file-office, malware-backdoor, malware-cnc, os-windows, policy-other, pua-adware, server-apache and server-webapp rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!

Sourcefire VRT Certified Snort Rules Update for 06/12/2014

Just released:
Sourcefire VRT Certified Snort Rules Update for 06/12/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 19 new rules and made modifications to 10 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Avery Tarasov
31221
31222


In VRT's rule release:

The Sourcefire VRT has added and modified multiple rules in the blacklist, exploit-kit, malware-cnc, os-windows and server-other rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Sourcefire VRT Certified Snort Rules Update for 06/10/2014, MSTUES

Just released:
Sourcefire VRT Certified Snort Rules Update for 06/10/2014


We welcome the introduction of the newest rule release from the VRT. In this release we introduced 39 new rules and made modifications to 4 additional rules.

There were no changes made to the snort.conf in this release.

In VRT's rule release:

Synopsis: The Sourcefire VRT is aware of vulnerabilities affecting products from
Microsoft Corporation.

Details:
Microsoft Security Bulletin MS14-032:
A coding deficiency in Microsoft Lync Server could lead to remote code
execution.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 1, SID 31217.

Microsoft Security Bulletin MS14-035:
Microsoft Internet Explorer contains programming errors that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 31188 through 31191,
31194, 31196 through 31209, 31215 through 31216, and 31219 through
31220.


The Sourcefire VRT has also added and modified multiple rules in the
blacklist, browser-ie, indicator-compromise, malware-cnc,
malware-other, os-windows and server-webapp rule sets to provide
coverage for emerging threats from these technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Sourcefire VRT Certified Snort Rules Update for 05/27/2014

Just released:
Sourcefire VRT Certified Snort Rules Update for 05/27/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 28 new rules and made modifications to 48 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour
31070

The VRT would also like to thank @rmkml for his corrections to several Snort rules.

In VRT's rule release:

The Sourcefire VRT has added and modified multiple rules in the blacklist, browser-ie, file-flash, file-identify, file-java, file-multimedia, file-office, file-other, file-pdf, indicator-obfuscation, malware-cnc, malware-other, os-windows, protocol-snmp, pua-toolbars, server-mail and server-webapp rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Sourcefire VRT Certified Snort Rules Update for 04/17/2014

Just released:
Sourcefire VRT Certified Snort Rules Update for 04/17/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 14 new rules and made modifications to 14 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour
30566

Avery Tarasov
30567
30568
30569
30570

In VRT's rule release:

The Sourcefire VRT has added and modified multiple rules in the blacklist, file-identify, file-java, file-multimedia, malware-cnc, malware-other, os-windows and server-other rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Sourcefire VRT Certified Snort Rules Update for 03/20/2014

Just released:
Sourcefire VRT Certified Snort Rules Update for 03/20/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 14 new rules and made modifications to 6 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Avery Tarasov
30234


In VRT's rule release:

The Sourcefire VRT has added and modified multiple rules in the app-detect, browser-plugins, indicator-compromise, indicator-shellcode, malware-cnc and os-windows rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Sourcefire VRT Certified Snort Rules Update for 02/25/2014

Just released:
Sourcefire VRT Certified Snort Rules Update for 02/25/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 39 new rules and made modifications to 35 additional rules.

There were no changes made to the snort.conf in this release.


In VRT's rule release:

The Sourcefire VRT has added and modified multiple rules in the blacklist, browser-chrome, browser-ie, browser-webkit, exploit, file-flash, malware-cnc, malware-other, os-windows, protocol-dns, protocol-rpc, protocol-scada and server-other rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Sourcefire VRT Certified Snort Rules Update for 02/04/2014

Just released:
Sourcefire VRT Certified Snort Rules Update for 02/04/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 108 new rules and made modifications to 91 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour:
29567
29568
29569


In VRT's rule release:

The Sourcefire VRT has added and modified multiple rules in the bad-traffic, blacklist, browser-chrome, browser-firefox, browser-ie, browser-plugins, browser-webkit, dos, exploit-kit, file-flash, file-java, file-multimedia, file-other, indicator-obfuscation, malware-cnc, netbios, os-windows, protocol-imap, protocol-scada, scada, server-apache and server-webapp rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Sourcefire VRT Certified Snort Rules Update for 01/14/2014, MSTuesday

Just released:
Sourcefire VRT Certified Snort Rules Update for 01/14/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 46 new rules and made modifications to 37 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Avery Tarasov:

29349

In VRT's rule release:

Microsoft Security Bulletin MS14-002:
A programming error in the Microsoft Windows Kernel-Mode NDProxy Driver
could lead to an escalation of privilege.

Previously released rules will detect attacks targeting this
vulnerability and have been updated with the appropriate reference
information. They are included in this release and are identified with
GID 1, 28867 through 28872.

The Sourcefire VRT has also added and modified multiple rules in the app-detect, blacklist, exploit-kit, file-office, file-pdf, malware-cnc, os-windows, protocol-dns, protocol-imap, protocol-scada, pua-p2p and web-client rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Sourcefire VRT Certified Snort Rules Update for 01/09/2014

Just released:
Sourcefire VRT Certified Snort Rules Update for 01/09/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 117 new rules and made modifications to 64 additional rules.

There was one change made to the snort.conf in this release:
Port 7071 was added to http_inspect, HTTP_PORTS, and Stream5

The VRT would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Avery Tarasov:
29126
29127
29216
29217
29220
29259
29260
29261
29262
29263
29300

In VRT's rule release:

The Sourcefire VRT has added and modified multiple rules in the blacklist, browser-ie, browser-plugins, file-flash, file-identify, file-java, file-office, file-other, indicator-obfuscation, malware-cnc, netbios, os-windows, protocol-rpc, protocol-scada, pua-toolbars and server-webapp rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Sourcefire VRT Certified Snort Rules Update for 12/19/2013

Just released:
Sourcefire VRT Certified Snort Rules Update for 12/19/2013

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 43 new rules and made modifications to 17 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Avery Tarasov:
29030
29031


In VRT's rule release:

The Sourcefire VRT has added and modified multiple rules in the blacklist, browser-ie, deleted, exploit-kit, file-identify, file-other, file-pdf, malware-cnc, malware-other, os-linux, os-windows, protocol-voip and server-webapp rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Sourcefire VRT Certified Snort Rules Update for 12/10/2013, MSTues

Just released:
Sourcefire VRT Certified Snort Rules Update for 12/10/2013

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 37 new rules and made modifications to 25 additional rules.

There were no changes made to the snort.conf in this release.

In VRT's rule release:

Microsoft Security Bulletin 2914486:
A programming error in the Microsoft Windows Kernel-Mode NDProxy Driver
could lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 28867 through 28872.

Microsoft Security Bulletin MS13-096:
A coding deficiency exists in Microsoft Office TIFF processing that may
lead to remote code execution.

Previously released rules will detect attacks targeting this
vulnerability and have been updated with the appropriate reference
information. They are included in this release and are identified with
GID 1, SIDs 28464 through 28473, and 28525 through 28526.

Microsoft Security Bulletin MS13-097:
Internet Explorer suffers from programming errors that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 28862 through 28863,
28865 through 28866, 28873 through 28878, and 28880.

Microsoft Security Bulletin MS13-099:
The Microsoft Scripting Runtime Object Library suffers from a
programming error that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 28881 through 28882.


The Sourcefire VRT has added and modified multiple rules in the
blacklist, browser-ie, browser-other, browser-plugins, exploit-kit,
file-office, file-pdf, malware-cnc, malware-other, os-windows and
web-client rule sets to provide coverage for emerging threats from
these technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Sourcefire VRT Certified Snort Rules Update for 12/05/2013

Just released:
Sourcefire VRT Certified Snort Rules Update for 12/05/2013

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 8 new rules and made modifications to 38 additional rules.

There was one change made to the snort.conf in this release:

Port 9111 was added to HTTP_PORTS, http_inspect, and stream5 both.

The Snort.confs on the example page have been updated:
https://www.snort.org/configurations

The VRT would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Avery Tarasov:

28539

28809

28810

28814

28815

In VRT's rule release:

The Sourcefire VRT has added and modified multiple rules in the blacklist, browser-ie, exploit-kit, file-flash, file-image, file-multimedia, file-office, file-pdf, malware-cnc, malware-other, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Sourcefire VRT Certified Snort Rules Update for 11/12/2013, MSTuesday

Just released:
Sourcefire VRT Certified Snort Rules Update for 11/12/2013


We welcome the introduction of the newest rule release from the VRT. In this release we introduced 56 new rules and made modifications to 610 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Avery Tarasov:
28541
28542
28543

In VRT's rule release:

Details:
Microsoft Security Bulletin MS13-088:
Internet Explorer suffers from coding errors that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 28490 through 28492,
28494 through 28496, 28504, and 28522 through 28524.

Microsoft Security Bulletin MS13-089:
A programming error exists in the Microsoft Windows graphics device
interface that may lead to remote code execution.

Rules to detect attacks targeting this vulnerability are included in
this release and are identified with GID 1, SIDs 28509 through 28521.

Microsoft Security Bulletin MS13-090:
A programming error exists in an ActiveX control that may lead to
remote code execution.

Rules to detect attacks targeting this vulnerability are included in
this release and are identified with GID 1, SIDs 28493, and 28505
through 28506.

Microsoft Security Bulletin MS13-091:
Microsoft Office contains coding errors that may lead to remote code
execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 28498 through 28499,
and 28502 through 28503.


The Sourcefire VRT has also added and modified multiple rules in the
blacklist, browser-ie, browser-plugins, exploit-kit, file-identify,
file-office, file-other, malware-cnc, malware-other, pua-adware and
web-client rule sets to provide coverage for emerging threats from
these technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Sourcefire VRT Certified Snort Rules Update for 11/05/2013

Just released:
Sourcefire VRT Certified Snort Rules Update for 11/05/2013

We welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 49 new rules and made modifications to 57 additional rules.

There were three changes made to the snort.conf in this release:

The following ports were added to Stream5 (tcp - both), http_inspect, and HTTP_PORTS:
8081
56712
34412

The VRT would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Avery Tarasov:
28445
28446


In VRT's rule release:

Microsoft Security Advisory 2896666:
A coding deficiency in Microsoft Graphics Component could lead to remote code execution.

Rules to detect attacks targeting this vulnerability are included in this release and are identified with GID 1, SIDs 28464-28471.

The Sourcefire VRT has added and modified multiple rules in the blacklist, browser-firefox, browser-ie, browser-plugins, deleted, exploit-kit, file-flash, file-image, file-multimedia, file-office, file-other, file-pdf, indicator-obfuscation, indicator-scan, malware-cnc, malware-tools, netbios, os-windows, policy-other, server-apache, server-iis and server-webapp rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Sourcefire VRT Certified Snort Rules Update for 10/29/2013

Just released:
Sourcefire VRT Certified Snort Rules Update for 10/29/2013

We welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 63 new rules and made modifications to 78 additional rules.

There was one change made to the snort.conf in this release:

The following port was added to HTTP_PORTS, http_inspect ports, and Stream5's tcp (both) sections:

29991

The Snort.confs on the example page have been updated:
https://www.snort.org/configurations

The VRT would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Nick Mavis:

28344

In VRT's rule release:

The Sourcefire VRT has added and modified multiple rules in the blacklist, browser-firefox, browser-ie, browser-plugins, exploit-kit, file-flash, file-identify, file-office, file-other, file-pdf, indicator-obfuscation, malware-cnc, malware-other, malware-tools, os-windows and server-other rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Sourcefire VRT Certified Snort Rules Update for 10/24/2013

Just released:
Sourcefire VRT Certified Snort Rules Update for 10/24/2013

We welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 25 new rules and made modifications to 29 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour:
28300

Avery Tarasov:
28302


In VRT's rule release:

The Sourcefire VRT has added and modified multiple rules in the browser-ie, exploit-kit, file-identify, file-office, file-other, file-pdf, indicator-compromise, indicator-scan, malware-cnc, netbios, os-windows, protocol-dns and server-webapp rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Sourcefire VRT Certified Snort Rules Update for 10/22/2013

Just released:
Sourcefire VRT Certified Snort Rules Update for 10/22/2013

We welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 45 new rules and made modifications to 66 additional rules.

There were two changes made to the snort.conf in this release:

The following ports were added to HTTP_PORTS, http_inspect ports, and Stream5's tcp (both) sections:
1533
8082

The Snort.confs on the example page have been updated:
https://www.snort.org/configurations

The VRT would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Avery Tarasov:

28255

28285

28293

28294

28295

28296

28297

In VRT's rule release:

The Sourcefire VRT has added and modified multiple rules in the app-detect, blacklist, browser-ie, browser-other, browser-plugins, exploit-kit, file-java, file-multimedia, file-other, file-pdf, indicator-compromise, malware-backdoor, malware-cnc, os-windows, protocol-icmp, protocol-tftp, pua-adware and server-webapp rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Sourcefire VRT Certified Snort Rules Update for 09/10/2013, MSTues

Just released:
Sourcefire VRT Certified Snort Rules Update for 09/10/2013

We welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 63 new rules and made modifications to 30 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour:
27801
27802
27803
27804

Paul Bottomley:
27805


In VRT's rule release:

Synopsis: The Sourcefire VRT is aware of vulnerabilities affecting products from
Microsoft Corporation.

Details:
Microsoft Security Advisory MS13-067:
A programming error in Microsoft Sharepoint could lead to remote code
execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 27818 through 27819,
27823, and 27826 through 27828.

Microsoft Security Advisory MS13-069:
Internet Explorer suffers from programming errors that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 27829 through 27846.

Microsoft Security Advisory MS13-071:
A programming error in Microsoft's Windows Theme File could lead to
remote code execution.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 1, SID 27822.

Microsoft Security Advisory MS13-072:
Microsoft Office suffers from coding errors that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 27850 through 27859.

Microsoft Security Advisory MS13-073:
A programming error in Microsoft Excel could lead to remote code
execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 27820 through 27821
and 27824 through 27825.

Microsoft Security Advisory MS13-078:
A coding error in Microsoft FrontPage could lead to information
disclosure.

A previously released rules will detect attacks targeting this
vulnerability and has been updated with the appropriate reference
information. It is included in this release and is identified with GID
1, SID 26626.

Microsoft Security Advisory MS13-079:
Programming errors in the .NET Framework and Silverlight may lead to
remote code execution.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 1, SID 27860.

The Sourcefire VRT has added and modified multiple rules in the
blacklist, browser-ie, deleted, exploit-kit, file-multimedia,
file-office, file-other, indicator-compromise, malware-cnc,
malware-other, os-windows, protocol-voip, server-oracle and
server-webapp rule sets to provide coverage for emerging threats from
these technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Sourcefire VRT Certified Snort Rules Update for 08/27/2013, ftp-data metadata additions

Just released:
Sourcefire VRT Certified Snort Rules Update for 08/27/2013


We welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 23 new rules and made modifications to 2421 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Avery Tarasov:
27680

Yaser Mansour:
27707
27708


In VRT's rule release:

The Sourcefire VRT has added and modified multiple rules in the app-detect, blacklist, browser-chrome, browser-firefox, browser-ie, browser-other, browser-plugins, browser-webkit, exploit-kit, file-executable, file-flash, file-identify, file-image, file-java, file-multimedia, file-office, file-other, file-pdf, indicator-compromise, indicator-obfuscation, indicator-shellcode, malware-backdoor, malware-cnc, malware-other, os-linux, os-mobile, os-windows, policy-other, protocol-scada, server-mail, server-oracle, server-other and sql rule sets to provide coverage for emerging threats from these technologies. 

This release contains over 2400 rule modifications. 

The majority of these are due to the addition of the new metadata service parameter ftp-data.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!