Re: Sourcefire VRT Certified Snort Rules Update 2010-11-02

[Nigel Houghton <nhoughton () sourcefire com>]

On Wed, 3 Nov 2010 09:44:50 -0500, infosec posts wrote:
> My update routine didn't find any changes last night, and I can't find
> any of these signatures in the tarballs I'm pulling this morning:
>
> 17808 <-> SPECIFIC-THREATS Adobe Flash authplay.dll memory corruption
> attempt (specific-threats.rules, High)
> 17809 <-> WEB-CLIENT quicktime movie file transfer (web-client.rules, Low)
> 17810 <-> WEB-MISC potential malware - download of server32.exe
> (web-misc.rules, Medium)
> 17811 <-> WEB-MISC potential malware - download of svchost.exe
> (web-misc.rules, Medium)
> 17812 <-> WEB-MISC potential malware - download of iexplore.exe
> (web-misc.rules, Medium)
> 17813 <-> WEB-MISC potential malware - download of iprinp.dll
> (web-misc.rules, Medium)
> 17814 <-> WEB-MISC potential malware - download of winzf32.dll
> (web-misc.rules, Medium)
>
>
> I pulled 2.8.6.0, 2.8.6.1, and 2.8.9.0 a few minutes ago, but I didn't
> find the new signatures in any of them.  Now I'm getting 403/Forbidden
> on 2.8.6.0 and 2.8.9.0, so I'm going to guess that you've realized you
> forgot to actually include the new signatures again, and you're fixing
> it now?

There's nothing to fix. All those rules are in the rule packs for 
subscribers.

--
Nigel Houghton
Head Mentalist
SF VRT Department of Intelligence Excellence
http://vrt-sourcefire.blogspot.com && http://labs.snort.org/

------------------------------------------------------------------------------
Achieve Improved Network Security with IP and DNS Reputation.
Defend against bad network traffic, including botnets, malware, 
phishing sites, and compromised hosts - saving your company time, 
money, and embarrassment.   Learn More! 
http://p.sf.net/sfu/hpdev2dev-nov
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs