Microsoft Windows DNS, Spyware and Backdoor Additions
July 11th, 2008
This release contains a fix for a problem that caused the rule for MS08-037 to generate false positive events. This release also contains multiple rules in the spyware-put and backdoor categories to provide coverage for emerging spyware and backdoor threats.
Microsoft Security Advisory (MS08-037):
Microsoft Windows DNS client and server are prone to a DNS spoofing vulnerability that may allow an attacker to redirect network traffic.
A rule to detect attacks targeting this vulnerability was previously released. A modified version that reduces false positive events is included in this release and is identified with GID 3 and SID 13887.
As a result of ongoing research, the Sourcefire VRT has added multiple rules to the spyware-put and backdoor rule sets to provide coverage for emerging threats from these technologies.
For Assistance
- Visit the Sourcefire Customer Support site at https://support.sourcefire.com.
- Email Sourcefire Customer Support at support@sourcefire.com.
- Call Sourcefire Customer Support at 410.423.1901 or 1.800.917.4134.