Sourcefire VRT Rules Update
Date: 2010-05-11
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.
The format of the file is:
sid - Message (rule group, priority)
New rules: 16592 <-> SPECIFIC-THREAT Opera asynchronous document modifications attempted memory corruption (specific-threats.rules, High) 16594 <-> POP3 STAT command (pop3.rules, Low) 16596 <-> WEB-CLIENT Apple Safari information disclosure and remote code execution attempt (web-client.rules, High) Updated rules: 804 <-> WEB-CGI SWSoft ASPSeek Overflow attempt (web-cgi.rules, High) 805 <-> WEB-CGI webspeed access (web-cgi.rules, High) 806 <-> WEB-CGI yabb directory traversal attempt (web-cgi.rules, Medium) 807 <-> WEB-CGI /wwwboard/passwd.txt access (web-cgi.rules, Medium) 808 <-> WEB-CGI webdriver access (web-cgi.rules, Medium) 812 <-> WEB-CGI webplus version access (web-cgi.rules, Medium) 813 <-> WEB-CGI webplus directory traversal (web-cgi.rules, High) 815 <-> WEB-CGI websendmail access (web-cgi.rules, Medium) 819 <-> WEB-CGI mmstdod.cgi access (web-cgi.rules, Medium) 821 <-> WEB-CGI imagemap.exe overflow attempt (web-cgi.rules, High) 823 <-> WEB-CGI cvsweb.cgi access (web-cgi.rules, Medium) 824 <-> WEB-CGI php.cgi access (web-cgi.rules, Medium) 825 <-> WEB-CGI glimpse access (web-cgi.rules, Medium) 826 <-> WEB-CGI htmlscript access (web-cgi.rules, Medium) 827 <-> WEB-CGI info2www access (web-cgi.rules, Medium) 828 <-> WEB-CGI maillist.pl access (web-cgi.rules, Medium) 829 <-> WEB-CGI nph-test-cgi access (web-cgi.rules, Medium) 832 <-> WEB-CGI perl.exe access (web-cgi.rules, Medium) 833 <-> WEB-CGI rguest.exe access (web-cgi.rules, Medium) 834 <-> WEB-CGI rwwwshell.pl access (web-cgi.rules, Medium) 835 <-> WEB-CGI test-cgi access (web-cgi.rules, Medium) 836 <-> WEB-CGI textcounter.pl access (web-cgi.rules, Medium) 837 <-> WEB-CGI uploader.exe access (web-cgi.rules, Medium) 838 <-> WEB-CGI webgais access (web-cgi.rules, Medium) 839 <-> WEB-CGI finger access (web-cgi.rules, Medium) 840 <-> WEB-CGI perlshop.cgi access (web-cgi.rules, Medium) 842 <-> WEB-CGI aglimpse access (web-cgi.rules, Medium) 843 <-> WEB-CGI anform2 access (web-cgi.rules, Medium) 844 <-> WEB-CGI args.bat access (web-cgi.rules, Medium) 845 <-> WEB-CGI AT-admin.cgi access (web-cgi.rules, Medium) 846 <-> WEB-CGI bnbform.cgi access (web-cgi.rules, Medium) 847 <-> WEB-CGI campas access (web-cgi.rules, Medium) 848 <-> WEB-CGI view-source directory traversal (web-cgi.rules, High) 849 <-> WEB-CGI view-source access (web-cgi.rules, Medium) 850 <-> WEB-CGI wais.pl access (web-cgi.rules, Medium) 851 <-> WEB-CGI files.pl access (web-cgi.rules, Medium) 852 <-> WEB-CGI wguest.exe access (web-cgi.rules, Medium) 854 <-> WEB-CGI classifieds.cgi access (web-cgi.rules, Medium) 856 <-> WEB-CGI environ.cgi access (web-cgi.rules, Medium) 857 <-> WEB-CGI faxsurvey access (web-cgi.rules, Medium) 858 <-> WEB-CGI filemail access (web-cgi.rules, Medium) 859 <-> WEB-CGI man.sh access (web-cgi.rules, Medium) 860 <-> WEB-CGI snork.bat access (web-cgi.rules, Medium) 861 <-> WEB-CGI w3-msql access (web-cgi.rules, Medium) 862 <-> WEB-CGI csh access (web-cgi.rules, Medium) 863 <-> WEB-CGI day5datacopier.cgi access (web-cgi.rules, Medium) 864 <-> WEB-CGI day5datanotifier.cgi access (web-cgi.rules, Medium) 865 <-> WEB-CGI ksh access (web-cgi.rules, Medium) 866 <-> WEB-CGI post-query access (web-cgi.rules, Medium) 867 <-> WEB-CGI visadmin.exe access (web-cgi.rules, Medium) 868 <-> WEB-CGI rsh access (web-cgi.rules, Medium) 869 <-> WEB-CGI dumpenv.pl access (web-cgi.rules, Medium) 870 <-> WEB-CGI snorkerz.cmd access (web-cgi.rules, Medium) 871 <-> WEB-CGI survey.cgi access (web-cgi.rules, Medium) 872 <-> WEB-CGI tcsh access (web-cgi.rules, Medium) 875 <-> WEB-CGI win-c-sample.exe access (web-cgi.rules, Medium) 877 <-> WEB-CGI rksh access (web-cgi.rules, Medium) 878 <-> WEB-CGI w3tvars.pm access (web-cgi.rules, Medium) 879 <-> WEB-CGI admin.pl access (web-cgi.rules, Medium) 880 <-> WEB-CGI LWGate access (web-cgi.rules, Medium) 881 <-> WEB-CGI archie access (web-cgi.rules, Medium) 882 <-> WEB-CGI calendar access (web-cgi.rules, Medium) 883 <-> WEB-CGI flexform access (web-cgi.rules, Medium) 885 <-> WEB-CGI bash access (web-cgi.rules, Medium) 886 <-> WEB-CGI phf access (web-cgi.rules, Medium) 887 <-> WEB-CGI www-sql access (web-cgi.rules, Medium) 888 <-> WEB-CGI wwwadmin.pl access (web-cgi.rules, Medium) 889 <-> WEB-CGI ppdscgi.exe access (web-cgi.rules, Medium) 890 <-> WEB-CGI sendform.cgi access (web-cgi.rules, Medium) 891 <-> WEB-CGI upload.pl access (web-cgi.rules, Medium) 892 <-> WEB-CGI AnyForm2 access (web-cgi.rules, Medium) 894 <-> WEB-CGI bb-hist.sh access (web-cgi.rules, Medium) 895 <-> WEB-CGI redirect access (web-cgi.rules, Medium) 896 <-> WEB-CGI way-board access (web-cgi.rules, Medium) 897 <-> WEB-CGI pals-cgi access (web-cgi.rules, Medium) 898 <-> WEB-CGI commerce.cgi access (web-cgi.rules, Medium) 899 <-> WEB-CGI Amaya templates sendtemp.pl directory traversal attempt (web-cgi.rules, High) 900 <-> WEB-CGI webspirs.cgi directory traversal attempt (web-cgi.rules, High) 901 <-> WEB-CGI webspirs.cgi access (web-cgi.rules, Medium) 902 <-> WEB-CGI tstisapi.dll access (web-cgi.rules, Medium) 903 <-> WEB-COLDFUSION cfcache.map access (web-coldfusion.rules, Medium) 904 <-> WEB-COLDFUSION exampleapp application.cfm (web-coldfusion.rules, Medium) 905 <-> WEB-COLDFUSION application.cfm access (web-coldfusion.rules, Medium) 906 <-> WEB-COLDFUSION getfile.cfm access (web-coldfusion.rules, Medium) 907 <-> WEB-COLDFUSION addcontent.cfm access (web-coldfusion.rules, Medium) 908 <-> WEB-COLDFUSION administrator access (web-coldfusion.rules, Medium) 910 <-> WEB-COLDFUSION fileexists.cfm access (web-coldfusion.rules, Medium) 911 <-> WEB-COLDFUSION exprcalc access (web-coldfusion.rules, Medium) 912 <-> WEB-COLDFUSION parks access (web-coldfusion.rules, Medium) 913 <-> WEB-COLDFUSION cfappman access (web-coldfusion.rules, Medium) 914 <-> WEB-COLDFUSION beaninfo access (web-coldfusion.rules, Medium) 915 <-> WEB-COLDFUSION evaluate.cfm access (web-coldfusion.rules, Medium) 918 <-> WEB-COLDFUSION expeval access (web-coldfusion.rules, High) 922 <-> WEB-COLDFUSION displayfile access (web-coldfusion.rules, High) 925 <-> WEB-COLDFUSION mainframeset access (web-coldfusion.rules, Medium) 928 <-> WEB-COLDFUSION exampleapp access (web-coldfusion.rules, Medium) 930 <-> WEB-COLDFUSION snippets attempt (web-coldfusion.rules, Medium) 931 <-> WEB-COLDFUSION cfmlsyntaxcheck.cfm access (web-coldfusion.rules, Medium) 932 <-> WEB-COLDFUSION application.cfm access (web-coldfusion.rules, Medium) 933 <-> WEB-COLDFUSION onrequestend.cfm access (web-coldfusion.rules, Medium) 935 <-> WEB-COLDFUSION startstop DOS access (web-coldfusion.rules, High) 936 <-> WEB-COLDFUSION gettempdirectory.cfm access (web-coldfusion.rules, Medium) 937 <-> WEB-FRONTPAGE _vti_rpc access (web-frontpage.rules, Medium) 939 <-> WEB-FRONTPAGE posting (web-frontpage.rules, Medium) 940 <-> WEB-FRONTPAGE shtml.dll access (web-frontpage.rules, Medium) 941 <-> WEB-FRONTPAGE contents.htm access (web-frontpage.rules, Medium) 942 <-> WEB-FRONTPAGE orders.htm access (web-frontpage.rules, Medium) 943 <-> WEB-FRONTPAGE fpsrvadm.exe access (web-frontpage.rules, Medium) 944 <-> WEB-FRONTPAGE fpremadm.exe access (web-frontpage.rules, Medium) 945 <-> WEB-FRONTPAGE fpadmin.htm access (web-frontpage.rules, Medium) 946 <-> WEB-FRONTPAGE fpadmcgi.exe access (web-frontpage.rules, Medium) 947 <-> WEB-FRONTPAGE orders.txt access (web-frontpage.rules, Medium) 948 <-> WEB-FRONTPAGE form_results access (web-frontpage.rules, Medium) 949 <-> WEB-FRONTPAGE registrations.htm access (web-frontpage.rules, Medium) 950 <-> WEB-FRONTPAGE cfgwiz.exe access (web-frontpage.rules, Medium) 951 <-> WEB-FRONTPAGE authors.pwd access (web-frontpage.rules, Medium) 952 <-> WEB-FRONTPAGE author.exe access (web-frontpage.rules, Medium) 953 <-> WEB-FRONTPAGE administrators.pwd access (web-frontpage.rules, Medium) 954 <-> WEB-FRONTPAGE form_results.htm access (web-frontpage.rules, Medium) 955 <-> WEB-FRONTPAGE access.cnf access (web-frontpage.rules, Medium) 956 <-> WEB-FRONTPAGE register.txt access (web-frontpage.rules, Medium) 957 <-> WEB-FRONTPAGE registrations.txt access (web-frontpage.rules, Medium) 958 <-> WEB-FRONTPAGE service.cnf access (web-frontpage.rules, Medium) 959 <-> WEB-FRONTPAGE service.pwd (web-frontpage.rules, Medium) 960 <-> WEB-FRONTPAGE service.stp access (web-frontpage.rules, Medium) 961 <-> WEB-FRONTPAGE services.cnf access (web-frontpage.rules, Medium) 962 <-> WEB-FRONTPAGE shtml.exe access (web-frontpage.rules, Medium) 963 <-> WEB-FRONTPAGE svcacl.cnf access (web-frontpage.rules, Medium) 964 <-> WEB-FRONTPAGE users.pwd access (web-frontpage.rules, Medium) 965 <-> WEB-FRONTPAGE writeto.cnf access (web-frontpage.rules, Medium) 966 <-> WEB-FRONTPAGE .... request (web-frontpage.rules, High) 967 <-> WEB-FRONTPAGE dvwssr.dll access (web-frontpage.rules, Medium) 968 <-> WEB-FRONTPAGE register.htm access (web-frontpage.rules, Medium) 971 <-> WEB-IIS ISAPI .printer access (web-iis.rules, Medium) 973 <-> WEB-IIS *.idc attempt (web-iis.rules, High) 975 <-> WEB-IIS Alternate Data streams ASP file access attempt (web-iis.rules, High) 977 <-> WEB-IIS .cnf access (web-iis.rules, Medium) 979 <-> WEB-IIS ASP contents view (web-iis.rules, High) 980 <-> WEB-IIS CGImail.exe access (web-iis.rules, Medium) 984 <-> WEB-IIS JET VBA access (web-iis.rules, Medium) 985 <-> WEB-IIS JET VBA access (web-iis.rules, Medium) 986 <-> WEB-IIS MSProxy access (web-iis.rules, Medium) 987 <-> WEB-IIS .htr access (web-iis.rules, Medium) 990 <-> WEB-FRONTPAGE _vti_inf.html access (web-frontpage.rules, Medium) 991 <-> WEB-IIS achg.htr access (web-iis.rules, Medium) 992 <-> WEB-IIS adctest.asp access (web-iis.rules, Medium) 993 <-> WEB-IIS iisadmin access (web-iis.rules, High) 994 <-> WEB-IIS /scripts/iisadmin/default.htm access (web-iis.rules, High) 995 <-> WEB-IIS ism.dll access (web-iis.rules, High) 996 <-> WEB-IIS anot.htr access (web-iis.rules, Medium) 997 <-> WEB-IIS asp-dot attempt (web-iis.rules, High) 998 <-> WEB-IIS asp-srch attempt (web-iis.rules, High) 999 <-> WEB-IIS bdir access (web-iis.rules, Medium) 1000 <-> WEB-IIS bdir.htr access (web-iis.rules, Medium) 1002 <-> WEB-IIS cmd.exe access (web-iis.rules, High) 1004 <-> WEB-IIS codebrowser Exair access (web-iis.rules, Medium) 1005 <-> WEB-IIS codebrowser SDK access (web-iis.rules, Medium) 1007 <-> WEB-IIS Form_JScript.asp access (web-iis.rules, High) 1009 <-> WEB-IIS directory listing (web-iis.rules, High) 1012 <-> WEB-IIS fpcount attempt (web-iis.rules, High) 1013 <-> WEB-IIS fpcount access (web-iis.rules, Medium) 1015 <-> WEB-IIS getdrvs.exe access (web-iis.rules, Medium) 1016 <-> WEB-IIS global.asa access (web-iis.rules, Medium) 1018 <-> WEB-IIS iisadmpwd attempt (web-iis.rules, High) 1019 <-> WEB-IIS Malformed Hit-Highlighting Argument File Access Attempt (web-iis.rules, High) 1020 <-> WEB-IIS isc$data attempt (web-iis.rules, High) 1021 <-> WEB-IIS ism.dll attempt (web-iis.rules, High) 1022 <-> WEB-IIS jet vba access (web-iis.rules, Medium) 1023 <-> WEB-IIS msadcs.dll access (web-iis.rules, Medium) 1024 <-> WEB-IIS newdsn.exe access (web-iis.rules, Medium) 1025 <-> WEB-IIS perl access (web-iis.rules, Medium) 1026 <-> WEB-IIS perl-browse newline attempt (web-iis.rules, High) 1027 <-> WEB-IIS perl-browse space attempt (web-iis.rules, High) 1028 <-> WEB-IIS query.asp access (web-iis.rules, Medium) 1031 <-> WEB-IIS /SiteServer/Publishing/viewcode.asp access (web-iis.rules, Medium) 1032 <-> WEB-IIS showcode access (web-iis.rules, Medium) 1033 <-> WEB-IIS viewcode access (web-iis.rules, Medium) 1034 <-> WEB-IIS viewcode access (web-iis.rules, Medium) 1035 <-> WEB-IIS viewcode access (web-iis.rules, Medium) 1036 <-> WEB-IIS viewcode access (web-iis.rules, Medium) 1037 <-> WEB-IIS showcode.asp access (web-iis.rules, Medium) 1038 <-> WEB-IIS site server config access (web-iis.rules, Medium) 1039 <-> WEB-IIS srch.htm access (web-iis.rules, Medium) 1040 <-> WEB-IIS srchadm access (web-iis.rules, Medium) 1041 <-> WEB-IIS uploadn.asp access (web-iis.rules, Medium) 1043 <-> WEB-IIS viewcode.asp access (web-iis.rules, Medium) 1046 <-> WEB-IIS site/iisamples access (web-iis.rules, Medium) 1051 <-> WEB-CGI technote main.cgi file directory traversal attempt (web-cgi.rules, High) 1052 <-> WEB-CGI technote print.cgi directory traversal attempt (web-cgi.rules, High) 1053 <-> WEB-CGI ads.cgi command execution attempt (web-cgi.rules, High) 1075 <-> WEB-IIS postinfo.asp access (web-iis.rules, Medium) 1076 <-> WEB-IIS repost.asp access (web-iis.rules, Medium) 1077 <-> SQL queryhit.htm access (sql.rules, Medium) 1078 <-> SQL counter.exe access (sql.rules, Medium) 1086 <-> WEB-PHP strings overflow (web-php.rules, High) 1090 <-> WEB-CGI Allaire Pro Web Shell attempt (web-cgi.rules, High) 1097 <-> WEB-CGI Talentsoft Web+ exploit attempt (web-cgi.rules, High) 1106 <-> WEB-CGI Poll-it access (web-cgi.rules, Medium) 1134 <-> WEB-PHP Phorum admin access (web-php.rules, Medium) 1149 <-> WEB-CGI count.cgi access (web-cgi.rules, Medium) 1178 <-> WEB-PHP Phorum read access (web-php.rules, Medium) 1179 <-> WEB-PHP Phorum violation access (web-php.rules, Medium) 1185 <-> WEB-CGI bizdbsearch attempt (web-cgi.rules, High) 1194 <-> WEB-CGI sojourn.cgi File attempt (web-cgi.rules, High) 1195 <-> WEB-CGI sojourn.cgi access (web-cgi.rules, Medium) 1196 <-> WEB-CGI SGI InfoSearch fname attempt (web-cgi.rules, High) 1197 <-> WEB-PHP Phorum code access (web-php.rules, Medium) 1215 <-> WEB-CGI ministats admin access (web-cgi.rules, Medium) 1219 <-> WEB-CGI dfire.cgi access (web-cgi.rules, Medium) 1222 <-> WEB-CGI pals-cgi arbitrary file access attempt (web-cgi.rules, High) 1242 <-> WEB-IIS ISAPI .ida access (web-iis.rules, Medium) 1243 <-> WEB-IIS ISAPI .ida attempt (web-iis.rules, High) 1244 <-> WEB-IIS ISAPI .idq attempt (web-iis.rules, High) 1245 <-> WEB-IIS ISAPI .idq access (web-iis.rules, Medium) 1248 <-> WEB-FRONTPAGE rad fp30reg.dll access (web-frontpage.rules, Medium) 1249 <-> WEB-FRONTPAGE frontpage rad fp4areg.dll access (web-frontpage.rules, Medium) 1256 <-> WEB-IIS CodeRed v2 root.exe access (web-iis.rules, High) 1283 <-> WEB-IIS outlook web dos (web-iis.rules, High) 1285 <-> WEB-IIS msdac access (web-iis.rules, Medium) 1286 <-> WEB-IIS _mem_bin access (web-iis.rules, Medium) 1300 <-> WEB-PHP admin.php file upload attempt (web-php.rules, High) 1301 <-> WEB-PHP admin.php access (web-php.rules, Medium) 1304 <-> WEB-CGI txt2html.cgi access (web-cgi.rules, Medium) 1307 <-> WEB-CGI store.cgi access (web-cgi.rules, Medium) 1308 <-> WEB-CGI sendmessage.cgi access (web-cgi.rules, Medium) 1309 <-> WEB-CGI zsh access (web-cgi.rules, Medium) 1380 <-> WEB-IIS Form_VBScript.asp access (web-iis.rules, High) 1390 <-> SHELLCODE x86 inc ebx NOOP (shellcode.rules, High) 1392 <-> WEB-CGI lastlines.cgi access (web-cgi.rules, Medium) 1394 <-> SHELLCODE x86 inc ecx NOOP (shellcode.rules, High) 1399 <-> WEB-PHP PHP-Nuke remote file include attempt (web-php.rules, High) 1400 <-> WEB-IIS /scripts/samples/ access (web-iis.rules, High) 1401 <-> WEB-IIS /msadc/samples/ access (web-iis.rules, High) 1402 <-> WEB-IIS iissamples access (web-iis.rules, High) 1405 <-> WEB-CGI AHG search.cgi access (web-cgi.rules, Medium) 1406 <-> WEB-CGI agora.cgi access (web-cgi.rules, Medium) 1437 <-> MULTIMEDIA Windows Media download (multimedia.rules, High) 1439 <-> MULTIMEDIA Shoutcast playlist redirection (multimedia.rules, High) 1440 <-> MULTIMEDIA Icecast playlist redirection (multimedia.rules, High) 1451 <-> WEB-CGI NPH-maillist access (web-cgi.rules, Medium) 1452 <-> WEB-CGI args.cmd access (web-cgi.rules, Medium) 1453 <-> WEB-CGI AT-generated.cgi access (web-cgi.rules, Medium) 1454 <-> WEB-CGI wwwwais access (web-cgi.rules, Medium) 1455 <-> WEB-CGI calendar.pl access (web-cgi.rules, Medium) 1456 <-> WEB-CGI calender_admin.pl access (web-cgi.rules, Medium) 1457 <-> WEB-CGI user_update_admin.pl access (web-cgi.rules, Medium) 1458 <-> WEB-CGI user_update_passwd.pl access (web-cgi.rules, Medium) 1459 <-> WEB-CGI bb-histlog.sh access (web-cgi.rules, Medium) 1460 <-> WEB-CGI bb-histsvc.sh access (web-cgi.rules, Medium) 1461 <-> WEB-CGI bb-rep.sh access (web-cgi.rules, Medium) 1462 <-> WEB-CGI bb-replog.sh access (web-cgi.rules, Medium) 1465 <-> WEB-CGI auktion.cgi access (web-cgi.rules, Medium) 1466 <-> WEB-CGI cgiforum.pl access (web-cgi.rules, Medium) 1467 <-> WEB-CGI directorypro.cgi access (web-cgi.rules, Medium) 1468 <-> WEB-CGI Web Shopper shopper.cgi attempt (web-cgi.rules, High) 1469 <-> WEB-CGI Web Shopper shopper.cgi access (web-cgi.rules, Medium) 1470 <-> WEB-CGI listrec.pl access (web-cgi.rules, Medium) 1471 <-> WEB-CGI mailnews.cgi access (web-cgi.rules, Medium) 1472 <-> WEB-CGI book.cgi access (web-cgi.rules, Medium) 1473 <-> WEB-CGI newsdesk.cgi access (web-cgi.rules, Medium) 1474 <-> WEB-CGI cal_make.pl access (web-cgi.rules, Medium) 1475 <-> WEB-CGI mailit.pl access (web-cgi.rules, Medium) 1476 <-> WEB-CGI sdbsearch.cgi access (web-cgi.rules, Medium) 1478 <-> WEB-CGI swc access (web-cgi.rules, Medium) 1480 <-> WEB-CGI ttawebtop.cgi access (web-cgi.rules, Medium) 1481 <-> WEB-CGI upload.cgi access (web-cgi.rules, Medium) 1482 <-> WEB-CGI view_source access (web-cgi.rules, Medium) 1483 <-> WEB-CGI ustorekeeper.pl access (web-cgi.rules, Medium) 1485 <-> WEB-IIS mkilog.exe access (web-iis.rules, Medium) 1486 <-> WEB-IIS ctss.idc access (web-iis.rules, Medium) 1487 <-> WEB-IIS /iisadmpwd/aexp2.htr access (web-iis.rules, Medium) 1488 <-> WEB-CGI store.cgi directory traversal attempt (web-cgi.rules, High) 1531 <-> WEB-CGI bb-hist.sh attempt (web-cgi.rules, High) 1532 <-> WEB-CGI bb-hostscv.sh attempt (web-cgi.rules, High) 1533 <-> WEB-CGI bb-hostscv.sh access (web-cgi.rules, Medium) 1534 <-> WEB-CGI agora.cgi attempt (web-cgi.rules, High) 1535 <-> WEB-CGI bizdbsearch access (web-cgi.rules, Medium) 1539 <-> WEB-CGI /cgi-bin/ls access (web-cgi.rules, Medium) 1540 <-> WEB-COLDFUSION ?Mode=debug attempt (web-coldfusion.rules, Medium) 1542 <-> WEB-CGI cgimail access (web-cgi.rules, Medium) 1543 <-> WEB-CGI cgiwrap access (web-cgi.rules, Medium) 1555 <-> WEB-CGI DCShop access (web-cgi.rules, Medium) 1556 <-> WEB-CGI DCShop orders.txt access (web-cgi.rules, Medium) 1557 <-> WEB-CGI DCShop auth_user_file.txt access (web-cgi.rules, Medium) 1565 <-> WEB-CGI eshop.pl arbitrary command execution attempt (web-cgi.rules, High) 1566 <-> WEB-CGI eshop.pl access (web-cgi.rules, Medium) 1567 <-> WEB-IIS /exchange/root.asp attempt (web-iis.rules, High) 1568 <-> WEB-IIS /exchange/root.asp access (web-iis.rules, Medium) 1570 <-> WEB-CGI loadpage.cgi access (web-cgi.rules, Medium) 1573 <-> WEB-CGI cgiforum.pl attempt (web-cgi.rules, High) 1591 <-> WEB-CGI faqmanager.cgi access (web-cgi.rules, Medium) 1592 <-> WEB-CGI /fcgi-bin/echo.exe access (web-cgi.rules, Medium) 1593 <-> WEB-CGI FormHandler.cgi external site redirection attempt (web-cgi.rules, High) 1594 <-> WEB-CGI FormHandler.cgi access (web-cgi.rules, Medium) 1595 <-> WEB-IIS htimage.exe access (web-iis.rules, Medium) 1597 <-> WEB-CGI guestbook.cgi access (web-cgi.rules, Medium) 1599 <-> WEB-CGI search.cgi access (web-cgi.rules, Medium) 1600 <-> WEB-CGI htsearch arbitrary configuration file attempt (web-cgi.rules, High) 1601 <-> WEB-CGI htsearch arbitrary file read attempt (web-cgi.rules, High) 1602 <-> WEB-CGI htsearch access (web-cgi.rules, Medium) 1608 <-> WEB-CGI htmlscript attempt (web-cgi.rules, High) 1610 <-> WEB-CGI formmail arbitrary command execution attempt (web-cgi.rules, High) 1626 <-> WEB-IIS /StoreCSVS/InstantOrder.asmx request (web-iis.rules, Medium) 1637 <-> WEB-CGI yabb access (web-cgi.rules, Medium) 1644 <-> WEB-CGI test-cgi attempt (web-cgi.rules, High) 1645 <-> WEB-CGI testcgi access (web-cgi.rules, Medium) 1646 <-> WEB-CGI test.cgi access (web-cgi.rules, Medium) 1648 <-> WEB-CGI perl.exe command attempt (web-cgi.rules, Medium) 1649 <-> WEB-CGI perl command attempt (web-cgi.rules, Medium) 1651 <-> WEB-CGI environ.pl access (web-cgi.rules, Medium) 1652 <-> WEB-CGI campas attempt (web-cgi.rules, High) 1654 <-> WEB-CGI cart32.exe access (web-cgi.rules, Medium) 1655 <-> WEB-CGI pfdispaly.cgi arbitrary command execution attempt (web-cgi.rules, High) 1656 <-> WEB-CGI pfdispaly.cgi access (web-cgi.rules, Medium) 1658 <-> WEB-CGI pagelog.cgi access (web-cgi.rules, Medium) 1659 <-> WEB-COLDFUSION sendmail.cfm access (web-coldfusion.rules, Medium) 1660 <-> WEB-IIS trace.axd access (web-iis.rules, Medium) 1661 <-> WEB-IIS cmd32.exe access (web-iis.rules, High) 1700 <-> WEB-CGI imagemap.exe access (web-cgi.rules, Medium) 1701 <-> WEB-CGI calendar-admin.pl access (web-cgi.rules, Medium) 1702 <-> WEB-CGI Amaya templates sendtemp.pl access (web-cgi.rules, Medium) 1703 <-> WEB-CGI auktion.cgi directory traversal attempt (web-cgi.rules, High) 1709 <-> WEB-CGI ad.cgi access (web-cgi.rules, Medium) 1710 <-> WEB-CGI bbs_forum.cgi access (web-cgi.rules, Medium) 1711 <-> WEB-CGI bsguest.cgi access (web-cgi.rules, Medium) 1712 <-> WEB-CGI bslist.cgi access (web-cgi.rules, Medium) 1713 <-> WEB-CGI cgforum.cgi access (web-cgi.rules, Medium) 1714 <-> WEB-CGI newdesk access (web-cgi.rules, Medium) 1715 <-> WEB-CGI register.cgi access (web-cgi.rules, Medium) 1716 <-> WEB-CGI gbook.cgi access (web-cgi.rules, Medium) 1717 <-> WEB-CGI simplestguest.cgi access (web-cgi.rules, Medium) 1718 <-> WEB-CGI statsconfig.pl access (web-cgi.rules, Medium) 1720 <-> WEB-CGI talkback.cgi access (web-cgi.rules, Medium) 1721 <-> WEB-CGI adcycle access (web-cgi.rules, Medium) 1722 <-> WEB-CGI MachineInfo access (web-cgi.rules, Medium) 1724 <-> WEB-CGI emumail.cgi access (web-cgi.rules, Medium) 1725 <-> WEB-IIS +.htr code fragment attempt (web-iis.rules, High) 1727 <-> WEB-CGI SGI InfoSearch fname access (web-cgi.rules, Medium) 1736 <-> WEB-PHP squirrel mail spell-check arbitrary command attempt (web-php.rules, High) 1740 <-> WEB-PHP DNSTools authentication bypass attempt (web-php.rules, High) 1741 <-> WEB-PHP DNSTools access (web-php.rules, Medium) 1742 <-> WEB-PHP Blahz-DNS dostuff.php modify user attempt (web-php.rules, High) 1743 <-> WEB-PHP Blahz-DNS dostuff.php access (web-php.rules, Medium) 1745 <-> WEB-PHP Messagerie supp_membre.php access (web-php.rules, Medium) 1750 <-> WEB-IIS users.xml access (web-iis.rules, Medium) 1753 <-> WEB-IIS as_web.exe access (web-iis.rules, Medium) 1754 <-> WEB-IIS as_web4.exe access (web-iis.rules, Medium) 1762 <-> WEB-CGI phf arbitrary command execution attempt (web-cgi.rules, High) 1772 <-> WEB-IIS pbserver access (web-iis.rules, Medium) 1773 <-> WEB-PHP php.exe access (web-php.rules, Medium) 1774 <-> WEB-PHP bb_smilies.php access (web-php.rules, Medium) 1802 <-> WEB-IIS .asa HTTP header buffer overflow attempt (web-iis.rules, High) 1803 <-> WEB-IIS .cer HTTP header buffer overflow attempt (web-iis.rules, High) 1804 <-> WEB-IIS .cdx HTTP header buffer overflow attempt (web-iis.rules, High) 1817 <-> WEB-IIS MS Site Server default login attempt (web-iis.rules, High) 1818 <-> WEB-IIS MS Site Server admin attempt (web-iis.rules, High) 1834 <-> WEB-PHP PHP-Wiki cross site scripting attempt (web-php.rules, High) 1850 <-> WEB-CGI way-board.cgi access (web-cgi.rules, Medium) 1879 <-> WEB-CGI book.cgi arbitrary command execution attempt (web-cgi.rules, High) 2053 <-> WEB-CGI process_bug.cgi access (web-cgi.rules, Medium) 2054 <-> WEB-CGI enter_bug.cgi arbitrary command attempt (web-cgi.rules, High) 2055 <-> WEB-CGI enter_bug.cgi access (web-cgi.rules, Medium) 2085 <-> WEB-CGI parse_xml.cgi access (web-cgi.rules, Medium) 2116 <-> WEB-CGI chipcfg.cgi access (web-cgi.rules, Medium) 2117 <-> WEB-IIS Battleaxe Forum login.asp access (web-iis.rules, Medium) 2127 <-> WEB-CGI ikonboard.cgi access (web-cgi.rules, Medium) 2128 <-> WEB-CGI swsrv.cgi access (web-cgi.rules, Medium) 2129 <-> WEB-IIS nsiislog.dll access (web-iis.rules, Medium) 2130 <-> WEB-IIS IISProtect siteadmin.asp access (web-iis.rules, Medium) 2131 <-> WEB-IIS IISProtect access (web-iis.rules, Medium) 2132 <-> WEB-IIS Synchrologic Email Accelerator userid list access attempt (web-iis.rules, Medium) 2133 <-> WEB-IIS MS BizTalk server access (web-iis.rules, Medium) 2134 <-> WEB-IIS register.asp access (web-iis.rules, Medium) 2142 <-> WEB-PHP shoutbox.php access (web-php.rules, Medium) 2143 <-> WEB-PHP b2 cafelog gm-2-b2.php remote file include attempt (web-php.rules, High) 2144 <-> WEB-PHP b2 cafelog gm-2-b2.php access (web-php.rules, Medium) 2149 <-> WEB-PHP Turba status.php access (web-php.rules, Medium) 2150 <-> WEB-PHP ttCMS header.php remote file include attempt (web-php.rules, High) 2152 <-> WEB-PHP test.php access (web-php.rules, Medium) 2153 <-> WEB-PHP autohtml.php directory traversal attempt (web-php.rules, High) 2157 <-> WEB-IIS IISProtect globaladmin.asp access (web-iis.rules, Medium) 2194 <-> WEB-CGI CSMailto.cgi access (web-cgi.rules, Medium) 2195 <-> WEB-CGI alert.cgi access (web-cgi.rules, Medium) 2196 <-> WEB-CGI catgy.cgi access (web-cgi.rules, Medium) 2197 <-> WEB-CGI cvsview2.cgi access (web-cgi.rules, Medium) 2198 <-> WEB-CGI cvslog.cgi access (web-cgi.rules, Medium) 2199 <-> WEB-CGI multidiff.cgi access (web-cgi.rules, Medium) 2200 <-> WEB-CGI dnewsweb.cgi access (web-cgi.rules, Medium) 2201 <-> WEB-CGI download.cgi access (web-cgi.rules, Medium) 2202 <-> WEB-CGI edit_action.cgi access (web-cgi.rules, Medium) 2203 <-> WEB-CGI everythingform.cgi access (web-cgi.rules, Medium) 2204 <-> WEB-CGI ezadmin.cgi access (web-cgi.rules, Medium) 2205 <-> WEB-CGI ezboard.cgi access (web-cgi.rules, Medium) 2206 <-> WEB-CGI ezman.cgi access (web-cgi.rules, Medium) 2207 <-> WEB-CGI fileseek.cgi access (web-cgi.rules, Medium) 2208 <-> WEB-CGI fom.cgi access (web-cgi.rules, Medium) 2209 <-> WEB-CGI getdoc.cgi access (web-cgi.rules, Medium) 2210 <-> WEB-CGI global.cgi access (web-cgi.rules, Medium) 2211 <-> WEB-CGI guestserver.cgi access (web-cgi.rules, Medium) 2212 <-> WEB-CGI imageFolio.cgi access (web-cgi.rules, Medium) 2213 <-> WEB-CGI mailfile.cgi access (web-cgi.rules, Medium) 2214 <-> WEB-CGI mailview.cgi access (web-cgi.rules, Medium) 2215 <-> WEB-CGI nsManager.cgi access (web-cgi.rules, Medium) 2216 <-> WEB-CGI readmail.cgi access (web-cgi.rules, Medium) 2217 <-> WEB-CGI printmail.cgi access (web-cgi.rules, Medium) 2218 <-> WEB-CGI service.cgi access (web-cgi.rules, Medium) 2219 <-> WEB-CGI setpasswd.cgi access (web-cgi.rules, Medium) 2220 <-> WEB-CGI simplestmail.cgi access (web-cgi.rules, Medium) 2221 <-> WEB-CGI ws_mail.cgi access (web-cgi.rules, Medium) 2222 <-> WEB-CGI nph-exploitscanget.cgi access (web-cgi.rules, Medium) 2223 <-> WEB-CGI csNews.cgi access (web-cgi.rules, Medium) 2224 <-> WEB-CGI psunami.cgi access (web-cgi.rules, Medium) 2225 <-> WEB-CGI gozila.cgi access (web-cgi.rules, Medium) 2226 <-> WEB-PHP pmachine remote file include attempt (web-php.rules, High) 2228 <-> WEB-PHP phpMyAdmin db_details_importdocsql.php access (web-php.rules, High) 2229 <-> WEB-PHP viewtopic.php access (web-php.rules, High) 2247 <-> WEB-IIS UploadScript11.asp access (web-iis.rules, Medium) 2248 <-> WEB-IIS DirectoryListing.asp access (web-iis.rules, Medium) 2249 <-> WEB-IIS /pcadmin/login.asp access (web-iis.rules, Medium) 2279 <-> WEB-PHP UpdateClasses.php access (web-php.rules, Medium) 2280 <-> WEB-PHP Title.php access (web-php.rules, Medium) 2281 <-> WEB-PHP Setup.php access (web-php.rules, Medium) 2282 <-> WEB-PHP GlobalFunctions.php access (web-php.rules, Medium) 2283 <-> WEB-PHP DatabaseFunctions.php access (web-php.rules, Medium) 2284 <-> WEB-PHP rolis guestbook remote file include attempt (web-php.rules, High) 2285 <-> WEB-PHP rolis guestbook access (web-php.rules, Medium) 2286 <-> WEB-PHP friends.php access (web-php.rules, Medium) 2287 <-> WEB-PHP Advanced Poll admin_comment.php access (web-php.rules, Medium) 2288 <-> WEB-PHP Advanced Poll admin_edit.php access (web-php.rules, Medium) 2289 <-> WEB-PHP Advanced Poll admin_embed.php access (web-php.rules, Medium) 2290 <-> WEB-PHP Advanced Poll admin_help.php access (web-php.rules, Medium) 2291 <-> WEB-PHP Advanced Poll admin_license.php access (web-php.rules, Medium) 2292 <-> WEB-PHP Advanced Poll admin_logout.php access (web-php.rules, Medium) 2293 <-> WEB-PHP Advanced Poll admin_password.php access (web-php.rules, Medium) 2294 <-> WEB-PHP Advanced Poll admin_preview.php access (web-php.rules, Medium) 2295 <-> WEB-PHP Advanced Poll admin_settings.php access (web-php.rules, Medium) 2296 <-> WEB-PHP Advanced Poll admin_stats.php access (web-php.rules, Medium) 2297 <-> WEB-PHP Advanced Poll admin_templates_misc.php access (web-php.rules, Medium) 2298 <-> WEB-PHP Advanced Poll admin_templates.php access (web-php.rules, Medium) 2299 <-> WEB-PHP Advanced Poll admin_tpl_misc_new.php access (web-php.rules, Medium) 2300 <-> WEB-PHP Advanced Poll admin_tpl_new.php access (web-php.rules, Medium) 2301 <-> WEB-PHP Advanced Poll booth.php access (web-php.rules, Medium) 2302 <-> WEB-PHP Advanced Poll poll_ssi.php access (web-php.rules, Medium) 2303 <-> WEB-PHP Advanced Poll popup.php access (web-php.rules, Medium) 2304 <-> WEB-PHP files.inc.php access (web-php.rules, Medium) 2305 <-> WEB-PHP chatbox.php access (web-php.rules, Medium) 2321 <-> WEB-IIS foxweb.exe access (web-iis.rules, Medium) 2322 <-> WEB-IIS foxweb.dll access (web-iis.rules, Medium) 2323 <-> WEB-CGI quickstore.cgi access (web-cgi.rules, Medium) 2324 <-> WEB-IIS VP-ASP shopsearch.asp access (web-iis.rules, Medium) 2325 <-> WEB-IIS VP-ASP ShopDisplayProducts.asp access (web-iis.rules, Medium) 2326 <-> WEB-IIS sgdynamo.exe access (web-iis.rules, Medium) 2328 <-> WEB-PHP authentication_index.php access (web-php.rules, Medium) 2331 <-> WEB-PHP MatrikzGB privilege escalation attempt (web-php.rules, Medium) 2341 <-> WEB-PHP DCP-Portal remote file include editor script attempt (web-php.rules, High) 2342 <-> WEB-PHP DCP-Portal remote file include lib script attempt (web-php.rules, High) 2345 <-> WEB-PHP PhpGedView search.php access (web-php.rules, Medium) 2346 <-> WEB-PHP myPHPNuke chatheader.php access (web-php.rules, Medium) 2347 <-> WEB-PHP myPHPNuke partner.php access (web-php.rules, Medium) 2355 <-> WEB-PHP Invision Board emailer.php file include (web-php.rules, Medium) 2358 <-> WEB-PHP Typo3 translations.php file include (web-php.rules, High) 2361 <-> WEB-PHP news.php file include (web-php.rules, High) 2362 <-> WEB-PHP YaBB SE packages.php file include (web-php.rules, High) 2363 <-> WEB-PHP Cyboards default_header.php access (web-php.rules, Medium) 2364 <-> WEB-PHP Cyboards options_form.php access (web-php.rules, Medium) 2365 <-> WEB-PHP newsPHP Language file include attempt (web-php.rules, Medium) 2372 <-> WEB-PHP Photopost PHP Pro showphoto.php access (web-php.rules, Medium) 2387 <-> WEB-CGI view_broadcast.cgi access (web-cgi.rules, Medium) 2388 <-> WEB-CGI streaming server view_broadcast.cgi access (web-cgi.rules, Medium) 2393 <-> WEB-PHP /_admin access (web-php.rules, Medium) 2396 <-> WEB-CGI CCBill whereami.cgi arbitrary command execution attempt (web-cgi.rules, High) 2397 <-> WEB-CGI CCBill whereami.cgi access (web-cgi.rules, Medium) 2399 <-> WEB-PHP WAnewsletter db_type.php access (web-php.rules, Medium) 2405 <-> WEB-PHP phptest.php access (web-php.rules, Medium) 2410 <-> WEB-PHP IGeneric Free Shopping Cart page.php access (web-php.rules, Medium) 2419 <-> MULTIMEDIA realplayer .ram playlist download attempt (multimedia.rules, Low) 2420 <-> MULTIMEDIA realplayer .rmp playlist download attempt (multimedia.rules, Low) 2421 <-> MULTIMEDIA realplayer .smi playlist download attempt (multimedia.rules, Low) 2422 <-> MULTIMEDIA realplayer .rt playlist download attempt (multimedia.rules, Low) 2423 <-> MULTIMEDIA realplayer .rp playlist download attempt (multimedia.rules, Low) 2565 <-> WEB-PHP modules.php access (web-php.rules, Medium) 2567 <-> WEB-CGI Emumail init.emu access (web-cgi.rules, Medium) 2568 <-> WEB-CGI Emumail emumail.fcgi access (web-cgi.rules, Medium) 2571 <-> WEB-IIS SmarterTools SmarterMail frmGetAttachment.aspx access (web-iis.rules, Medium) 2573 <-> WEB-IIS SmarterTools SmarterMail frmCompose.asp access (web-iis.rules, Medium) 2663 <-> WEB-CGI WhatsUpGold instancename overflow attempt (web-cgi.rules, High) 2667 <-> WEB-IIS ping.asp access (web-iis.rules, Medium) 2668 <-> WEB-CGI processit access (web-cgi.rules, Medium) 2669 <-> WEB-CGI ibillpm.pl access (web-cgi.rules, Medium) 3087 <-> WEB-IIS w3who.dll buffer overflow attempt (web-iis.rules, High) 3193 <-> WEB-IIS .cmd executable file parsing attack (web-iis.rules, High) 3194 <-> WEB-IIS .bat executable file parsing attack (web-iis.rules, High) 3201 <-> WEB-IIS httpodbc.dll access - nimda (web-iis.rules, Medium) 3453 <-> MISC Arkeia client backup system info probe (misc.rules, Medium) 3463 <-> WEB-CGI awstats access (web-cgi.rules, Medium) 3464 <-> WEB-CGI awstats.pl command execution attempt (web-cgi.rules, High) 3465 <-> WEB-CGI RiSearch show.pl proxy attempt (web-cgi.rules, Medium) 3469 <-> WEB-CGI Ipswitch WhatsUp Gold dos attempt (web-cgi.rules, Medium) 3638 <-> WEB-CGI SoftCart.exe CGI buffer overflow attempt (web-cgi.rules, High) 3674 <-> WEB-CGI db4web_c directory traversal attempt (web-cgi.rules, High) 3690 <-> WEB-CGI Nucleus CMS action.php itemid SQL injection (web-cgi.rules, Medium) 3813 <-> WEB-CGI awstats.pl configdir command execution attempt (web-cgi.rules, High) 3827 <-> WEB-PHP xmlrpc.php post attempt (web-php.rules, High) 4128 <-> WEB-CGI 4DWebstar ShellExample.cgi information disclosure (web-cgi.rules, Medium) 5692 <-> P2P Skype client successful install (p2p.rules, High) 5695 <-> WEB-IIS web agent redirect overflow attempt (web-iis.rules, High) 5706 <-> POLICY Namazu incoming namazu.cgi access (policy.rules, Medium) 5707 <-> POLICY Namazu outbound namazu.cgi access (policy.rules, Medium) 5709 <-> WEB-PHP file upload directory traversal (web-php.rules, Medium) 5745 <-> SPYWARE-PUT Hijacker adultlinks runtime detection - redirect (spyware-put.rules, Low) 5746 <-> SPYWARE-PUT Hijacker adultlinks runtime detection - load url (spyware-put.rules, Low) 5747 <-> SPYWARE-PUT Hijacker adultlinks runtime detection - log hits (spyware-put.rules, Low) 5748 <-> SPYWARE-PUT Hijacker adultlinks runtime detection - ads (spyware-put.rules, Low) 5751 <-> SPYWARE-PUT Adware exactsearch runtime detection - switch search engine 1 (spyware-put.rules, Low) 5752 <-> SPYWARE-PUT Adware exactsearch runtime detection - switch search engine 2 (spyware-put.rules, Low) 5753 <-> SPYWARE-PUT Adware exactsearch runtime detection - topsearches (spyware-put.rules, Low) 5754 <-> SPYWARE-PUT Hijacker ezcybersearch runtime detection - ie auto search hijack (spyware-put.rules, Low) 5755 <-> SPYWARE-PUT Hijacker ezcybersearch runtime detection - check update (spyware-put.rules, Low) 5756 <-> SPYWARE-PUT Hijacker ezcybersearch runtime detection - add coolsites to ie favorites (spyware-put.rules, Low) 5757 <-> SPYWARE-PUT Hijacker ezcybersearch runtime detection - check toolbar setting (spyware-put.rules, Low) 5758 <-> SPYWARE-PUT Hijacker ezcybersearch runtime detection - download fastclick pop-under code (spyware-put.rules, Low) 5762 <-> SPYWARE-PUT Trickler bearshare runtime detection - p2p information request (spyware-put.rules, Low) 5766 <-> SPYWARE-PUT Hijacker begin2search runtime detection - install spyware trafficsector (spyware-put.rules, Low) 5768 <-> SPYWARE-PUT Hijacker begin2search runtime detection - pass information (spyware-put.rules, Low) 5785 <-> SPYWARE-PUT Adware hithopper runtime detection - get xml setting (spyware-put.rules, Low) 5786 <-> SPYWARE-PUT Adware hithopper runtime detection - redirect (spyware-put.rules, Low) 5789 <-> SPYWARE-PUT keylogger pc actmon pro runtime detection - http (spyware-put.rules, Medium) 5791 <-> SPYWARE-PUT Dialer pluginaccess runtime detection - get pin (spyware-put.rules, Low) 5792 <-> SPYWARE-PUT Dialer pluginaccess runtime detection - active proxy (spyware-put.rules, Low) 5793 <-> SPYWARE-PUT Dialer pluginaccess runtime detection - redirect (spyware-put.rules, Low) 5794 <-> SPYWARE-PUT Hijacker coolwebsearch.aboutblank variant runtime detection (spyware-put.rules, Low) 5797 <-> POLICY kontiki runtime detection (policy.rules, High) 5798 <-> SPYWARE-PUT Adware mydailyhoroscope runtime detection (spyware-put.rules, Low) 5800 <-> SPYWARE-PUT Trackware myway speedbar runtime detection - request config (spyware-put.rules, Medium) 5803 <-> SPYWARE-PUT Trackware myway speedbar / mywebsearch toolbar runtime detection - collect information (spyware-put.rules, Medium) 5805 <-> SPYWARE-PUT Trackware myway speedbar runtime detection - switch engines (spyware-put.rules, Medium) 5809 <-> SPYWARE-PUT Hijacker shop at home select merchant redirect in progress (spyware-put.rules, Low) 5810 <-> SPYWARE-PUT Hijacker shop at home select installation in progress (spyware-put.rules, Low) 5825 <-> SPYWARE-PUT Adware broadcasturban tuner runtime detection - start tuner (spyware-put.rules, Low) 5826 <-> SPYWARE-PUT Adware broadcasturban tuner runtime detection - pass user info to server (spyware-put.rules, Low) 5827 <-> SPYWARE-PUT Adware broadcasturban tuner runtime detection - get gateway (spyware-put.rules, Low) 5828 <-> SPYWARE-PUT Adware broadcasturban tuner runtime detection - connect to station (spyware-put.rules, Low) 5829 <-> SPYWARE-PUT Trickler clipgenie runtime detection (spyware-put.rules, Low) 5834 <-> SPYWARE-PUT Trickler conscorr runtime detection (spyware-put.rules, Low) 5836 <-> SPYWARE-PUT Trickler nictech.bm2 runtime detection (spyware-put.rules, Low) 5841 <-> SPYWARE-PUT Trickler minibug runtime detection - retrieve weather information (spyware-put.rules, Low) 5842 <-> SPYWARE-PUT Trickler minibug runtime detection - ads (spyware-put.rules, Low) 5843 <-> SPYWARE-PUT Hijacker surfsidekick runtime detection - hijack ie auto search (spyware-put.rules, Low) 5845 <-> SPYWARE-PUT Hijacker surfsidekick runtime detection - update request (spyware-put.rules, Low) 5846 <-> SPYWARE-PUT Trickler VX2/DLmax/BestOffers/Aurora runtime detection (spyware-put.rules, Low) 5847 <-> SPYWARE-PUT Adware warez_p2p runtime detection - p2p client home (spyware-put.rules, Low) 5853 <-> SPYWARE-PUT Adware warez_p2p runtime detection - download ads (spyware-put.rules, Low) 5855 <-> SPYWARE-PUT Hijacker funbuddyicons runtime detection - request config (spyware-put.rules, Low) 5857 <-> SPYWARE-PUT Hijacker funbuddyicons runtime detection - mysaconfg request (spyware-put.rules, Low) 5859 <-> SPYWARE-PUT Hijacker daosearch runtime detection - information request (spyware-put.rules, Low) 5860 <-> SPYWARE-PUT Hijacker daosearch runtime detection - search hijack (spyware-put.rules, Low) 5863 <-> SPYWARE-PUT Hijacker isearch runtime detection - search hijack 2 (spyware-put.rules, Low) 5864 <-> SPYWARE-PUT Hijacker isearch runtime detection - search in toolbar (spyware-put.rules, Low) 5867 <-> SPYWARE-PUT Hijacker couponbar runtime detection - get updates to toolbar buttons (spyware-put.rules, Low) 5883 <-> SPYWARE-PUT Other-Technologies saria 1.0 runtime detection - send user information (spyware-put.rules, Low) 5884 <-> SPYWARE-PUT Hijacker copernic meta toolbar runtime detection - check toolbar & category info (spyware-put.rules, Low) 5885 <-> SPYWARE-PUT Hijacker copernic meta toolbar runtime detection - ie autosearch & search assistant hijack (spyware-put.rules, Low) 5887 <-> SPYWARE-PUT Hijacker shopnav runtime detection - ie search assistant hijack (spyware-put.rules, Low) 5888 <-> SPYWARE-PUT Hijacker shopnav runtime detection - ie auto search hijack (spyware-put.rules, Low) 5890 <-> SPYWARE-PUT Hijacker shopnav runtime detection - self-update request 1 (spyware-put.rules, Low) 5901 <-> SPYWARE-PUT Trackware adtools-communicator runtime detection - download self-update (spyware-put.rules, Medium) 5902 <-> SPYWARE-PUT Adware download accelerator plus runtime detection - startup (spyware-put.rules, Low) 5903 <-> SPYWARE-PUT Adware download accelerator plus runtime detection - get ads (spyware-put.rules, Low) 5904 <-> SPYWARE-PUT Adware download accelerator plus runtime detection - download files (spyware-put.rules, Low) 5905 <-> SPYWARE-PUT Adware download accelerator plus runtime detection - games center request (spyware-put.rules, Low) 5906 <-> SPYWARE-PUT Adware download accelerator plus runtime detection - update (spyware-put.rules, Low) 5909 <-> SPYWARE-PUT Trackware e2give runtime detection - redirect affiliate site request 2 (spyware-put.rules, Medium) 5911 <-> SPYWARE-PUT Adware smartpops runtime detection (spyware-put.rules, Low) 5914 <-> SPYWARE-PUT Hijacker locatorstoolbar runtime detection - configuration download (spyware-put.rules, Low) 5915 <-> SPYWARE-PUT Hijacker locatorstoolbar runtime detection - autosearch hijack (spyware-put.rules, Low) 5916 <-> SPYWARE-PUT Hijacker locatorstoolbar runtime detection - sidebar search (spyware-put.rules, Low) 5921 <-> SPYWARE-PUT Trackware fftoolbar toolbar runtime detection - send user url request (spyware-put.rules, Medium) 5922 <-> SPYWARE-PUT Trackware fftoolbar toolbar runtime detection - display advertisement news (spyware-put.rules, Medium) 5924 <-> SPYWARE-PUT Adware active shopper runtime detection - redirect (spyware-put.rules, Low) 5926 <-> SPYWARE-PUT Adware active shopper runtime detection - collect information (spyware-put.rules, Low) 5930 <-> SPYWARE-PUT Adware cashbar runtime detection - pop-up ad 2 (spyware-put.rules, Low) 5932 <-> SPYWARE-PUT Adware cashbar runtime detection - stats track (spyware-put.rules, Low) 5939 <-> SPYWARE-PUT Trackware supreme toolbar runtime detection - get cfg (spyware-put.rules, Medium) 5946 <-> SPYWARE-PUT Adware weirdontheweb runtime detection - monitor user web activity (spyware-put.rules, Low) 5949 <-> SPYWARE-PUT Trackware iggsey toolbar detection - simpleticker.htm request (spyware-put.rules, Medium) 5951 <-> SPYWARE-PUT Trackware iggsey toolbar detection - search request (spyware-put.rules, Medium) 5959 <-> SPYWARE-PUT Hijacker raxsearch detection - send search keywords to raxsearch (spyware-put.rules, Low) 5963 <-> SPYWARE-PUT Hijacker searchfast detection - search request (spyware-put.rules, Low) 5965 <-> SPYWARE-PUT Hijacker searchfast detection - get toolbar cfg (spyware-put.rules, Low) 5981 <-> SPYWARE-PUT Hijacker seeqtoolbar runtime detection - autosearch hijack or search in toolbar (spyware-put.rules, Low) 5982 <-> SPYWARE-PUT Hijacker seeqtoolbar runtime detection - email login page (spyware-put.rules, Low) 5983 <-> SPYWARE-PUT Adware powerstrip runtime detection (spyware-put.rules, Low) 5984 <-> SPYWARE-PUT Trackware push toolbar installtime detection - user information collect (spyware-put.rules, Medium) 5985 <-> SPYWARE-PUT Trackware push toolbar runtime detection - toolbar information request (spyware-put.rules, Medium) 5993 <-> SPYWARE-PUT Hijacker getmirar runtime detection - track activity (spyware-put.rules, Low) 6183 <-> SPYWARE-PUT Adware 180Search assistant runtime detection - tracked event URL (spyware-put.rules, Low) 6187 <-> SPYWARE-PUT Adware ISTBar runtime detection - scripts (spyware-put.rules, Low) 6188 <-> SPYWARE-PUT Adware ISTBar runtime detection - bar (spyware-put.rules, Low) 6192 <-> SPYWARE-PUT Adware seekmo runtime detection - reporting keyword (spyware-put.rules, Low) 6198 <-> SPYWARE-PUT Trackware squaretrade side bar runtime detection - collect user information (spyware-put.rules, Medium) 6201 <-> SPYWARE-PUT Adware twaintec runtime detection (spyware-put.rules, Low) 6202 <-> SPYWARE-PUT Trickler farmmext installtime/update request (spyware-put.rules, Low) 6203 <-> SPYWARE-PUT Trickler farmmext runtime detection - drk.syn request (spyware-put.rules, Low) 6204 <-> SPYWARE-PUT Trickler farmmext runtime detection - track activity (spyware-put.rules, Low) 6214 <-> SPYWARE-PUT Hijacker 7fasst runtime detection - search (spyware-put.rules, Low) 6215 <-> SPYWARE-PUT Hijacker 7fasst runtime detection - track (spyware-put.rules, Low) 6216 <-> SPYWARE-PUT Adware aornum/iwon copilot runtime detection - config (spyware-put.rules, Low) 6218 <-> SPYWARE-PUT Adware aornum/iwon copilot runtime detection - ads (spyware-put.rules, Low) 6219 <-> SPYWARE-PUT Adware bonzibuddy runtime detection (spyware-put.rules, Low) 6226 <-> DELETED SPYWARE-PUT Adware exact.bargainbuddy runtime detection - ads - request (deleted.rules, Low) 6240 <-> SPYWARE-PUT Adware lop runtime detection - pop up ads (spyware-put.rules, Low) 6242 <-> SPYWARE-PUT Hijacker coolwebsearch.cameup runtime detection (spyware-put.rules, Low) 6245 <-> SPYWARE-PUT Hijacker coolwebsearch startpage runtime detection (spyware-put.rules, Low) 6247 <-> SPYWARE-PUT Adware ezula toptext runtime detection - help redirect (spyware-put.rules, Low) 6248 <-> SPYWARE-PUT Adware ezula toptext runtime detection - popup (spyware-put.rules, Low) 6249 <-> SPYWARE-PUT Adware ezula toptext runtime detection - redirect (spyware-put.rules, Low) 6259 <-> SPYWARE-PUT Adware searchsquire runtime detection - search forward (spyware-put.rules, Low) 6260 <-> SPYWARE-PUT Adware overpro runtime detection (spyware-put.rules, Low) 6263 <-> SPYWARE-PUT Hijacker gigatech superbar runtime detection - collect information (spyware-put.rules, Low) 6264 <-> SPYWARE-PUT Hijacker gigatech superbar runtime detection - self update - movie (spyware-put.rules, Low) 6265 <-> SPYWARE-PUT Hijacker gigatech superbar runtime detection - self update - engine (spyware-put.rules, Low) 6266 <-> SPYWARE-PUT Hijacker gigatech superbar runtime detection - self update - check update (spyware-put.rules, Low) 6267 <-> SPYWARE-PUT Hijacker gigatech superbar runtime detection - self update - get update (spyware-put.rules, Low) 6268 <-> SPYWARE-PUT Hijacker gigatech superbar runtime detection - self update - download exe (spyware-put.rules, Low) 6269 <-> SPYWARE-PUT Hijacker gigatech superbar runtime detection - track event (spyware-put.rules, Low) 6271 <-> SPYWARE-PUT Trickler bundleware runtime detection (spyware-put.rules, Low) 6280 <-> SPYWARE-PUT Hijacker sidefind runtime detection - cookie (spyware-put.rules, Low) 6283 <-> SPYWARE-PUT Hijacker websearch runtime detection - sitereview (spyware-put.rules, Low) 6284 <-> SPYWARE-PUT Hijacker websearch runtime detection - webstat (spyware-put.rules, Low) 6344 <-> SPYWARE-PUT Adware excite search bar runtime detection - config (spyware-put.rules, Low) 6345 <-> SPYWARE-PUT Adware excite search bar runtime detection - search (spyware-put.rules, Low) 6346 <-> SPYWARE-PUT Adware stationripper update detection (spyware-put.rules, Low) 6347 <-> SPYWARE-PUT Adware stationripper ad display detection (spyware-put.rules, Low) 6348 <-> SPYWARE-PUT Snoopware zenosearch runtime detection (spyware-put.rules, Medium) 6351 <-> SPYWARE-PUT Hijacker adblock update detection (spyware-put.rules, Low) 6352 <-> SPYWARE-PUT Hijacker adblock auto search redirect detection (spyware-put.rules, Low) 6353 <-> SPYWARE-PUT Hijacker adblock ie search assistant redirect detection (spyware-put.rules, Low) 6354 <-> SPYWARE-PUT Trickler wsearch runtime detection - auto update (spyware-put.rules, Low) 6361 <-> SPYWARE-PUT Adware altnet runtime detection - status report (spyware-put.rules, Low) 6363 <-> SPYWARE-PUT adware surfaccuracy runtime detection (spyware-put.rules, Low) 6367 <-> SPYWARE-PUT Trickler eacceleration downloadreceiver runtime detection - stop-sign ads (spyware-put.rules, Low) 6368 <-> SPYWARE-PUT Adware flashtrack media/spoton runtime detection - update request (spyware-put.rules, Low) 6371 <-> SPYWARE-PUT Adware flashtrack media/spoton runtime detection - pop up ads (spyware-put.rules, Low) 6372 <-> SPYWARE-PUT Trickler spyblocs eblocs detection - get wsliveup.dat (spyware-put.rules, Low) 6373 <-> SPYWARE-PUT Trickler spyblocs eblocs detection - stbarpat.dat (spyware-put.rules, Low) 6374 <-> SPYWARE-PUT Trickler spyblocs eblocs detection - get spyblpat.dat/spyblini.ini (spyware-put.rules, Low) 6375 <-> SPYWARE-PUT Trickler spyblocs.eblocs detection - register request (spyware-put.rules, Low) 6377 <-> SPYWARE-PUT Hijacker girafa toolbar - browser hijack (spyware-put.rules, Low) 6378 <-> SPYWARE-PUT Hijacker adbars runtime detection - homepage hijack (spyware-put.rules, Low) 6381 <-> SPYWARE-PUT Hijacker dotcomtoolbar runtime detection - search in toolbar (spyware-put.rules, Low) 6387 <-> SPYWARE-PUT Hijacker internet optimizer runtime detection - autosearch hijack (spyware-put.rules, Low) 6388 <-> SPYWARE-PUT Hijacker internet optimizer runtime detection - error page hijack (spyware-put.rules, Low) 6390 <-> SPYWARE-PUT Adware esyndicate runtime detection - ads popup (spyware-put.rules, Low) 6391 <-> SPYWARE-PUT Adware esyndicate runtime detection - ads popup (spyware-put.rules, Low) 6396 <-> BACKDOOR a-311 death user-agent string detected (backdoor.rules, High) 6406 <-> POLICY Gizmo VOIP client start-up version check (policy.rules, High) 6409 <-> WEB-FRONTPAGE frontpage server extension long host string overflow attempt (web-frontpage.rules, High) 6410 <-> WEB-FRONTPAGE frontpage server extension long host string overflow attempt (web-frontpage.rules, High) 6411 <-> WEB-FRONTPAGE frontpage server extension long host string overflow attempt (web-frontpage.rules, High) 6481 <-> SPYWARE-PUT Hijacker cws.cameup runtime detection - search (spyware-put.rules, Low) 6485 <-> DELETED SPYWARE-PUT Adware spyfalcon runtime detection - action report (deleted.rules, Low) 6486 <-> DELETED SPYWARE-PUT Adware spyfalcon runtime detection - notification (deleted.rules, Low) 6487 <-> SPYWARE-PUT Adware searchnugget toolbar runtime detection - check updates (spyware-put.rules, Low) 6492 <-> SPYWARE-PUT Trickler Backdoor-BAC.gen.e runtime detection - notification (spyware-put.rules, Low) 6495 <-> SPYWARE-PUT Hijacker troj_spywad.x runtime detection (spyware-put.rules, Low) 6496 <-> SPYWARE-PUT Adware adpowerzone runtime detection (spyware-put.rules, Low) 7051 <-> SPYWARE-PUT Trickler generic downloader.g runtime detection - spyware injection (spyware-put.rules, Low) 7123 <-> SPYWARE-PUT Other-Technologies alfacleaner runtime detection - update (spyware-put.rules, Low) 7127 <-> SPYWARE-PUT Hijacker wowok mp3 bar runtime detection - tracking (spyware-put.rules, Low) 7137 <-> SPYWARE-PUT Hijacker dsrch runtime detection - side search redirect (spyware-put.rules, Low) 7142 <-> SPYWARE-PUT Adware ares flash downloader 2.04 runtime detection (spyware-put.rules, Low) 7143 <-> SPYWARE-PUT Adware digink.com runtime detection (spyware-put.rules, Low) 7145 <-> SPYWARE-PUT Other-Technologies spam maxy runtime detection (spyware-put.rules, Low) 7147 <-> SPYWARE-PUT Hacker-Tool sars notifier runtime detection - icq notification (spyware-put.rules, Low) 7148 <-> SPYWARE-PUT Hacker-Tool sars notifier runtime detection - cgi notification (spyware-put.rules, Low) 7149 <-> SPYWARE-PUT Hacker-Tool sars notifier runtime detection - php notification (spyware-put.rules, Low) 7152 <-> SPYWARE-PUT Hijacker cnsmin 3721 runtime detection - installation (spyware-put.rules, Low) 7153 <-> SPYWARE-PUT Hijacker cnsmin 3721 runtime detection - hijacking (spyware-put.rules, Low) 7187 <-> SPYWARE-PUT Trackware shopathome user-agent detected (spyware-put.rules, Medium) 7188 <-> SPYWARE-PUT Hijacker shop at home select - merchant redirect in progress (spyware-put.rules, Medium) 7190 <-> SPYWARE-PUT Adware trustyfiles v3.1.0.1 runtime detection - host retrieval (spyware-put.rules, Low) 7191 <-> SPYWARE-PUT Adware trustyfiles v3.1.0.1 runtime detection - url retrieval (spyware-put.rules, Low) 7192 <-> SPYWARE-PUT Adware trustyfiles v3.1.0.1 runtime detection - sponsor selection (spyware-put.rules, Low) 7193 <-> SPYWARE-PUT Adware trustyfiles v3.1.0.1 runtime detection - startup access (spyware-put.rules, Low) 7511 <-> SPYWARE-PUT Trickler edonkey2000 runtime detection - get ads page (spyware-put.rules, Low) 7519 <-> SPYWARE-PUT Trackware earthlink toolbar runtime detection - track activity (spyware-put.rules, Medium) 7520 <-> SPYWARE-PUT Trackware earthlink toolbar runtime detection - ie autosearch hijack (spyware-put.rules, Medium) 7521 <-> SPYWARE-PUT Trackware earthlink toolbar runtime detection - search toolbar request 1 (spyware-put.rules, Medium) 7522 <-> SPYWARE-PUT Trackware earthlink toolbar runtime detection - search toolbar request 2 (spyware-put.rules, Medium) 7525 <-> SPYWARE-PUT Trackware hotblox toolbar runtime detection - barad.asp request (spyware-put.rules, Medium) 7526 <-> SPYWARE-PUT Trackware hotblox toolbar runtime detection - stat counter (spyware-put.rules, Medium) 7527 <-> SPYWARE-PUT Trackware hotblox toolbar runtime detection - toolbar find function (spyware-put.rules, Medium) 7529 <-> SPYWARE-PUT Snoopware halflife jacker runtime detection (spyware-put.rules, Medium) 7530 <-> SPYWARE-PUT Trickler mediaseek.pl client runtime detection - trickler (spyware-put.rules, Low) 7535 <-> SPYWARE-PUT Hijacker clearsearch variant runtime detection - pass information (spyware-put.rules, Low) 7536 <-> SPYWARE-PUT Hijacker clearsearch variant runtime detection - popup (spyware-put.rules, Low) 7540 <-> SPYWARE-PUT Hacker-Tool unify runtime detection - cgi notification (spyware-put.rules, Low) 7543 <-> SPYWARE-PUT Hijacker 2020search runtime detection (spyware-put.rules, Low) 7553 <-> SPYWARE-PUT Adware hxdl runtime detection - hxlogonly user-agent (spyware-put.rules, Low) 7556 <-> SPYWARE-PUT Hijacker blazefind runtime detection - search bar (spyware-put.rules, Low) 7557 <-> SPYWARE-PUT Trackware purityscan runtime detection - start up (spyware-put.rules, Medium) 7558 <-> SPYWARE-PUT Trackware purityscan runtime detection - installation notify (spyware-put.rules, Medium) 7559 <-> SPYWARE-PUT Trackware purityscan runtime detection - track user activity and status (spyware-put.rules, Medium) 7560 <-> SPYWARE-PUT Trackware purityscan runtime detection - self update (spyware-put.rules, Medium) 7561 <-> SPYWARE-PUT Trackware purityscan runtime detection - opt out of interstitial advertising (spyware-put.rules, Medium) 7564 <-> SPYWARE-PUT Hijacker startnow runtime detection (spyware-put.rules, Low) 7565 <-> SPYWARE-PUT Hijacker adshooter.searchforit runtime detection - search engine (spyware-put.rules, Low) 7566 <-> SPYWARE-PUT Hijacker adshooter.searchforit runtime detection - redirector (spyware-put.rules, Low) 7569 <-> SPYWARE-PUT Adware lordofsearch runtime detection (spyware-put.rules, Low) 7570 <-> SPYWARE-PUT Hijacker linkspider search bar runtime detection - ads (spyware-put.rules, Low) 7571 <-> SPYWARE-PUT Hijacker linkspider search bar runtime detection - toolbar search (spyware-put.rules, Low) 7572 <-> SPYWARE-PUT Trickler album galaxy runtime detection - startup data (spyware-put.rules, Low) 7573 <-> SPYWARE-PUT Trickler album galaxy runtime detection - p2p gnutella (spyware-put.rules, Low) 7578 <-> SPYWARE-PUT Hijacker starware toolbar runtime detection - reference (spyware-put.rules, Low) 7580 <-> SPYWARE-PUT Hijacker starware toolbar runtime detection - update (spyware-put.rules, Low) 7590 <-> SPYWARE-PUT Hijacker swbar runtime detection (spyware-put.rules, Low) 7594 <-> SPYWARE-PUT Adware comedy planet runtime detection - ads (spyware-put.rules, Low) 7823 <-> SPYWARE-PUT Adware whenu runtime detection - datachunksgz (spyware-put.rules, Low) 7825 <-> SPYWARE-PUT Adware whenu.savenow runtime detection (spyware-put.rules, Low) 7826 <-> SPYWARE-PUT Trickler whenu.weathercast runtime detection - check (spyware-put.rules, Low) 7827 <-> SPYWARE-PUT Adware whenu runtime detection - search request 1 (spyware-put.rules, Low) 7828 <-> SPYWARE-PUT Adware whenu runtime detection - search request 2 (spyware-put.rules, Low) 7833 <-> SPYWARE-PUT Hijacker navexcel helper runtime detection - search (spyware-put.rules, Low) 7834 <-> SPYWARE-PUT Hacker-Tool nettracker runtime detection - report browsing (spyware-put.rules, Low) 7839 <-> SPYWARE-PUT Hijacker rx toolbar runtime detection (spyware-put.rules, Low) 7843 <-> SPYWARE-PUT Hijacker avenuemedia.dyfuca runtime detection - search engine hijack (spyware-put.rules, Low) 7850 <-> SPYWARE-PUT Trickler maxsearch runtime detection - retrieve command (spyware-put.rules, Low) 7851 <-> SPYWARE-PUT Trickler maxsearch runtime detection - ack (spyware-put.rules, Low) 7852 <-> SPYWARE-PUT Trickler maxsearch runtime detection - advertisement (spyware-put.rules, Low) 7856 <-> SPYWARE-PUT Trackware winsysba-a runtime detection - track surfing activity (spyware-put.rules, Medium) 7858 <-> POLICY Google Desktop initial install - firstuse request (policy.rules, High) 7859 <-> POLICY Google Desktop initial install - installer request (policy.rules, High) 7860 <-> POLICY Google Desktop search query (policy.rules, High) 8073 <-> SPYWARE-PUT Adware zango toolbar runtime detection (spyware-put.rules, Low) 8084 <-> WEB-CGI CVSTrac filediff function access (web-cgi.rules, Medium) 8353 <-> SPYWARE-PUT Adware desktopmedia runtime detection - auto update (spyware-put.rules, Low) 8354 <-> SPYWARE-PUT Adware desktopmedia runtime detection - surf monitoring (spyware-put.rules, Low) 8359 <-> SPYWARE-PUT Hijacker yok supersearch runtime detection - target website display (spyware-put.rules, Low) 8461 <-> SPYWARE-PUT Trackware duduaccelerator runtime detection - send userinfo (spyware-put.rules, Medium) 8462 <-> SPYWARE-PUT Trackware duduaccelerator runtime detection - trace info downloaded (spyware-put.rules, Medium) 8464 <-> SPYWARE-PUT Adware henbang runtime detection (spyware-put.rules, Low) 8490 <-> WEB-COLDFUSION viewexample.cfm access (web-coldfusion.rules, Medium) 8491 <-> WEB-COLDFUSION eval.cfm access (web-coldfusion.rules, Medium) 8492 <-> WEB-COLDFUSION openfile.cfm access (web-coldfusion.rules, Medium) 8493 <-> WEB-COLDFUSION sourcewindow.cfm access (web-coldfusion.rules, Medium) 8542 <-> SPYWARE-PUT Trackware deluxecommunications runtime detection - collect info (spyware-put.rules, Medium) 9644 <-> SPYWARE-PUT Adware imnames runtime detection (spyware-put.rules, Low) 9645 <-> SPYWARE-PUT Hijacker sogou runtime detection - keyword hijack (spyware-put.rules, Low) 9831 <-> SPYWARE-PUT Adware u88 runtime detection (spyware-put.rules, Low) 10164 <-> SPYWARE-PUT Adware adclicker-ej runtime detection (spyware-put.rules, Low) 10180 <-> SPYWARE-PUT Adware eqiso runtime detection (spyware-put.rules, Low) 10182 <-> SPYWARE-PUT Adware newweb runtime detection (spyware-put.rules, Low) 10435 <-> SPYWARE-PUT Trackware admedia runtime detection (spyware-put.rules, Medium) 10437 <-> SPYWARE-PUT Hijacker bazookabar runtime detection (spyware-put.rules, Low) 10438 <-> SPYWARE-PUT Hijacker bazookabar runtime detection (spyware-put.rules, Low) 10999 <-> WEB-CGI chetcpasswd access (web-cgi.rules, Medium) 11191 <-> WEB-IIS Microsoft Content Management Server memory corruption (web-iis.rules, High) 11310 <-> SPYWARE-PUT Trickler iowa webdownloader - icq notification (spyware-put.rules, Low) 11312 <-> SPYWARE-PUT Trackware uplink runtime detection (spyware-put.rules, Medium) 11664 <-> WEB-PHP sphpblog password.txt access attempt (web-php.rules, High) 11665 <-> WEB-PHP sphpblog install03_cgi access attempt (web-php.rules, High) 11666 <-> WEB-PHP sphpblog upload_img_cgi access attempt (web-php.rules, High) 11667 <-> WEB-PHP sphpblog arbitrary file delete attempt (web-php.rules, High) 11817 <-> WEB-CGI WhatsUpGold configuration access (web-cgi.rules, Medium) 12050 <-> SPYWARE-PUT Hijacker ez-greets toolbar runtime detection (spyware-put.rules, Low) 12056 <-> WEB-CGI WhatsUpGold instancename overflow attempt (web-cgi.rules, High) 12057 <-> WEB-CGI WhatsUpGold configuration access (web-cgi.rules, Medium) 12120 <-> SPYWARE-PUT Adware pprich runtime detection - version check (spyware-put.rules, Low) 12123 <-> SPYWARE-PUT Hijacker lookquick runtime detection - hijack ie (spyware-put.rules, Low) 12124 <-> SPYWARE-PUT Hijacker lookquick runtime detection - monitor and collect user info (spyware-put.rules, Low) 12126 <-> SPYWARE-PUT Trackware lookster toolbar runtime detection - collect user information (spyware-put.rules, Medium) 12127 <-> SPYWARE-PUT Trackware lookster toolbar runtime detection - ads (spyware-put.rules, Medium) 12140 <-> SPYWARE-PUT Hijacker cnnic update runtime detection (spyware-put.rules, Low) 12225 <-> SPYWARE-PUT Adware zango2007 toolbar runtime detection (spyware-put.rules, Low) 12227 <-> SPYWARE-PUT Trackware snap ultrasearch/desktop toolbar runtime detection - search (spyware-put.rules, Medium) 12230 <-> SPYWARE-PUT Hacker-Tool hippynotify 2.0 runtime detection (spyware-put.rules, Low) 12232 <-> SPYWARE-PUT Adware errorsafe runtime detection (spyware-put.rules, Low) 12277 <-> EXPLOIT Microsoft IE CSS memory corruption exploit (exploit.rules, High) 12287 <-> SPYWARE-PUT Hijacker scn toolbar runtime detection - ebrss request (spyware-put.rules, Low) 12290 <-> SPYWARE-PUT Hijacker newdotnet quick! search runtime detection (spyware-put.rules, Low) 12291 <-> SPYWARE-PUT Trackware vmn toolbar runtime detection (spyware-put.rules, Medium) 12292 <-> SPYWARE-PUT Hijacker morpheus toolbar runtime detection - hijack/search (spyware-put.rules, Low) 12293 <-> SPYWARE-PUT Hijacker morpheus toolbar runtime detection - get cfg info (spyware-put.rules, Low) 12296 <-> SPYWARE-PUT Hijacker 3search runtime detection - update (spyware-put.rules, Low) 12303 <-> POLICY Google Chat web client connection (policy.rules, High) 12304 <-> POLICY AOL Instant Messenger web client connection (policy.rules, High) 12305 <-> POLICY Yahoo Messenger web client connection (policy.rules, High) 12306 <-> POLICY Microsoft Messenger web client connection (policy.rules, High) 12361 <-> SPYWARE-PUT Infostealer.Monstres runtime detection (spyware-put.rules, Low) 12364 <-> SPYWARE-PUT Hijacker proventactics 3.5 runtime detection - get cfg information (spyware-put.rules, Low) 12368 <-> SPYWARE-PUT Hijacker imesh mediabar runtime detection - hijack ie side search (spyware-put.rules, Low) 12369 <-> SPYWARE-PUT Hijacker imesh mediabar runtime detection - collect user information (spyware-put.rules, Low) 12436 <-> MULTIMEDIA Youtube video player file request (multimedia.rules, High) 12437 <-> MULTIMEDIA Google video player request (multimedia.rules, High) 12455 <-> POLICY Crystal reports download request (policy.rules, High) 12484 <-> SPYWARE-PUT Adware instant buzz runtime detection - ads for members (spyware-put.rules, Low) 12487 <-> SPYWARE-PUT Hijacker soso toolbar runtime detection - hijack ie auto searches / soso toolbar searches requests (spyware-put.rules, Low) 12620 <-> SPYWARE-PUT Adware drive cleaner 1.0.111 runtime detection (spyware-put.rules, Low) 12624 <-> SPYWARE-PUT Hijacker onestepsearch 1.0.118 runtime detection - upgrade (spyware-put.rules, Low) 12654 <-> SPYWARE-PUT Hijacker rabio 4.2 runtime detection - hijack browser (spyware-put.rules, Low) 12655 <-> SPYWARE-PUT Hijacker rabio 4.2 runtime detection - download updates (spyware-put.rules, Low) 12672 <-> SPYWARE-PUT Trackware searchmiracle elitebar runtime detection - get ads (spyware-put.rules, Medium) 12673 <-> SPYWARE-PUT Trackware searchmiracle elitebar runtime detection - collect information (spyware-put.rules, Medium) 12674 <-> SPYWARE-PUT Trackware searchmiracle elitebar runtime detection - track activity (spyware-put.rules, Medium) 12676 <-> SPYWARE-PUT Conspy Update Checking Detected (spyware-put.rules, Low) 12677 <-> SPYWARE-PUT Adware ISTBar runtime detection - softwares (spyware-put.rules, Low) 12695 <-> SPYWARE-PUT Adware coopen 3.6.1 runtime detection - initial connection (spyware-put.rules, Low) 12696 <-> SPYWARE-PUT Adware coopen 3.6.1 runtime detection - automatic upgrade (spyware-put.rules, Low) 12720 <-> SPYWARE-PUT Adware pestbot runtime detection - update (spyware-put.rules, Low) 12722 <-> SPYWARE-PUT Hijacker sexyvideoscreensaver runtime detection (spyware-put.rules, Low) 12723 <-> SPYWARE-PUT Trackware winzix 2.2.0 runtime detection (spyware-put.rules, Medium) 12790 <-> SPYWARE-PUT Trackware partypoker runtime detection (spyware-put.rules, Medium) 12791 <-> SPYWARE-PUT Adware gophoria toolbar runtime detection (spyware-put.rules, Low) 12794 <-> SPYWARE-PUT Hijacker gralicwrap runtime detection - search frauddb process (spyware-put.rules, Low) 12795 <-> SPYWARE-PUT Hijacker gralicwrap runtime detection - display frauddb information (spyware-put.rules, Low) 12798 <-> SHELLCODE base64 x86 NOOP (shellcode.rules, High) 12799 <-> SHELLCODE base64 x86 NOOP (shellcode.rules, High) 12800 <-> SHELLCODE base64 x86 NOOP (shellcode.rules, High) 12801 <-> SHELLCODE base64 x86 NOOP (shellcode.rules, High) 12802 <-> SHELLCODE base64 x86 NOOP (shellcode.rules, High) 13238 <-> SPYWARE-PUT Adware adult p2p 1.5 runtime detection (spyware-put.rules, Low) 13277 <-> SPYWARE-PUT Adware netword agent runtime detection (spyware-put.rules, Low) 13282 <-> SPYWARE-PUT Adware jily ie toolbar runtime detection (spyware-put.rules, Low) 13283 <-> SPYWARE-PUT Hijacker dreambar runtime detection (spyware-put.rules, Low) 13284 <-> SPYWARE-PUT Adware netguarder web cleaner runtime detection (spyware-put.rules, Low) 13285 <-> SPYWARE-PUT Hijacker phazebar runtime detection (spyware-put.rules, Low) 13286 <-> SPYWARE-PUT Adware 3wplayer 1.7 runtime detection (spyware-put.rules, Low) 13344 <-> SPYWARE-PUT Adware yourprivacyguard runtime detection - presale request (spyware-put.rules, Low) 13473 <-> EXPLOIT Microsoft Publisher file download (exploit.rules, Low) 13481 <-> SPYWARE-PUT Hijacker baidu toolbar runtime detection - hijacks search engine (spyware-put.rules, Low) 13482 <-> SPYWARE-PUT Hijacker baidu toolbar runtime detection - discloses information (spyware-put.rules, Low) 13483 <-> SPYWARE-PUT Hijacker baidu toolbar runtime detection - updates automatically (spyware-put.rules, Low) 13485 <-> SPYWARE-PUT Hijacker sofa toolbar runtime detection - hijacks search engine (spyware-put.rules, Low) 13486 <-> SPYWARE-PUT Hijacker sofa toolbar runtime detection - records search information (spyware-put.rules, Low) 13489 <-> SPYWARE-PUT Hijacker people pal toolbar runtime detection - traffic for searching (spyware-put.rules, Low) 13492 <-> SPYWARE-PUT Hijacker deepdo toolbar runtime detection - redirects search engine (spyware-put.rules, Low) 13493 <-> SPYWARE-PUT Hijacker deepdo toolbar runtime detection - automatic update (spyware-put.rules, Low) 13495 <-> SPYWARE-PUT Hijacker ez-tracks toolbar runtime detection - initial traffic 1 (spyware-put.rules, Low) 13496 <-> SPYWARE-PUT Hijacker ez-tracks toolbar runtime detection - initial traffic 2 (spyware-put.rules, Low) 13497 <-> SPYWARE-PUT Hijacker ez-tracks toolbar runtime detection - tracking traffic (spyware-put.rules, Low) 13498 <-> SPYWARE-PUT Hijacker hbtbar runtime detection - search traffic 1 (spyware-put.rules, Low) 13499 <-> SPYWARE-PUT Hijacker hbtbar runtime detection - search traffic 2 (spyware-put.rules, Low) 13500 <-> SPYWARE-PUT Hijacker hbtbar runtime detection - log information (spyware-put.rules, Low) 13512 <-> SQL generic sql exec injection attempt - GET parameter (sql.rules, High) 13513 <-> SQL generic sql insert injection atttempt - GET parameter (sql.rules, High) 13514 <-> SQL generic sql update injection attempt - GET parameter (sql.rules, High) 13556 <-> SPYWARE-PUT Hijacker kword interkey runtime detection - search traffic 1 (spyware-put.rules, Low) 13558 <-> SPYWARE-PUT Hijacker kword interkey runtime detection - log user info (spyware-put.rules, Low) 13560 <-> SPYWARE-PUT Hijacker kompass toolbar runtime detection - search traffic (spyware-put.rules, Low) 13563 <-> SPYWARE-PUT Adware system doctor runtime detection - presale request (spyware-put.rules, Low) 13564 <-> SPYWARE-PUT Adware system doctor runtime detection - update status (spyware-put.rules, Low) 13638 <-> SPYWARE-PUT Adware virus heat runtime detection - initial database connection (spyware-put.rules, Low) 13640 <-> SPYWARE-PUT Hijacker locmag toolbar runtime detection - hijacks address bar (spyware-put.rules, Low) 13645 <-> SPYWARE-PUT Hijacker mxs toolbar runtime detection (spyware-put.rules, Low) 13648 <-> SPYWARE-PUT Hijacker mysearch bar 2.0.2.28 runtime detection (spyware-put.rules, Low) 13650 <-> SPYWARE-PUT Adware spyware stop runtime detection - auto updates (spyware-put.rules, Low) 13653 <-> SPYWARE-PUT Adware cashfiesta adbar runtime detection - updates traffic (spyware-put.rules, Low) 13678 <-> MISC Microsoft EMF metafile access detected (misc.rules, High) 13766 <-> SPYWARE-PUT Adware winxdefender runtime detection - auto update (spyware-put.rules, Low) 13769 <-> SPYWARE-PUT Hijacker searchnine toolbar runtime detection - hijacks address bar (spyware-put.rules, Low) 13770 <-> SPYWARE-PUT Hijacker searchnine toolbar runtime detection - redirects search function (spyware-put.rules, Low) 13771 <-> SPYWARE-PUT Hijacker music of faith toolbar runtime detection - hijacks search engine traffic #1 (spyware-put.rules, Low) 13772 <-> SPYWARE-PUT Hijacker music of faith toolbar runtime detection - hijacks search engine traffic #2 (spyware-put.rules, Low) 13777 <-> SPYWARE-PUT Trackware syscleaner runtime detection - get update (spyware-put.rules, Medium) 13779 <-> SPYWARE-PUT Trackware proofile toolbar runtime detection (spyware-put.rules, Medium) 13781 <-> SPYWARE-PUT Hijacker find.fm toolbar runtime detection - hijacks address bar (spyware-put.rules, Low) 13782 <-> SPYWARE-PUT Hijacker ezreward runtime detection (spyware-put.rules, Low) 13801 <-> WEB-CLIENT RTF file download (web-client.rules, Low) 13847 <-> SPYWARE-PUT Adware phoenician casino runtime detection (spyware-put.rules, Low) 13848 <-> SPYWARE-PUT Trickler zwinky runtime detection (spyware-put.rules, Low) 13852 <-> SPYWARE-PUT Hijacker bitroll 5.0 runtime detection (spyware-put.rules, Low) 13853 <-> SPYWARE-PUT Hijacker alot toolbar runtime detection - weather request (spyware-put.rules, Low) 13854 <-> SPYWARE-PUT Hijacker alot toolbar runtime detection - auto update (spyware-put.rules, Low) 13862 <-> POLICY Habbo chat client item information download (policy.rules, High) 13868 <-> SPYWARE-PUT Adware antispywaremaster runtime detection - start fake scanning (spyware-put.rules, Low) 13869 <-> SPYWARE-PUT Adware antispywaremaster runtime detection - sale/register request (spyware-put.rules, Low) 13870 <-> SPYWARE-PUT Adware coopen 5.0.0.87 runtime detection - init conn (spyware-put.rules, Low) 13871 <-> SPYWARE-PUT Adware coopen 5.0.0.87 runtime detection - ads (spyware-put.rules, Low) 13872 <-> SPYWARE-PUT Trickler fushion 1.2.4.17 runtime detection - notice (spyware-put.rules, Low) 13873 <-> SPYWARE-PUT Trickler fushion 1.2.4.17 runtime detection - underground traffic (spyware-put.rules, Low) 13875 <-> SPYWARE-PUT Adware malware destructor 4.5 runtime detection - auto update (spyware-put.rules, Low) 13901 <-> NETBIOS SMB server response heap overflow attempt (netbios.rules, High) 13924 <-> EXPLOIT Lotus Domino HTTP header overflow attempt (exploit.rules, High) 13930 <-> SPYWARE-PUT Trickler pc privacy cleaner runtime detection - order/register request (spyware-put.rules, Low) 13937 <-> SPYWARE-PUT Hijacker adware.win32.ejik.ec variant runtime detection - call home (spyware-put.rules, Low) 13938 <-> SPYWARE-PUT Hijacker adware.win32.ejik.ec variant runtime detection (spyware-put.rules, Low) 13943 <-> SPYWARE-PUT Trickler dropper agent.rqg runtime detection (spyware-put.rules, High) 13990 <-> SQL union select - possible sql injection attempt - GET parameter (sql.rules, Medium) 14054 <-> SPYWARE-PUT Adware AdwareALERT runtime detection - auto update (spyware-put.rules, Low) 14055 <-> SPYWARE-PUT Hijacker rediff toolbar runtime detection - hijack ie auto search (spyware-put.rules, Low) 14060 <-> SPYWARE-PUT Hijacker cpush 2 runtime detection - auto update (spyware-put.rules, Low) 14061 <-> SPYWARE-PUT Trickler antimalware guard runtime detection - order/register request (spyware-put.rules, Low) 14062 <-> SPYWARE-PUT Trickler antimalware guard runtime detection - auto update (spyware-put.rules, Low) 14063 <-> SPYWARE-PUT Hijacker cashon runtime detection - hijack ie searches (spyware-put.rules, Low) 14064 <-> SPYWARE-PUT Hijacker cashon runtime detection - auto update (spyware-put.rules, Low) 14078 <-> SPYWARE-PUT Adware winspywareprotect runtime detection - download malicous code (spyware-put.rules, Low) 14080 <-> SPYWARE-PUT Adware winspywareprotect runtime detection - connection to malicious server (spyware-put.rules, Low) 14986 <-> SHELLCODE x86 fldz get eip shellcode (shellcode.rules, High) 15424 <-> WEB-PHP phpBB mod shoutbox sql injection attempt (web-php.rules, High) 15425 <-> WEB-PHP phpBB mod tag board sql injection attempt (web-php.rules, High) 15432 <-> WEB-PHP wordpress cat parameter arbitrary file execution attempt (web-php.rules, High) 15476 <-> SPYWARE-PUT Waledac spam bot HTTP POST request (spyware-put.rules, Low) 15560 <-> CHAT Yahoo Messenger web client activity (chat.rules, High) 15561 <-> CHAT AOL Aimexpress web client login (chat.rules, High) 15566 <-> SPYWARE-PUT Gumblar HTTP GET request attempt (spyware-put.rules, High) 15567 <-> SPYWARE-PUT Martuz HTTP GET request attempt (spyware-put.rules, High) 15576 <-> CHAT MSN Messenger web client login (chat.rules, High) 15577 <-> CHAT MSN Messenger web client activity (chat.rules, High) 15874 <-> SQL union select - possible sql injection attempt - POST parameter (sql.rules, Medium) 15875 <-> SQL generic sql insert injection atttempt - POST parameter (sql.rules, High) 15876 <-> SQL generic sql update injection attempt - POST parameter (sql.rules, High) 15877 <-> SQL generic sql exec injection attempt - POST parameter (sql.rules, High) 16061 <-> MISC X PixMap file download (misc.rules, Low) 16079 <-> WEB-CGI uselang code injection (web-cgi.rules, High) 16114 <-> SPYWARE-PUT Hijacker cramtoolbar runtime detection - hijack (spyware-put.rules, Low) 16115 <-> SPYWARE-PUT Hijacker cramtoolbar runtime detection - search (spyware-put.rules, Low) 16119 <-> SPYWARE-PUT Adware winreanimator runtime detection - daily update (spyware-put.rules, Low) 16120 <-> SPYWARE-PUT Trackware 6sq toolbar runtime detection (spyware-put.rules, Medium) 16124 <-> SPYWARE-PUT downloader trojan.nsis.agent.s runtime detection (spyware-put.rules, Low) 16138 <-> SPYWARE-PUT Hacker-Tool 0desa msn pass stealer 8.5 runtime detection (spyware-put.rules, Low) 16313 <-> POLICY download of executable content - x-header (policy.rules, High) 16356 <-> WEB-IIS multiple extension code execution attempt (web-iis.rules, High) 16493 <-> SPYWARE-PUT TT-bot botnet contact to C&C server attempt (spyware-put.rules, High) 16496 <-> SPYWARE-PUT Trojan hacktool attempt to contact server (spyware-put.rules, High) 16497 <-> SPYWARE-PUT Tear Application downloader attempt to contact server (spyware-put.rules, High) 16498 <-> SPYWARE-PUT PC Antispyware 2010 FakeAV download/update attempt (spyware-put.rules, High) 16521 <-> WEB-CLIENT Squid Proxy http version number overflow attempt (web-client.rules, High) 16525 <-> CHAT MSN Messenger web login attempt (chat.rules, High) 16551 <-> SPYWARE-PUT Malware contact to server attempt (spyware-put.rules, High) 16592 <-> SPECIFIC-THREATS Opera asynchronous document modifications attempted memory corruption (specific-threats.rules, High)
