Sourcefire VRT Rules Update

Date: 2010-05-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.

The format of the file is:

sid - Message (rule group, priority)

New rules:
16606 <-> ORACLE BEA WebLogic Server Plug-ins Certificate overflow attempt (oracle.rules, High)
16607 <-> SPECIFIC-THREATS RealPlayer RAM Download Handler ActiveX exploit attempt (specific-threats.rules, High)
16610 <-> SPECIFIC-THREATS IBM Access Support ActiveX GetXMLValue method buffer overflow attempt (specific-threats.rules, High)
16611 <-> WEB-MISC Apache 413 error HTTP request method cross-site scripting attack (web-misc.rules, High)
16612 <-> WEB-CLIENT Firefox oversized SOCKS5 DNS reply memory corruption attempt (web-client.rules, High)
16613 <-> BACKDOOR c99shell.php command request - cmd (backdoor.rules, High)
16614 <-> BACKDOOR c99shell.php command request - search (backdoor.rules, High)
16615 <-> BACKDOOR c99shell.php command request - upload (backdoor.rules, High)
16616 <-> BACKDOOR c99shell.php command request - about (backdoor.rules, High)
16617 <-> BACKDOOR c99shell.php command request - encoder (backdoor.rules, High)
16618 <-> BACKDOOR c99shell.php command request - bind (backdoor.rules, High)
16619 <-> BACKDOOR c99shell.php command request - ps_aux (backdoor.rules, High)
16620 <-> BACKDOOR c99shell.php command request - ftpquickbrute (backdoor.rules, High)
16621 <-> BACKDOOR c99shell.php command request - security (backdoor.rules, High)
16622 <-> BACKDOOR c99shell.php command request - sql (backdoor.rules, High)
16623 <-> BACKDOOR c99shell.php command request - eval (backdoor.rules, High)
16624 <-> BACKDOOR c99shell.php command request - feedback (backdoor.rules, High)
16625 <-> BACKDOOR c99shell.php command request - selfremove (backdoor.rules, High)
16626 <-> BACKDOOR c99shell.php command request - fsbuff (backdoor.rules, High)
16627 <-> BACKDOOR c99shell.php command request - ls (backdoor.rules, High)
16628 <-> BACKDOOR c99shell.php command request - phpinfo (backdoor.rules, High)
16629 <-> POLICY download of .bin file (policy.rules, Low)
16630 <-> POLICY download of .dat file (policy.rules, Low)
16631 <-> SPECIFIC-THREATS Safari image use after remove attempt (specific-threats.rules, High)
16632 <-> SPECIFIC-THREATS Safari image use after reparent attempt (specific-threats.rules, High)

Updated rules:
 241 <-> DELETED DDOS shaft synflood (deleted.rules, Medium)
 721 <-> DELETED POLICY Potentially unauthorized file attachment (deleted.rules, Medium)
 830 <-> DELETED WEB-CGI NPH-publish access (deleted.rules, Medium)
 841 <-> DELETED WEB-CGI pfdisplay.cgi access (deleted.rules, Medium)
 855 <-> DELETED WEB-CGI edit.pl access (deleted.rules, Medium)
 874 <-> DELETED WEB-CGI w3-msql solaris x86  access (deleted.rules, Medium)
 884 <-> DELETED WEB-CGI formmail access (deleted.rules, Medium)
 893 <-> DELETED WEB-CGI MachineInfo access (deleted.rules, Medium)
 970 <-> DELETED WEB-IIS multiple decode attempt (deleted.rules, High)
 976 <-> WEB-MISC .bat? access (web-misc.rules, Medium)
 989 <-> BACKDOOR sensepost.exe command shell attempt (backdoor.rules, Medium)
1001 <-> WEB-MISC carbo.dll access (web-misc.rules, Medium)
1049 <-> DELETED WEB-MISC iPlanet ../../ DOS attempt (deleted.rules, High)
1054 <-> WEB-MISC weblogic/tomcat .jsp view source attempt (web-misc.rules, High)
1055 <-> DELETED WEB-MISC Tomcat directory traversal attempt (deleted.rules, High)
1056 <-> WEB-MISC Tomcat view source attempt (web-misc.rules, High)
1065 <-> WEB-MISC rcmd attempt (web-misc.rules, Medium)
1072 <-> WEB-MISC Lotus Domino directory traversal (web-misc.rules, High)
1073 <-> WEB-MISC webhits.exe access (web-misc.rules, Medium)
1080 <-> WEB-MISC unify eWave ServletExec upload (web-misc.rules, High)
1081 <-> WEB-MISC Netscape Servers suite DOS (web-misc.rules, High)
1083 <-> WEB-MISC unify eWave ServletExec DOS (web-misc.rules, Medium)
1084 <-> WEB-MISC Allaire JRUN DOS attempt (web-misc.rules, High)
1091 <-> WEB-MISC ICQ Webfront HTTP DOS (web-misc.rules, High)
1094 <-> DELETED WEB-CGI webstore directory traversal (deleted.rules, High)
1095 <-> WEB-MISC Talentsoft Web+ Source Code view access (web-misc.rules, High)
1096 <-> WEB-MISC Talentsoft Web+ internal IP Address access (web-misc.rules, Medium)
1098 <-> WEB-MISC SmartWin CyberOffice Shopping Cart access (web-misc.rules, High)
1099 <-> WEB-MISC cybercop scan (web-misc.rules, Medium)
1102 <-> WEB-MISC nessus 1.X 404 probe (web-misc.rules, High)
1103 <-> WEB-MISC Netscape admin passwd (web-misc.rules, High)
1105 <-> WEB-MISC BigBrother access (web-misc.rules, Medium)
1107 <-> WEB-MISC ftp.pl access (web-misc.rules, Medium)
1108 <-> WEB-MISC Tomcat server snoop access (web-misc.rules, Medium)
1109 <-> WEB-MISC ROXEN directory list attempt (web-misc.rules, Medium)
1110 <-> WEB-MISC apache source.asp file access (web-misc.rules, Medium)
1111 <-> WEB-MISC Tomcat server exploit access (web-misc.rules, Medium)
1114 <-> DELETED WEB-MISC prefix-get // (deleted.rules, Medium)
1115 <-> WEB-MISC ICQ webserver DOS (web-misc.rules, Medium)
1116 <-> WEB-MISC Lotus DelDoc attempt (web-misc.rules, Medium)
1117 <-> WEB-MISC Lotus EditDoc attempt (web-misc.rules, Medium)
1119 <-> WEB-MISC mlog.phtml access (web-misc.rules, Medium)
1120 <-> WEB-MISC mylog.phtml access (web-misc.rules, Medium)
1121 <-> DELETED WEB-MISC O'Reilly args.bat access (deleted.rules, Medium)
1123 <-> WEB-MISC ?PageServices access (web-misc.rules, Medium)
1124 <-> WEB-MISC Ecommerce check.txt access (web-misc.rules, Medium)
1125 <-> WEB-MISC webcart access (web-misc.rules, Medium)
1126 <-> WEB-MISC AuthChangeUrl access (web-misc.rules, Medium)
1127 <-> WEB-MISC convert.bas access (web-misc.rules, Medium)
1128 <-> WEB-MISC cpshost.dll access (web-misc.rules, Medium)
1129 <-> WEB-MISC .htaccess access (web-misc.rules, Medium)
1130 <-> WEB-MISC .wwwacl access (web-misc.rules, Medium)
1131 <-> WEB-MISC .wwwacl access (web-misc.rules, Medium)
1140 <-> WEB-MISC guestbook.pl access (web-misc.rules, Medium)
1141 <-> WEB-MISC handler access (web-misc.rules, Medium)
1143 <-> DELETED WEB-MISC ///cgi-bin access (deleted.rules, Medium)
1144 <-> DELETED WEB-MISC /cgi-bin/// access (deleted.rules, Medium)
1145 <-> WEB-MISC /~root access (web-misc.rules, Medium)
1146 <-> WEB-MISC Ecommerce import.txt access (web-misc.rules, Medium)
1147 <-> WEB-MISC cat%20 access (web-misc.rules, Medium)
1148 <-> WEB-MISC Ecommerce import.txt access (web-misc.rules, Medium)
1150 <-> WEB-MISC Domino catalog.nsf access (web-misc.rules, Medium)
1151 <-> WEB-MISC Domino domcfg.nsf access (web-misc.rules, Medium)
1152 <-> WEB-MISC Domino domlog.nsf access (web-misc.rules, Medium)
1153 <-> WEB-MISC Domino log.nsf access (web-misc.rules, Medium)
1154 <-> WEB-MISC Domino names.nsf access (web-misc.rules, Medium)
1155 <-> WEB-MISC Ecommerce checks.txt access (web-misc.rules, Medium)
1157 <-> WEB-MISC Netscape PublishingXpert access (web-misc.rules, Medium)
1158 <-> WEB-MISC windmail.exe access (web-misc.rules, Medium)
1159 <-> WEB-MISC webplus access (web-misc.rules, Medium)
1160 <-> WEB-MISC Netscape dir index wp (web-misc.rules, Medium)
1162 <-> WEB-MISC cart 32 AdminPwd access (web-misc.rules, Medium)
1164 <-> WEB-MISC shopping cart access (web-misc.rules, Medium)
1166 <-> WEB-MISC ws_ftp.ini access (web-misc.rules, Medium)
1167 <-> WEB-MISC rpm_query access (web-misc.rules, Medium)
1168 <-> WEB-MISC mall log order access (web-misc.rules, Medium)
1173 <-> WEB-MISC architext_query.pl access (web-misc.rules, Medium)
1175 <-> WEB-MISC wwwboard.pl access (web-misc.rules, Medium)
1176 <-> DELETED WEB-MISC order.log access (deleted.rules, Medium)
1177 <-> WEB-MISC Netscape Enterprise Server directory view (web-misc.rules, Medium)
1180 <-> WEB-MISC get32.exe access (web-misc.rules, Medium)
1181 <-> WEB-MISC Annex Terminal DOS attempt (web-misc.rules, Medium)
1182 <-> DELETED WEB-MISC cgitest.exe attempt (deleted.rules, High)
1183 <-> WEB-MISC Netscape Enterprise Server directory view (web-misc.rules, Medium)
1184 <-> WEB-MISC Netscape Enterprise Server directory view (web-misc.rules, Medium)
1186 <-> WEB-MISC Netscape Enterprise Server directory view (web-misc.rules, Medium)
1187 <-> WEB-MISC SalesLogix Eviewer web command attempt (web-misc.rules, High)
1188 <-> WEB-MISC Netscape Enterprise Server directory view (web-misc.rules, Medium)
1189 <-> WEB-MISC Netscape Enterprise Server directory view (web-misc.rules, Medium)
1190 <-> WEB-MISC Netscape Enterprise Server directory view (web-misc.rules, Medium)
1191 <-> WEB-MISC Netscape Enterprise Server directory view (web-misc.rules, Medium)
1192 <-> WEB-MISC Trend Micro OfficeScan access (web-misc.rules, Medium)
1193 <-> WEB-MISC oracle web arbitrary command execution attempt (web-misc.rules, High)
1198 <-> WEB-MISC Netscape Enterprise Server directory view (web-misc.rules, High)
1202 <-> WEB-MISC search.vts access (web-misc.rules, Medium)
1207 <-> WEB-MISC htgrep access (web-misc.rules, Medium)
1209 <-> WEB-MISC .nsconfig access (web-misc.rules, Medium)
1212 <-> WEB-MISC Admin_files access (web-misc.rules, Medium)
1213 <-> WEB-MISC backup access (web-misc.rules, Medium)
1214 <-> WEB-MISC intranet access (web-misc.rules, Medium)
1216 <-> WEB-MISC filemail access (web-misc.rules, Medium)
1217 <-> WEB-MISC plusmail access (web-misc.rules, Medium)
1218 <-> WEB-MISC adminlogin access (web-misc.rules, Medium)
1220 <-> WEB-MISC ultraboard access (web-misc.rules, Medium)
1221 <-> WEB-MISC Muscat Empower cgi access (web-misc.rules, Medium)
1224 <-> WEB-MISC ROADS search.pl attempt (web-misc.rules, Medium)
1230 <-> WEB-MISC VirusWall FtpSave access (web-misc.rules, Medium)
1231 <-> WEB-MISC VirusWall catinfo access (web-misc.rules, Medium)
1233 <-> WEB-CLIENT Outlook EML access (web-client.rules, High)
1234 <-> WEB-MISC VirusWall FtpSaveCSP access (web-misc.rules, Medium)
1235 <-> WEB-MISC VirusWall FtpSaveCVP access (web-misc.rules, Medium)
1236 <-> DELETED WEB-MISC Tomcat sourecode view (deleted.rules, Medium)
1237 <-> DELETED WEB-MISC Tomcat sourecode view (deleted.rules, Medium)
1238 <-> DELETED WEB-MISC Tomcat sourecode view (deleted.rules, Medium)
1241 <-> WEB-MISC SWEditServlet directory traversal attempt (web-misc.rules, High)
1246 <-> DELETED WEB-FRONTPAGE rad overflow attempt (deleted.rules, High)
1247 <-> DELETED WEB-FRONTPAGE rad overflow attempt (deleted.rules, High)
1250 <-> WEB-MISC Cisco IOS HTTP configuration attempt (web-misc.rules, High)
1258 <-> WEB-MISC HP OpenView Manager DOS (web-misc.rules, Low)
1259 <-> WEB-MISC SWEditServlet access (web-misc.rules, Medium)
1284 <-> WEB-CLIENT readme.eml download attempt (web-client.rules, High)
1287 <-> DELETED WEB-IIS scripts access (deleted.rules, Medium)
1291 <-> WEB-MISC sml3com access (web-misc.rules, Medium)
1302 <-> WEB-MISC console.exe access (web-misc.rules, Medium)
1303 <-> WEB-MISC cs.exe access (web-misc.rules, Medium)
1328 <-> DELETED WEB-ATTACKS /bin/ps command attempt (deleted.rules, High)
1329 <-> DELETED WEB-ATTACKS ps command attempt (deleted.rules, High)
1368 <-> DELETED WEB-ATTACKS /bin/ls| command attempt (deleted.rules, High)
1369 <-> DELETED WEB-ATTACKS /bin/ls command attempt (deleted.rules, High)
1374 <-> WEB-MISC .htgroup access (web-misc.rules, Medium)
1376 <-> WEB-MISC jrun directory browse attempt (web-misc.rules, High)
1381 <-> WEB-MISC Trend Micro OfficeScan attempt (web-misc.rules, Medium)
1385 <-> WEB-MISC mod-plsql administration access (web-misc.rules, Medium)
1389 <-> DELETED viewcode.jse access (deleted.rules, Medium)
1403 <-> DELETED WEB-MISC viewcode access (deleted.rules, High)
1404 <-> DELETED WEB-MISC showcode access (deleted.rules, High)
1433 <-> WEB-MISC .history access (web-misc.rules, High)
1434 <-> WEB-MISC .bash_history access (web-misc.rules, High)
1477 <-> DELETED WEB-CGI swc attempt (deleted.rules, Medium)
1484 <-> DELETED WEB-IIS /isapi/tstisapi.dll access (deleted.rules, Medium)
1489 <-> WEB-MISC /~nobody access (web-misc.rules, High)
1492 <-> WEB-MISC RBS ISP /newuser  directory traversal attempt (web-misc.rules, High)
1493 <-> WEB-MISC RBS ISP /newuser access (web-misc.rules, Medium)
1500 <-> WEB-MISC ExAir access (web-misc.rules, Medium)
1519 <-> WEB-MISC apache ?M=D directory list attempt (web-misc.rules, Medium)
1520 <-> WEB-MISC server-info access (web-misc.rules, Medium)
1521 <-> WEB-MISC server-status access (web-misc.rules, Medium)
1522 <-> WEB-MISC ans.pl attempt (web-misc.rules, High)
1523 <-> WEB-MISC ans.pl access (web-misc.rules, Medium)
1525 <-> WEB-MISC Axis Storpoint CD access (web-misc.rules, Medium)
1526 <-> WEB-MISC basilix sendmail.inc access (web-misc.rules, Medium)
1527 <-> WEB-MISC basilix mysql.class access (web-misc.rules, Medium)
1528 <-> WEB-MISC BBoard access (web-misc.rules, Medium)
1544 <-> WEB-MISC Cisco Catalyst command execution attempt (web-misc.rules, Medium)
1551 <-> WEB-MISC /CVS/Entries access (web-misc.rules, Medium)
1552 <-> WEB-MISC cvsweb version access (web-misc.rules, Medium)
1553 <-> DELETED WEB-CGI /cart/cart.cgi access (deleted.rules, Medium)
1559 <-> WEB-MISC /doc/packages access (web-misc.rules, Medium)
1560 <-> WEB-MISC /doc/ access (web-misc.rules, Medium)
1561 <-> DELETED WEB-MISC ?open access (deleted.rules, Medium)
1563 <-> WEB-MISC login.htm attempt (web-misc.rules, Medium)
1564 <-> WEB-MISC login.htm access (web-misc.rules, Medium)
1575 <-> WEB-MISC Domino mab.nsf access (web-misc.rules, Medium)
1576 <-> WEB-MISC Domino cersvr.nsf access (web-misc.rules, Medium)
1577 <-> WEB-MISC Domino setup.nsf access (web-misc.rules, Medium)
1578 <-> WEB-MISC Domino statrep.nsf access (web-misc.rules, Medium)
1579 <-> WEB-MISC Domino webadmin.nsf access (web-misc.rules, Medium)
1580 <-> WEB-MISC Domino events4.nsf access (web-misc.rules, Medium)
1581 <-> WEB-MISC Domino ntsync4.nsf access (web-misc.rules, Medium)
1582 <-> WEB-MISC Domino collect4.nsf access (web-misc.rules, Medium)
1583 <-> WEB-MISC Domino mailw46.nsf access (web-misc.rules, Medium)
1584 <-> WEB-MISC Domino bookmark.nsf access (web-misc.rules, Medium)
1585 <-> WEB-MISC Domino agentrunner.nsf access (web-misc.rules, Medium)
1586 <-> WEB-MISC Domino mail.box access (web-misc.rules, Medium)
1587 <-> WEB-MISC cgitest.exe access (web-misc.rules, Medium)
1588 <-> WEB-MISC SalesLogix Eviewer access (web-misc.rules, Medium)
1589 <-> WEB-MISC musicat empower attempt (web-misc.rules, High)
1609 <-> DELETED WEB-CGI faxsurvey arbitrary file read attempt (deleted.rules, High)
1612 <-> WEB-MISC ftp.pl attempt (web-misc.rules, High)
1613 <-> WEB-MISC handler attempt (web-misc.rules, High)
1614 <-> WEB-MISC Novell Groupwise gwweb.exe attempt (web-misc.rules, Medium)
1615 <-> WEB-MISC htgrep attempt (web-misc.rules, High)
1619 <-> DELETED EXPERIMENTAL WEB-IIS .htr request (deleted.rules, Medium)
1647 <-> DELETED WEB-CGI faxsurvey attempt full path (deleted.rules, High)
1653 <-> DELETED WEB-CGI campus access (deleted.rules, Medium)
1662 <-> WEB-MISC /~ftp access (web-misc.rules, Medium)
1663 <-> WEB-MISC *%20.pl access (web-misc.rules, High)
1664 <-> WEB-MISC mkplog.exe access (web-misc.rules, Medium)
1665 <-> DELETED WEB-MISC mkilog.exe access (deleted.rules, Medium)
1670 <-> WEB-MISC /home/ftp access (web-misc.rules, Medium)
1671 <-> WEB-MISC /home/www access (web-misc.rules, Medium)
1738 <-> WEB-MISC global.inc access (web-misc.rules, High)
1749 <-> DELETED EXPERIMENTAL WEB-IIS .NET trace.axd access (deleted.rules, High)
1757 <-> WEB-MISC b2 arbitrary command execution attempt (web-misc.rules, High)
1758 <-> DELETED WEB-MISC b2 access (deleted.rules, High)
1766 <-> WEB-MISC search.dll directory listing attempt (web-misc.rules, High)
1767 <-> WEB-MISC search.dll access (web-misc.rules, Medium)
1769 <-> WEB-MISC .DS_Store access (web-misc.rules, Medium)
1770 <-> WEB-MISC .FBCIndex access (web-misc.rules, Medium)
1801 <-> DELETED WEB-IIS .asp HTTP header buffer overflow attempt (deleted.rules, High)
1814 <-> WEB-MISC CISCO VoIP DOS ATTEMPT (web-misc.rules, Medium)
1820 <-> WEB-MISC IBM Net.Commerce orderdspc.d2w access (web-misc.rules, Medium)
1826 <-> WEB-MISC WEB-INF access (web-misc.rules, Medium)
1827 <-> WEB-MISC Tomcat servlet mapping cross site scripting attempt (web-misc.rules, High)
1828 <-> WEB-MISC iPlanet Search directory traversal attempt (web-misc.rules, High)
1829 <-> WEB-MISC Tomcat TroubleShooter servlet access (web-misc.rules, Medium)
1830 <-> WEB-MISC Tomcat SnoopServlet servlet access (web-misc.rules, Medium)
1831 <-> WEB-MISC jigsaw dos attempt (web-misc.rules, High)
1835 <-> WEB-MISC Macromedia SiteSpring cross site scripting attempt (web-misc.rules, High)
1839 <-> WEB-MISC mailman cross site scripting attempt (web-misc.rules, High)
1847 <-> WEB-MISC webalizer access (web-misc.rules, Medium)
1848 <-> WEB-MISC webcart-lite access (web-misc.rules, Medium)
1849 <-> WEB-MISC webfind.exe access (web-misc.rules, Medium)
1851 <-> WEB-MISC active.log access (web-misc.rules, Medium)
1852 <-> WEB-MISC robots.txt access (web-misc.rules, Medium)
1857 <-> WEB-MISC robot.txt access (web-misc.rules, Medium)
1871 <-> WEB-MISC Oracle XSQLConfig.xml access (web-misc.rules, Medium)
1872 <-> WEB-MISC Oracle Dynamic Monitoring Services dms access (web-misc.rules, Medium)
1873 <-> WEB-MISC globals.jsa access (web-misc.rules, Medium)
1874 <-> WEB-MISC Oracle Java Process Manager access (web-misc.rules, Medium)
1880 <-> WEB-MISC oracle web application server access (web-misc.rules, Medium)
1943 <-> WEB-MISC /Carello/add.exe access (web-misc.rules, Medium)
1944 <-> WEB-MISC /ecscripts/ecware.exe access (web-misc.rules, Medium)
1969 <-> WEB-MISC ion-p access (web-misc.rules, Medium)
1979 <-> WEB-MISC perl post attempt (web-misc.rules, High)
2057 <-> WEB-MISC helpout.exe access (web-misc.rules, Medium)
2058 <-> WEB-MISC MsmMask.exe attempt (web-misc.rules, High)
2059 <-> WEB-MISC MsmMask.exe access (web-misc.rules, Medium)
2060 <-> WEB-MISC DB4Web access (web-misc.rules, Medium)
2061 <-> WEB-MISC Tomcat null byte directory listing attempt (web-misc.rules, High)
2062 <-> WEB-MISC iPlanet .perf access (web-misc.rules, Medium)
2063 <-> WEB-MISC Demarc SQL injection attempt (web-misc.rules, Medium)
2064 <-> DELETED WEB-MISC Lotus Notes .csp script source download attempt (deleted.rules, High)
2065 <-> WEB-MISC Lotus Notes .csp script source download attempt (web-misc.rules, High)
2066 <-> WEB-MISC Lotus Notes .pl script source download attempt (web-misc.rules, High)
2067 <-> WEB-MISC Lotus Notes .exe script source download attempt (web-misc.rules, High)
2068 <-> WEB-MISC BitKeeper arbitrary command attempt (web-misc.rules, High)
2069 <-> WEB-MISC chip.ini access (web-misc.rules, Medium)
2070 <-> WEB-MISC post32.exe arbitrary command attempt (web-misc.rules, High)
2071 <-> WEB-MISC post32.exe access (web-misc.rules, Medium)
2072 <-> WEB-MISC lyris.pl access (web-misc.rules, Medium)
2073 <-> WEB-MISC globals.pl access (web-misc.rules, Medium)
2135 <-> WEB-MISC philboard.mdb access (web-misc.rules, Medium)
2136 <-> WEB-MISC philboard_admin.asp authentication bypass attempt (web-misc.rules, High)
2137 <-> WEB-MISC philboard_admin.asp access (web-misc.rules, Medium)
2138 <-> WEB-MISC logicworks.ini access (web-misc.rules, Medium)
2139 <-> WEB-MISC /*.shtml access (web-misc.rules, Medium)
2156 <-> WEB-MISC mod_gzip_status access (web-misc.rules, Medium)
2231 <-> WEB-MISC register.dll access (web-misc.rules, Medium)
2232 <-> WEB-MISC ContentFilter.dll access (web-misc.rules, Medium)
2233 <-> WEB-MISC SFNofitication.dll access (web-misc.rules, Medium)
2234 <-> WEB-MISC TOP10.dll access (web-misc.rules, Medium)
2235 <-> WEB-MISC SpamExcp.dll access (web-misc.rules, Medium)
2236 <-> WEB-MISC spamrule.dll access (web-misc.rules, Medium)
2237 <-> WEB-MISC cgiWebupdate.exe access (web-misc.rules, Medium)
2238 <-> WEB-MISC WebLogic ConsoleHelp view source attempt (web-misc.rules, High)
2239 <-> WEB-MISC redirect.exe access (web-misc.rules, Medium)
2240 <-> WEB-MISC changepw.exe access (web-misc.rules, Medium)
2241 <-> WEB-MISC cwmail.exe access (web-misc.rules, Medium)
2242 <-> WEB-MISC ddicgi.exe access (web-misc.rules, Medium)
2243 <-> WEB-MISC ndcgi.exe access (web-misc.rules, Medium)
2244 <-> WEB-MISC VsSetCookie.exe access (web-misc.rules, Medium)
2245 <-> WEB-MISC Webnews.exe access (web-misc.rules, Medium)
2246 <-> WEB-MISC webadmin.dll access (web-misc.rules, Medium)
2276 <-> WEB-MISC oracle portal demo access (web-misc.rules, Medium)
2277 <-> WEB-MISC PeopleSoft PeopleBooks psdoccgi access (web-misc.rules, Medium)
2327 <-> WEB-MISC bsml.pl access (web-misc.rules, Medium)
2369 <-> WEB-MISC ISAPISkeleton.dll access (web-misc.rules, Medium)
2370 <-> WEB-MISC BugPort config.conf file access (web-misc.rules, Medium)
2371 <-> WEB-MISC Sample_showcode.html access (web-misc.rules, Medium)
2381 <-> WEB-MISC Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt (web-misc.rules, High)
2395 <-> WEB-MISC InteractiveQuery.jsp access (web-misc.rules, Medium)
2400 <-> WEB-MISC edittag.pl access (web-misc.rules, Medium)
2407 <-> WEB-MISC util.pl access (web-misc.rules, Medium)
2408 <-> WEB-MISC Invision Power Board search.pl access (web-misc.rules, Medium)
2418 <-> MISC MS Terminal Server no encryption session initiation attempt (misc.rules, Medium)
2435 <-> WEB-CLIENT Microsoft emf metafile access (web-client.rules, High)
2436 <-> WEB-CLIENT Microsoft wmf metafile access (web-client.rules, High)
2447 <-> WEB-MISC ServletManager access (web-misc.rules, Medium)
2448 <-> WEB-MISC setinfo.hts access (web-misc.rules, Medium)
2484 <-> WEB-MISC source.jsp access (web-misc.rules, Medium)
2527 <-> SMTP STARTTLS attempt (smtp.rules, Low)
2569 <-> WEB-MISC cPanel resetpass access (web-misc.rules, Medium)
2581 <-> WEB-MISC Crystal Reports crystalimagehandler.aspx access (web-misc.rules, Medium)
2582 <-> WEB-MISC Crystal Reports crystalImageHandler.aspx directory traversal attempt (web-misc.rules, High)
2585 <-> WEB-MISC nessus 2.x 404 probe (web-misc.rules, Medium)
2672 <-> WEB-MISC sresult.exe access (web-misc.rules, Medium)
2701 <-> WEB-MISC Oracle iSQLPlus sid overflow attempt (web-misc.rules, High)
2702 <-> WEB-MISC Oracle iSQLPlus username overflow attempt (web-misc.rules, High)
2703 <-> WEB-MISC Oracle iSQLPlus login.uix username overflow attempt (web-misc.rules, High)
2704 <-> WEB-MISC Oracle 10g iSQLPlus login.unix connectID overflow attempt (web-misc.rules, High)
2950 <-> DELETED NETBIOS SMB too many stacked requests (deleted.rules, Low)
3079 <-> WEB-CLIENT Microsoft ANI file parsing overflow (web-client.rules, High)
3086 <-> WEB-MISC 3Com 3CRADSL72 ADSL 11g Wireless Router app_sta.stm access attempt (web-misc.rules, Medium)
3467 <-> WEB-MISC CISCO VoIP Portinformation access (web-misc.rules, Medium)
3549 <-> DELETED WEB-CLIENT HTML DOM invalid DHTML element creation attempt (deleted.rules, High)
3551 <-> WEB-CLIENT .hta download attempt (web-client.rules, Low)
3676 <-> WEB-MISC newsscript.pl admin attempt (web-misc.rules, High)
3816 <-> WEB-MISC BadBlue ext.dll buffer overflow attempt (web-misc.rules, High)
3819 <-> WEB-CLIENT multipacket CHM file transfer start (web-client.rules, Low)
3822 <-> WEB-MISC Real Player realtext long URI request (web-misc.rules, Low)
4650 <-> WEB-MISC cacti graph_image.php access (web-misc.rules, Medium)
4985 <-> WEB-MISC Twiki rdiff rev command injection attempt (web-misc.rules, High)
4986 <-> WEB-MISC Twiki view rev command injection attempt (web-misc.rules, High)
4987 <-> WEB-MISC Twiki viewfile rev command injection attempt (web-misc.rules, High)
4988 <-> WEB-MISC Barracuda IMG.PL directory traversal attempt (web-misc.rules, High)
5320 <-> DELETED VIRUS Possible Sober virus set one call home attempt (deleted.rules, Medium)
5324 <-> DELETED VIRUS Possible Sober virus set two call home attempt (deleted.rules, Medium)
5692 <-> P2P Skype client successful install (p2p.rules, High)
5706 <-> POLICY Namazu incoming namazu.cgi access (policy.rules, Medium)
5707 <-> POLICY Namazu outbound namazu.cgi access (policy.rules, Medium)
5715 <-> WEB-MISC malformed ipv6 uri overflow attempt (web-misc.rules, High)
5740 <-> WEB-CLIENT Microsoft HTML help workshop file .hhp download attempt (web-client.rules, Low)
5804 <-> DELETED SPYWARE-PUT Trackware myway speedbar / mywebsearch toolbar runtime detection - ads (deleted.rules, Medium)
5832 <-> DELETED SPYWARE-PUT Hijacker comet systems runtime search detection - search request 1 (deleted.rules, Low)
5833 <-> DELETED SPYWARE-PUT Hijacker comet systems runtime search detection - search request 2 (deleted.rules, Low)
5869 <-> DELETED SPYWARE-PUT Trickler VX2/ABetterInternet transponder thinstaller runtime detection - download request 1 (deleted.rules, Low)
5870 <-> DELETED SPYWARE-PUT Trickler VX2/ABetterInternet transponder thinstaller runtime detection - download request 2 (deleted.rules, Low)
5877 <-> DELETED SPYWARE-PUT Adware trustyfiles v2.4.0.4 runtime detection - startup access (deleted.rules, Low)
5878 <-> DELETED SPYWARE-PUT Adware trustyfiles v2.4.0.4 runtime detection - configuration retrieval (deleted.rules, Low)
5879 <-> DELETED SPYWARE-PUT Adware trustyfiles v2.4.0.4 runtime detection - update notification (deleted.rules, Low)
5912 <-> DELETED SPYWARE-PUT Hijacker webcrawler runtime detection (deleted.rules, Low)
5931 <-> DELETED SPYWARE-PUT Adware cashbar runtime detection - stats track 1 (deleted.rules, Low)
6018 <-> BACKDOOR dsk lite 1.0 runtime detection - icq notification (backdoor.rules, High)
6019 <-> BACKDOOR dsk lite 1.0 runtime detection - cgi notification (backdoor.rules, High)
6020 <-> BACKDOOR dsk lite 1.0 runtime detection - php notification (backdoor.rules, High)
6023 <-> BACKDOOR silent spy 2.10 runtime detection - icq notification (backdoor.rules, High)
6029 <-> BACKDOOR fkwp 2.0 runtime detection - icq notification (backdoor.rules, High)
6039 <-> BACKDOOR fade 1.0 runtime detection - notification (backdoor.rules, High)
6042 <-> BACKDOOR fear 0.2 runtime detection - php notification (backdoor.rules, High)
6043 <-> BACKDOOR fear 0.2 runtime detection - cgi notification (backdoor.rules, High)
6058 <-> BACKDOOR neurotickat1.3 runtime detection - icq notification (backdoor.rules, High)
6059 <-> BACKDOOR neurotickat1.3 runtime detection - cgi notification (backdoor.rules, High)
6069 <-> BACKDOOR optixlite 1.0 runtime detection - icq notification (backdoor.rules, High)
6115 <-> BACKDOOR optix 1.32 runtime detection - icq notification (backdoor.rules, High)
6135 <-> DELETED BACKDOOR clindestine 1.0 icq notification of server installation (deleted.rules, High)
6210 <-> DELETED SPYWARE-PUT Adware deskwizz runtime detection - ad banner (deleted.rules, Low)
6217 <-> DELETED SPYWARE-PUT Adware aornum/iwon copilot runtime detection - ads 1 (deleted.rules, Low)
6226 <-> DELETED SPYWARE-PUT Adware exact.bargainbuddy runtime detection - ads - request (deleted.rules, Low)
6229 <-> DELETED SPYWARE-PUT Adware exact.bargainbuddy runtime detection - adp ads (deleted.rules, Low)
6231 <-> DELETED SPYWARE-PUT Adware mirar runtime detection - search (deleted.rules, Low)
6235 <-> DELETED SPYWARE-PUT Adware spoton runtime detection (deleted.rules, Low)
6262 <-> DELETED SPYWARE-PUT Hijacker gigatech superbar runtime detection - hijack ie auto search (deleted.rules, Low)
6272 <-> DELETED SPYWARE-PUT Adware bundleware ds3 runtime detection - initial connection (deleted.rules, Low)
6273 <-> DELETED SPYWARE-PUT Adware bundleware ds3 runtime detection - pop-up retreival (deleted.rules, Low)
6276 <-> DELETED SPYWARE-PUT Hijacker incredifind runtime detection - autosearch (deleted.rules, Low)
6277 <-> DELETED SPYWARE-PUT Hijacker navexcel runtime detection (deleted.rules, Low)
6291 <-> BACKDOOR justjoke v2.6 runtime detection (backdoor.rules, High)
6296 <-> BACKDOOR insurrection 1.1.0 runtime detection - icq notification 1 (backdoor.rules, High)
6297 <-> BACKDOOR insurrection 1.1.0 runtime detection - icq notification 2 (backdoor.rules, High)
6300 <-> BACKDOOR cia 1.3 runtime detection - icq notification (backdoor.rules, High)
6369 <-> DELETED SPYWARE-PUT Adware flashtrack media runtime detection - download .dll (deleted.rules, Low)
6370 <-> DELETED SPYWARE-PUT Adware flashtrack media runtime detection - download .exe (deleted.rules, Low)
6393 <-> DELETED SPYWARE-PUT Hijacker zeropopup runtime detection - button search (deleted.rules, Low)
6406 <-> POLICY Gizmo VOIP client start-up version check (policy.rules, High)
6474 <-> BACKDOOR w32.loosky.gen@mm runtime detection - notification (backdoor.rules, High)
6485 <-> DELETED SPYWARE-PUT Adware spyfalcon runtime detection - action report (deleted.rules, Low)
6486 <-> DELETED SPYWARE-PUT Adware spyfalcon runtime detection - notification (deleted.rules, Low)
6507 <-> WEB-MISC novell edirectory imonitor overflow attempt (web-misc.rules, High)
7070 <-> WEB-MISC encoded cross site scripting attempt (web-misc.rules, High)
7071 <-> WEB-MISC encoded cross site scripting HTML Image tag set to javascript attempt (web-misc.rules, High)
7073 <-> BACKDOOR w32.dumaru.gen@mm runtime detection - notification (backdoor.rules, High)
7074 <-> BACKDOOR w32.dumaru.gen@mm runtime detection - cmd (backdoor.rules, High)
7076 <-> BACKDOOR minimo v0.6 runtime detection - cgi notification (backdoor.rules, High)
7077 <-> BACKDOOR minimo v0.6 runtime detection - icq notification (backdoor.rules, High)
7131 <-> DELETED SPYWARE-PUT Hijacker wowok mp3 bar runtime detection - tracking (deleted.rules, Low)
7132 <-> DELETED SPYWARE-PUT Hijacker wowok mp3 bar runtime detection - advertising 1 (deleted.rules, Low)
7133 <-> DELETED SPYWARE-PUT Hijacker wowok mp3 bar runtime detection - advertising 2 (deleted.rules, Low)
7134 <-> DELETED SPYWARE-PUT Hijacker wowok mp3 bar runtime detection - search assissant hijacking (deleted.rules, Low)
7637 <-> BACKDOOR hornet 1.0 runtime detection - icq notification (backdoor.rules, High)
7639 <-> BACKDOOR air runtime detection - php notification (backdoor.rules, High)
7640 <-> BACKDOOR air runtime detection - webmail notification (backdoor.rules, High)
7692 <-> BACKDOOR exception 1.0 runtime detection - notification (backdoor.rules, High)
7704 <-> BACKDOOR roach 1.0 server installation notification - email (backdoor.rules, High)
7722 <-> BACKDOOR prorat 1.9 cgi notification detection (backdoor.rules, High)
7742 <-> BACKDOOR nova 1.0 runtime detection - cgi notification client-to-server (backdoor.rules, High)
7762 <-> BACKDOOR analftp 0.1 runtime detection - icq notification (backdoor.rules, High)
7805 <-> BACKDOOR war trojan ver1.0 runtime detection - ie hijacker (backdoor.rules, High)
7858 <-> POLICY Google Desktop initial install - firstuse request (policy.rules, High)
7859 <-> POLICY Google Desktop initial install  - installer request (policy.rules, High)
7860 <-> POLICY Google Desktop search query (policy.rules, High)
8080 <-> BACKDOOR x2a runtime detection - client update (backdoor.rules, High)
8085 <-> WEB-MISC HP Openview NNM connectedNodes.ovpl port 3443 Unix command execution attempt (web-misc.rules, High)
8086 <-> WEB-MISC HP Openview NNM cdpView.ovpl port 3443 Unix command execution attempt (web-misc.rules, High)
8087 <-> WEB-MISC HP Openview NNM freeIPaddrs.ovpl port 3443 Unix command execution attempt (web-misc.rules, High)
8088 <-> WEB-MISC HP Openview NNM connectedNodes.ovpl Unix command execution attempt (web-misc.rules, High)
8089 <-> WEB-MISC HP Openview NNM cdpView.ovpl Unix command execution attempt (web-misc.rules, High)
8090 <-> WEB-MISC HP Openview NNM freeIPaddrs.ovpl Unix command execution attempt (web-misc.rules, High)
9418 <-> SPECIFIC-THREATS bagle.a http notification detection (specific-threats.rules, High)
9620 <-> WEB-MISC pajax call_dispatcher remote exec attempt (web-misc.rules, High)
9653 <-> BACKDOOR apofis 1.0 runtime detection - php notification (backdoor.rules, High)
9791 <-> WEB-MISC .cmd? access (web-misc.rules, Medium)
10196 <-> BACKDOOR Wordpress backdoor feed.php code execution attempt (backdoor.rules, High)
10197 <-> BACKDOOR Wordpress backdoor theme.php code execution attempt (backdoor.rules, High)
10396 <-> DELETED WEB-IIS Internet Data Query query.idq directory traversal attempt (deleted.rules, High)
10397 <-> DELETED WEB-IIS Internet Data Query exair query.idq directory traversal attempt (deleted.rules, High)
10398 <-> DELETED WEB-IIS Internet Data Query exair search.idq directory traversal attempt (deleted.rules, High)
10399 <-> DELETED WEB-IIS Internet Data Query iissamples fastq.idq directory traversal attempt (deleted.rules, High)
10400 <-> DELETED WEB-IIS Internet Data Query iissamples query.idq directory traversal attempt (deleted.rules, High)
10401 <-> DELETED WEB-IIS Internet Data Query prxdocs prxrch.idq directory traversal attempt (deleted.rules, High)
10403 <-> SPECIFIC-THREATS Trojan.Duntek Checkin GET Request (specific-threats.rules, High)
10419 <-> WEB-ACTIVEX HP Mercury Quality Center SPIDERLib ActiveX clsid access (web-activex.rules, High)
10421 <-> WEB-ACTIVEX HP Mercury Quality Center SPIDERLib ActiveX function call access (web-activex.rules, High)
10422 <-> WEB-ACTIVEX HP Mercury Quality Center SPIDERLib ActiveX function call unicode access (web-activex.rules, High)
10447 <-> BACKDOOR 51d 1b runtime detection - icq notification (backdoor.rules, High)
10990 <-> WEB-MISC encoded cross site scripting HTML Image tag attempt (web-misc.rules, High)
11193 <-> WEB-MISC Oracle iSQL Plus cross site scripting attempt (web-misc.rules, High)
11194 <-> WEB-MISC Oracle iSQL Plus cross site scripting attempt (web-misc.rules, High)
11223 <-> WEB-MISC google proxystylesheet arbitrary command execution attempt (web-misc.rules, High)
11616 <-> WEB-MISC Symantec Sygate Policy Manager SQL injection (web-misc.rules, High)
11685 <-> WEB-MISC Oracle iSQL Plus cross site scripting attempt (web-misc.rules, High)
12059 <-> WEB-MISC Oracle iSQL Plus cross site scripting attempt (web-misc.rules, High)
12060 <-> WEB-MISC Oracle iSQL Plus cross site scripting attempt (web-misc.rules, High)
12077 <-> DELETED BACKDOOR c99shell.php command request (deleted.rules, High)
12303 <-> POLICY Google Chat web client connection (policy.rules, High)
12304 <-> POLICY AOL Instant Messenger web client connection (policy.rules, High)
12305 <-> POLICY Yahoo Messenger web client connection (policy.rules, High)
12306 <-> POLICY  Microsoft Messenger web client connection (policy.rules, High)
12455 <-> POLICY Crystal reports download request (policy.rules, High)
12488 <-> DELETED SPYWARE-PUT Adware adblaster 2.0 runtime detection (deleted.rules, Low)
12629 <-> WEB-MISC sharepoint cross site scripting attempt (web-misc.rules, High)
12691 <-> P2P Outbound Joltid PeerEnabler traffic detected (p2p.rules, High)
13302 <-> WEB-CLIENT Apache mod_imagemap cross site scripting attempt (web-client.rules, High)
13465 <-> WEB-CLIENT Microsoft Works file download request (web-client.rules, Low)
13583 <-> WEB-CLIENT Microsoft SYmbolic LinK file download request (web-client.rules, Low)
13584 <-> WEB-CLIENT csv file download request (web-client.rules, Low)
13592 <-> DELETED POLICY Inbound potentially malicious file download attempt (deleted.rules, Medium)
13625 <-> BACKDOOR MBR rootkit HTTP POST activity detected (backdoor.rules, High)
13627 <-> WEB-CLIENT Microsoft Access file download request (web-client.rules, Low)
13628 <-> WEB-CLIENT Microsoft Access file download request (web-client.rules, Low)
13632 <-> WEB-CLIENT Zango adware installation request (web-client.rules, High)
13656 <-> WEB-MISC Cisco Secure Access Control Server UCP Application CSuserCGI.exe buffer overflow attempt (web-misc.rules, High)
13789 <-> DELETED WEB-CLIENT Microsoft Word file download request (deleted.rules, Low)
13856 <-> BACKDOOR wintrim.z runtime detection (backdoor.rules, High)
13862 <-> POLICY Habbo chat client item information download (policy.rules, High)
13876 <-> BACKDOOR zlob.acc runtime detection (backdoor.rules, High)
13877 <-> BACKDOOR trojan-spy.win32.delf.uv runtime detection (backdoor.rules, High)
13911 <-> WEB-CLIENT Microsoft search file download attempt (web-client.rules, Low)
13915 <-> WEB-MISC backup file download attempt (web-misc.rules, Low)
13928 <-> WEB-MISC Adobe RoboHelp r0 SQL injection attempt (web-misc.rules, High)
13929 <-> WEB-MISC Adobe RoboHelp rx SQL injection attempt (web-misc.rules, High)
13941 <-> BACKDOOR trojan agent.nac runtime detection - click fraud (backdoor.rules, High)
13942 <-> BACKDOOR trojan agent.nac runtime detection - call home (backdoor.rules, High)
13944 <-> BACKDOOR trojan downloader small.gy runtime detection - get whitelist (backdoor.rules, High)
13945 <-> BACKDOOR trojan downloader small.gy runtime detection - update (backdoor.rules, High)
13952 <-> DELETED SPECIFIC-THREATS b.js download - possible Asprox trojan attack (deleted.rules, High)
13953 <-> SPECIFIC-THREATS Asprox trojan initial query (specific-threats.rules, High)
13982 <-> WEB-CLIENT Microsoft Powerpoint file download attempt (web-client.rules, Low)
13983 <-> WEB-CLIENT Microsoft Office eps file download (web-client.rules, Low)
14017 <-> WEB-CLIENT MPEG Layer 3 playlist file request (web-client.rules, Low)
14018 <-> WEB-CLIENT PLS multimedia playlist file request (web-client.rules, Low)
14082 <-> BACKDOOR trojan agent.aarm runtime detection - spread via spam (backdoor.rules, High)
14083 <-> BACKDOOR trojan agent.aarm runtime detection - download other malware (backdoor.rules, High)
14084 <-> BACKDOOR infostealer.banker.c runtime detection - download cfg.bin (backdoor.rules, High)
14086 <-> BACKDOOR Adware.Win32.Agent.BM runtime detection #1 (backdoor.rules, High)
14087 <-> BACKDOOR Adware.Win32.Agent.BM runtime detection #2 (backdoor.rules, High)
15013 <-> WEB-MISC Adobe Portable Document Format file download attempt (web-misc.rules, Low)
15123 <-> WEB-CLIENT Rich Text Format file request (web-client.rules, Low)
15158 <-> WEB-MISC XML Shareable Playlist Format file download attempt (web-misc.rules, Low)
15165 <-> BACKDOOR Pushdo client communication attempt (backdoor.rules, High)
15237 <-> WEB-MISC Java .class file download attempt (web-misc.rules, Low)
15239 <-> WEB-MISC RealMedia format file download attempt (web-misc.rules, Low)
15240 <-> WEB-MISC RealMedia format file download attempt (web-misc.rules, Low)
15242 <-> DELETED WEB-CLIENT HP OpenView Network Node Manager Toolbar.exe HTTP request buffer overflow attempt (deleted.rules, High)
15256 <-> ORACLE BPEL process manager XSS injection attempt (oracle.rules, High)
15257 <-> ORACLE Secure Backup common.php variable based command injection attempt (oracle.rules, High)
15258 <-> ORACLE Secure Backup login.php variable based command injection attempt (oracle.rules, High)
15261 <-> ORACLE Secure Backup exec_qr command injection attempt (oracle.rules, High)
15262 <-> ORACLE Secure Backup POST exec_qr command injection attempt (oracle.rules, High)
15263 <-> DELETED BEA WebLogic Apache connector HTTP version denial of service attempt (deleted.rules, Medium)
15294 <-> WEB-CLIENT Microsoft Visio file download request (web-client.rules, Low)
15295 <-> SPECIFIC-THREATS Trojan.Bankpatch.C configuration attempt (specific-threats.rules, High)
15296 <-> SPECIFIC-THREATS Trojan.Bankpatch.C malicious file download attempt (specific-threats.rules, High)
15385 <-> WEB-MISC vqf file request (web-misc.rules, Low)
15426 <-> WEB-CLIENT MAKI file request (web-client.rules, Low)
15427 <-> WEB-MISC SVG file request (web-misc.rules, Low)
15434 <-> WEB-MISC HP OpenView Network Node Manager OvOSLocale parameter buffer overflow attempt (web-misc.rules, High)
15444 <-> WEB-MISC Core Audio Format file download attempt (web-misc.rules, Low)
15463 <-> WEB-CLIENT Microsoft Excel file request (web-client.rules, Low)
15464 <-> WEB-CLIENT Microsoft Excel file request (web-client.rules, Low)
15481 <-> SPECIFIC-THREATS Zeus/Zbot malware config file download request (specific-threats.rules, High)
15483 <-> WEB-MISC Adobe Shockwave Flash file request (web-misc.rules, Low)
15510 <-> WEB-CLIENT Trend Micro OfficeScan Server cgiRecvFile overflow attempt (web-client.rules, High)
15516 <-> WEB-CLIENT AVI multimedia file request (web-client.rules, Low)
15518 <-> WEB-MISC Embedded Open Type Font download request (web-misc.rules, Low)
15553 <-> SPECIFIC-THREATS Sality virus HTTP GET request (specific-threats.rules, High)
15582 <-> WEB-MISC ARJ format file download attempt (web-misc.rules, Low)
15585 <-> WEB-CLIENT Excel file download request (web-client.rules, Low)
15586 <-> WEB-CLIENT Powerpoint file download request (web-client.rules, Low)
15587 <-> WEB-CLIENT Word file download request (web-client.rules, Low)
15865 <-> WEB-CLIENT MP4 file request (web-client.rules, Low)
15870 <-> WEB-MISC 4xm file request (web-misc.rules, Low)
15895 <-> DELETED CHAT Pidgin MSN P2P message 64bit integer overflow attempt (deleted.rules, High)
15898 <-> WEB-MISC Audio Interchange File Format download request (web-misc.rules, Low)
15899 <-> WEB-MISC Audio Interchange File Format file request (web-misc.rules, Low)
15900 <-> WEB-MISC Audio Interchange File Format request (web-misc.rules, Low)
15908 <-> WEB-MISC Trend Micro OfficeScan multiple CGI modules HTTP form processing buffer overflow attempt (web-misc.rules, High)
15921 <-> WEB-CLIENT Microsoft media format file download request (web-client.rules, Low)
15922 <-> WEB-CLIENT mp3 file download request (web-client.rules, Low)
15945 <-> WEB-CLIENT RSS file download request (web-client.rules, Low)
15962 <-> SPECIFIC-THREATS Sybase EAServer WebConsole overflow attempt (specific-threats.rules, High)
15978 <-> WEB-MISC Macromedia JRun 4 mod_jrun buffer overflow attempt (web-misc.rules, High)
15980 <-> WEB-MISC Apache mod_ssl hook functions format string attempt (web-misc.rules, High)
15982 <-> WEB-MISC Ipswitch WhatsUp Gold DOS Device HTTP request denial of service attempt (web-misc.rules, Medium)
15987 <-> WEB-MISC Microsoft Visio DXF file download request (web-misc.rules, Low)
15990 <-> WEB-MISC Macromedia JRun 4.x server file disclosure attempt (web-misc.rules, High)
16002 <-> WEB-CLIENT Apple Mac OS X installer package filename format string vulnerability (web-client.rules, High)
16003 <-> WEB-CLIENT Apple Mac OS X installer package filename format string vulnerability (web-client.rules, High)
16004 <-> WEB-CLIENT Apple Mac OS X installer package filename format string vulnerability (web-client.rules, High)
16052 <-> WEB-CLIENT Novell iManager Tomcat http post handling DoS attempt (web-client.rules, Medium)
16094 <-> BACKDOOR trojan downloader exchan.gen variant runtime detection (backdoor.rules, High)
16097 <-> BACKDOOR trojan win32.agent.vvm runtime detection (backdoor.rules, High)
16098 <-> BACKDOOR win32.cekar variant runtime detection (backdoor.rules, High)
16099 <-> BACKDOOR trojan-dropper.win32.agent.wdv runtime detection (backdoor.rules, High)
16100 <-> BACKDOOR trojan-downloader.win32.delf.phh runtime detection - file.exe (backdoor.rules, High)
16101 <-> BACKDOOR trojan-downloader.win32.delf.phh runtime detection - 57329.exe (backdoor.rules, High)
16102 <-> BACKDOOR trojan-downloader.win32.delf.phh runtime detection - sft_ver1.1454.0.exe (backdoor.rules, High)
16105 <-> BACKDOOR trojan.zlob runtime detection - topqualityads (backdoor.rules, High)
16108 <-> BACKDOOR trojan downloader exchanger.gen2 runtime detection (backdoor.rules, High)
16109 <-> BACKDOOR trojan-downloader.win32.zlob.wwv runtime detection - onestoponlineshop (backdoor.rules, High)
16110 <-> BACKDOOR trojan-downloader.win32.zlob.wwv runtime detection - childhe (backdoor.rules, High)
16111 <-> BACKDOOR trojan-downloader.win32.zlob.wwv installtime detection (backdoor.rules, High)
16112 <-> BACKDOOR trojan downloader.agent.vhb runtime detection - contact remote server (backdoor.rules, High)
16113 <-> BACKDOOR trojan downloader.agent.vhb runtime detection - request login page (backdoor.rules, High)
16141 <-> SPECIFIC-THREATS Kaspersky Online Scanner trojaned Dll download attempt (specific-threats.rules, High)
16144 <-> SPECIFIC-THREATS Bredolab downloader communication with server attempt (specific-threats.rules, High)
16190 <-> ORACLE Oracle Secure Backup Administration server property_box.php command injection attempt (oracle.rules, High)
16191 <-> ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET (oracle.rules, High)
16192 <-> ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via POST (oracle.rules, High)
16203 <-> DELETED Squid Proxy invalid HTTP response code denial of service attempt (deleted.rules, Medium)
16204 <-> WEB-CLIENT HP OpenView Network Node Manager ovlaunch host field overflow attempt (web-client.rules, High)
16205 <-> WEB-MISC bitmap file download request (web-misc.rules, Low)
16219 <-> WEB-CLIENT Adobe Director file format transfer (web-client.rules, Low)
16242 <-> BACKDOOR downloader-ash.gen.b runtime detection - adload (backdoor.rules, High)
16243 <-> BACKDOOR downloader-ash.gen.b runtime detection - 3264.php (backdoor.rules, High)
16244 <-> BACKDOOR rogue software xp police antivirus runtime detection - purchase (backdoor.rules, High)
16245 <-> BACKDOOR rogue software xp police antivirus install-timedetection (backdoor.rules, High)
16246 <-> BACKDOOR rogue software spyware protect 2009 runtime detection - purchase request (backdoor.rules, High)
16247 <-> BACKDOOR rogue software spyware protect 2009 runtime detection - block (backdoor.rules, High)
16248 <-> BACKDOOR rogue software ms antispyware 2009 runtime detection - start (backdoor.rules, High)
16249 <-> BACKDOOR rogue software ms antispyware 2009 runtime detection - pay (backdoor.rules, High)
16250 <-> BACKDOOR rogue software win pc defender runtime detection (backdoor.rules, High)
16251 <-> BACKDOOR rogue software win pc defender installtime detection (backdoor.rules, High)
16252 <-> BACKDOOR rogue software pro antispyware 2009 runtime detection - purchase (backdoor.rules, High)
16253 <-> BACKDOOR rogue software system security 2009 runtime detection (backdoor.rules, High)
16254 <-> BACKDOOR rogue software system security 2009 installtime detection (backdoor.rules, High)
16256 <-> BACKDOOR rogue software coreguard antivirus 2009 runtime detection (backdoor.rules, High)
16257 <-> BACKDOOR rogue software perfect defender 2009 runtime detection - update (backdoor.rules, High)
16258 <-> BACKDOOR rogue software perfect defender 2009 runtime detection - purchase (backdoor.rules, High)
16259 <-> BACKDOOR rogue software antivirusdoktor2009 runtime detection (backdoor.rules, High)
16260 <-> BACKDOOR rogue software xp antivirus protection runtime detection - installation (backdoor.rules, High)
16261 <-> BACKDOOR rogue software xp antivirus protection runtime detection - runtime (backdoor.rules, High)
16262 <-> BACKDOOR rogue software xp-shield runtime detection (backdoor.rules, High)
16263 <-> BACKDOOR rogue software xp-shield runtime detection - installation (backdoor.rules, High)
16264 <-> BACKDOOR rogue software 007 anti-spyware runtime detection - update (backdoor.rules, High)
16265 <-> BACKDOOR rogue software 007 anti-spyware runtime detection - register (backdoor.rules, High)
16266 <-> BACKDOOR rogue software pc antispyware 2010 runtime detection - buy (backdoor.rules, High)
16267 <-> BACKDOOR rogue software pc antispyware 2010 runtime detection - files (backdoor.rules, High)
16268 <-> BACKDOOR trojan.tdss.1.gen install-time detection - yournewsblog.net (backdoor.rules, High)
16269 <-> BACKDOOR trojan.tdss.1.gen install-time detection - findzproportal1.com (backdoor.rules, High)
16272 <-> BACKDOOR trojan-dropper.irc.tkb runtime detection - lordhack (backdoor.rules, High)
16273 <-> BACKDOOR trojan-dropper.irc.tkb runtime detection - dxcpm (backdoor.rules, High)
16279 <-> BACKDOOR rogue-software windows antivirus 2008 runtime detection - pre-sale page (backdoor.rules, High)
16280 <-> BACKDOOR rogue-software windows antivirus 2008 runtime detection - registration and payment page (backdoor.rules, High)
16286 <-> WEB-MISC TrueType font file download request (web-misc.rules, Low)
16362 <-> SPECIFIC-THREATS SpyForms malware call home attempt (specific-threats.rules, High)
16365 <-> SPECIFIC-THREATS Trojan OnlineGames download atttempt (specific-threats.rules, High)
16391 <-> SPECIFIC-THREATS Gozi Trojan connection to C&C attempt (specific-threats.rules, High)
16406 <-> WEB-MISC JPEG file download attempt (web-misc.rules, Low)
16407 <-> WEB-MISC JPEG file download attempt (web-misc.rules, Low)
16425 <-> WEB-CLIENT Portable Executable binary file transfer (web-client.rules, Low)
16429 <-> WEB-MISC Novell iManager eDirectory plugin schema buffer overflow attempt - GET request (web-misc.rules, High)
16430 <-> WEB-MISC Novell iManager eDirectory plugin schema buffer overflow attempt - POST request (web-misc.rules, High)
16451 <-> DELETED Palm WebOS 1.2.0 floating point exception denial of service attempt (deleted.rules, Medium)
16457 <-> BACKDOOR Trojan.Downloader.Win32.Cutwail.AI runtime detection (backdoor.rules, High)
16473 <-> WEB-CLIENT Microsoft Windows Movie Maker project file download request (web-client.rules, Low)
16476 <-> WEB-CLIENT Microsoft .MSProducer file download request (web-client.rules, Low)
16477 <-> WEB-CLIENT Microsoft .MSProducerZ file download request (web-client.rules, Low)
16478 <-> WEB-CLIENT Microsoft .MSProducerBF file download request (web-client.rules, Low)
16484 <-> SPECIFIC-THREATS Koobface contact to C&C server attempt (specific-threats.rules, Low)
16485 <-> SPECIFIC-THREATS Koobface request for captcha attempt (specific-threats.rules, Low)
16522 <-> WEB-CLIENT Novell QuickFinder server cross-site-scripting attempt (web-client.rules, High)
16527 <-> SPECIFIC-THREATS Zbot malware config file download request (specific-threats.rules, High)
16528 <-> SPECIFIC-THREATS Zbot malware config file download request (specific-threats.rules, High)
16529 <-> WEB-MISC JPEG file download attempt (web-misc.rules, Low)
16552 <-> WEB-CLIENT Adobe .pfb download attempt (web-client.rules, Medium)
16555 <-> WEB-MISC HP Openview Network Node Manager OvAcceptLang overflow attempt (web-misc.rules, High)
16556 <-> SPECIFIC-THREATS 2imaegshack/lmageshack IM worm get request attempt (specific-threats.rules, Low)
16604 <-> WEB-MISC HP OpenView Network Node Manager ovalarm.exe Accept-Language buffer overflow attempt (web-misc.rules, High)