Sourcefire VRT Rules Update
Date: 2010-05-25
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8_5_3.
The format of the file is:
sid - Message (rule group, priority)
New rules: 16606 <-> ORACLE BEA WebLogic Server Plug-ins Certificate overflow attempt (oracle.rules, High) 16607 <-> SPECIFIC-THREATS RealPlayer RAM Download Handler ActiveX exploit attempt (specific-threats.rules, High) 16610 <-> SPECIFIC-THREATS IBM Access Support ActiveX GetXMLValue method buffer overflow attempt (specific-threats.rules, High) 16611 <-> WEB-MISC Apache 413 error HTTP request method cross-site scripting attack (web-misc.rules, High) 16612 <-> WEB-CLIENT Firefox oversized SOCKS5 DNS reply memory corruption attempt (web-client.rules, High) 16613 <-> BACKDOOR c99shell.php command request - cmd (backdoor.rules, High) 16614 <-> BACKDOOR c99shell.php command request - search (backdoor.rules, High) 16615 <-> BACKDOOR c99shell.php command request - upload (backdoor.rules, High) 16616 <-> BACKDOOR c99shell.php command request - about (backdoor.rules, High) 16617 <-> BACKDOOR c99shell.php command request - encoder (backdoor.rules, High) 16618 <-> BACKDOOR c99shell.php command request - bind (backdoor.rules, High) 16619 <-> BACKDOOR c99shell.php command request - ps_aux (backdoor.rules, High) 16620 <-> BACKDOOR c99shell.php command request - ftpquickbrute (backdoor.rules, High) 16621 <-> BACKDOOR c99shell.php command request - security (backdoor.rules, High) 16622 <-> BACKDOOR c99shell.php command request - sql (backdoor.rules, High) 16623 <-> BACKDOOR c99shell.php command request - eval (backdoor.rules, High) 16624 <-> BACKDOOR c99shell.php command request - feedback (backdoor.rules, High) 16625 <-> BACKDOOR c99shell.php command request - selfremove (backdoor.rules, High) 16626 <-> BACKDOOR c99shell.php command request - fsbuff (backdoor.rules, High) 16627 <-> BACKDOOR c99shell.php command request - ls (backdoor.rules, High) 16628 <-> BACKDOOR c99shell.php command request - phpinfo (backdoor.rules, High) 16629 <-> POLICY download of .bin file (policy.rules, Low) 16630 <-> POLICY download of .dat file (policy.rules, Low) 16631 <-> SPECIFIC-THREATS Safari image use after remove attempt (specific-threats.rules, High) 16632 <-> SPECIFIC-THREATS Safari image use after reparent attempt (specific-threats.rules, High) Updated rules: 241 <-> DELETED DDOS shaft synflood (deleted.rules, Medium) 721 <-> DELETED POLICY Potentially unauthorized file attachment (deleted.rules, Medium) 830 <-> DELETED WEB-CGI NPH-publish access (deleted.rules, Medium) 841 <-> DELETED WEB-CGI pfdisplay.cgi access (deleted.rules, Medium) 855 <-> DELETED WEB-CGI edit.pl access (deleted.rules, Medium) 874 <-> DELETED WEB-CGI w3-msql solaris x86 access (deleted.rules, Medium) 884 <-> DELETED WEB-CGI formmail access (deleted.rules, Medium) 893 <-> DELETED WEB-CGI MachineInfo access (deleted.rules, Medium) 970 <-> DELETED WEB-IIS multiple decode attempt (deleted.rules, High) 976 <-> WEB-MISC .bat? access (web-misc.rules, Medium) 989 <-> BACKDOOR sensepost.exe command shell attempt (backdoor.rules, Medium) 1001 <-> WEB-MISC carbo.dll access (web-misc.rules, Medium) 1049 <-> DELETED WEB-MISC iPlanet ../../ DOS attempt (deleted.rules, High) 1054 <-> WEB-MISC weblogic/tomcat .jsp view source attempt (web-misc.rules, High) 1055 <-> DELETED WEB-MISC Tomcat directory traversal attempt (deleted.rules, High) 1056 <-> WEB-MISC Tomcat view source attempt (web-misc.rules, High) 1065 <-> WEB-MISC rcmd attempt (web-misc.rules, Medium) 1072 <-> WEB-MISC Lotus Domino directory traversal (web-misc.rules, High) 1073 <-> WEB-MISC webhits.exe access (web-misc.rules, Medium) 1080 <-> WEB-MISC unify eWave ServletExec upload (web-misc.rules, High) 1081 <-> WEB-MISC Netscape Servers suite DOS (web-misc.rules, High) 1083 <-> WEB-MISC unify eWave ServletExec DOS (web-misc.rules, Medium) 1084 <-> WEB-MISC Allaire JRUN DOS attempt (web-misc.rules, High) 1091 <-> WEB-MISC ICQ Webfront HTTP DOS (web-misc.rules, High) 1094 <-> DELETED WEB-CGI webstore directory traversal (deleted.rules, High) 1095 <-> WEB-MISC Talentsoft Web+ Source Code view access (web-misc.rules, High) 1096 <-> WEB-MISC Talentsoft Web+ internal IP Address access (web-misc.rules, Medium) 1098 <-> WEB-MISC SmartWin CyberOffice Shopping Cart access (web-misc.rules, High) 1099 <-> WEB-MISC cybercop scan (web-misc.rules, Medium) 1102 <-> WEB-MISC nessus 1.X 404 probe (web-misc.rules, High) 1103 <-> WEB-MISC Netscape admin passwd (web-misc.rules, High) 1105 <-> WEB-MISC BigBrother access (web-misc.rules, Medium) 1107 <-> WEB-MISC ftp.pl access (web-misc.rules, Medium) 1108 <-> WEB-MISC Tomcat server snoop access (web-misc.rules, Medium) 1109 <-> WEB-MISC ROXEN directory list attempt (web-misc.rules, Medium) 1110 <-> WEB-MISC apache source.asp file access (web-misc.rules, Medium) 1111 <-> WEB-MISC Tomcat server exploit access (web-misc.rules, Medium) 1114 <-> DELETED WEB-MISC prefix-get // (deleted.rules, Medium) 1115 <-> WEB-MISC ICQ webserver DOS (web-misc.rules, Medium) 1116 <-> WEB-MISC Lotus DelDoc attempt (web-misc.rules, Medium) 1117 <-> WEB-MISC Lotus EditDoc attempt (web-misc.rules, Medium) 1119 <-> WEB-MISC mlog.phtml access (web-misc.rules, Medium) 1120 <-> WEB-MISC mylog.phtml access (web-misc.rules, Medium) 1121 <-> DELETED WEB-MISC O'Reilly args.bat access (deleted.rules, Medium) 1123 <-> WEB-MISC ?PageServices access (web-misc.rules, Medium) 1124 <-> WEB-MISC Ecommerce check.txt access (web-misc.rules, Medium) 1125 <-> WEB-MISC webcart access (web-misc.rules, Medium) 1126 <-> WEB-MISC AuthChangeUrl access (web-misc.rules, Medium) 1127 <-> WEB-MISC convert.bas access (web-misc.rules, Medium) 1128 <-> WEB-MISC cpshost.dll access (web-misc.rules, Medium) 1129 <-> WEB-MISC .htaccess access (web-misc.rules, Medium) 1130 <-> WEB-MISC .wwwacl access (web-misc.rules, Medium) 1131 <-> WEB-MISC .wwwacl access (web-misc.rules, Medium) 1140 <-> WEB-MISC guestbook.pl access (web-misc.rules, Medium) 1141 <-> WEB-MISC handler access (web-misc.rules, Medium) 1143 <-> DELETED WEB-MISC ///cgi-bin access (deleted.rules, Medium) 1144 <-> DELETED WEB-MISC /cgi-bin/// access (deleted.rules, Medium) 1145 <-> WEB-MISC /~root access (web-misc.rules, Medium) 1146 <-> WEB-MISC Ecommerce import.txt access (web-misc.rules, Medium) 1147 <-> WEB-MISC cat%20 access (web-misc.rules, Medium) 1148 <-> WEB-MISC Ecommerce import.txt access (web-misc.rules, Medium) 1150 <-> WEB-MISC Domino catalog.nsf access (web-misc.rules, Medium) 1151 <-> WEB-MISC Domino domcfg.nsf access (web-misc.rules, Medium) 1152 <-> WEB-MISC Domino domlog.nsf access (web-misc.rules, Medium) 1153 <-> WEB-MISC Domino log.nsf access (web-misc.rules, Medium) 1154 <-> WEB-MISC Domino names.nsf access (web-misc.rules, Medium) 1155 <-> WEB-MISC Ecommerce checks.txt access (web-misc.rules, Medium) 1157 <-> WEB-MISC Netscape PublishingXpert access (web-misc.rules, Medium) 1158 <-> WEB-MISC windmail.exe access (web-misc.rules, Medium) 1159 <-> WEB-MISC webplus access (web-misc.rules, Medium) 1160 <-> WEB-MISC Netscape dir index wp (web-misc.rules, Medium) 1162 <-> WEB-MISC cart 32 AdminPwd access (web-misc.rules, Medium) 1164 <-> WEB-MISC shopping cart access (web-misc.rules, Medium) 1166 <-> WEB-MISC ws_ftp.ini access (web-misc.rules, Medium) 1167 <-> WEB-MISC rpm_query access (web-misc.rules, Medium) 1168 <-> WEB-MISC mall log order access (web-misc.rules, Medium) 1173 <-> WEB-MISC architext_query.pl access (web-misc.rules, Medium) 1175 <-> WEB-MISC wwwboard.pl access (web-misc.rules, Medium) 1176 <-> DELETED WEB-MISC order.log access (deleted.rules, Medium) 1177 <-> WEB-MISC Netscape Enterprise Server directory view (web-misc.rules, Medium) 1180 <-> WEB-MISC get32.exe access (web-misc.rules, Medium) 1181 <-> WEB-MISC Annex Terminal DOS attempt (web-misc.rules, Medium) 1182 <-> DELETED WEB-MISC cgitest.exe attempt (deleted.rules, High) 1183 <-> WEB-MISC Netscape Enterprise Server directory view (web-misc.rules, Medium) 1184 <-> WEB-MISC Netscape Enterprise Server directory view (web-misc.rules, Medium) 1186 <-> WEB-MISC Netscape Enterprise Server directory view (web-misc.rules, Medium) 1187 <-> WEB-MISC SalesLogix Eviewer web command attempt (web-misc.rules, High) 1188 <-> WEB-MISC Netscape Enterprise Server directory view (web-misc.rules, Medium) 1189 <-> WEB-MISC Netscape Enterprise Server directory view (web-misc.rules, Medium) 1190 <-> WEB-MISC Netscape Enterprise Server directory view (web-misc.rules, Medium) 1191 <-> WEB-MISC Netscape Enterprise Server directory view (web-misc.rules, Medium) 1192 <-> WEB-MISC Trend Micro OfficeScan access (web-misc.rules, Medium) 1193 <-> WEB-MISC oracle web arbitrary command execution attempt (web-misc.rules, High) 1198 <-> WEB-MISC Netscape Enterprise Server directory view (web-misc.rules, High) 1202 <-> WEB-MISC search.vts access (web-misc.rules, Medium) 1207 <-> WEB-MISC htgrep access (web-misc.rules, Medium) 1209 <-> WEB-MISC .nsconfig access (web-misc.rules, Medium) 1212 <-> WEB-MISC Admin_files access (web-misc.rules, Medium) 1213 <-> WEB-MISC backup access (web-misc.rules, Medium) 1214 <-> WEB-MISC intranet access (web-misc.rules, Medium) 1216 <-> WEB-MISC filemail access (web-misc.rules, Medium) 1217 <-> WEB-MISC plusmail access (web-misc.rules, Medium) 1218 <-> WEB-MISC adminlogin access (web-misc.rules, Medium) 1220 <-> WEB-MISC ultraboard access (web-misc.rules, Medium) 1221 <-> WEB-MISC Muscat Empower cgi access (web-misc.rules, Medium) 1224 <-> WEB-MISC ROADS search.pl attempt (web-misc.rules, Medium) 1230 <-> WEB-MISC VirusWall FtpSave access (web-misc.rules, Medium) 1231 <-> WEB-MISC VirusWall catinfo access (web-misc.rules, Medium) 1233 <-> WEB-CLIENT Outlook EML access (web-client.rules, High) 1234 <-> WEB-MISC VirusWall FtpSaveCSP access (web-misc.rules, Medium) 1235 <-> WEB-MISC VirusWall FtpSaveCVP access (web-misc.rules, Medium) 1236 <-> DELETED WEB-MISC Tomcat sourecode view (deleted.rules, Medium) 1237 <-> DELETED WEB-MISC Tomcat sourecode view (deleted.rules, Medium) 1238 <-> DELETED WEB-MISC Tomcat sourecode view (deleted.rules, Medium) 1241 <-> WEB-MISC SWEditServlet directory traversal attempt (web-misc.rules, High) 1246 <-> DELETED WEB-FRONTPAGE rad overflow attempt (deleted.rules, High) 1247 <-> DELETED WEB-FRONTPAGE rad overflow attempt (deleted.rules, High) 1250 <-> WEB-MISC Cisco IOS HTTP configuration attempt (web-misc.rules, High) 1258 <-> WEB-MISC HP OpenView Manager DOS (web-misc.rules, Low) 1259 <-> WEB-MISC SWEditServlet access (web-misc.rules, Medium) 1284 <-> WEB-CLIENT readme.eml download attempt (web-client.rules, High) 1287 <-> DELETED WEB-IIS scripts access (deleted.rules, Medium) 1291 <-> WEB-MISC sml3com access (web-misc.rules, Medium) 1302 <-> WEB-MISC console.exe access (web-misc.rules, Medium) 1303 <-> WEB-MISC cs.exe access (web-misc.rules, Medium) 1328 <-> DELETED WEB-ATTACKS /bin/ps command attempt (deleted.rules, High) 1329 <-> DELETED WEB-ATTACKS ps command attempt (deleted.rules, High) 1368 <-> DELETED WEB-ATTACKS /bin/ls| command attempt (deleted.rules, High) 1369 <-> DELETED WEB-ATTACKS /bin/ls command attempt (deleted.rules, High) 1374 <-> WEB-MISC .htgroup access (web-misc.rules, Medium) 1376 <-> WEB-MISC jrun directory browse attempt (web-misc.rules, High) 1381 <-> WEB-MISC Trend Micro OfficeScan attempt (web-misc.rules, Medium) 1385 <-> WEB-MISC mod-plsql administration access (web-misc.rules, Medium) 1389 <-> DELETED viewcode.jse access (deleted.rules, Medium) 1403 <-> DELETED WEB-MISC viewcode access (deleted.rules, High) 1404 <-> DELETED WEB-MISC showcode access (deleted.rules, High) 1433 <-> WEB-MISC .history access (web-misc.rules, High) 1434 <-> WEB-MISC .bash_history access (web-misc.rules, High) 1477 <-> DELETED WEB-CGI swc attempt (deleted.rules, Medium) 1484 <-> DELETED WEB-IIS /isapi/tstisapi.dll access (deleted.rules, Medium) 1489 <-> WEB-MISC /~nobody access (web-misc.rules, High) 1492 <-> WEB-MISC RBS ISP /newuser directory traversal attempt (web-misc.rules, High) 1493 <-> WEB-MISC RBS ISP /newuser access (web-misc.rules, Medium) 1500 <-> WEB-MISC ExAir access (web-misc.rules, Medium) 1519 <-> WEB-MISC apache ?M=D directory list attempt (web-misc.rules, Medium) 1520 <-> WEB-MISC server-info access (web-misc.rules, Medium) 1521 <-> WEB-MISC server-status access (web-misc.rules, Medium) 1522 <-> WEB-MISC ans.pl attempt (web-misc.rules, High) 1523 <-> WEB-MISC ans.pl access (web-misc.rules, Medium) 1525 <-> WEB-MISC Axis Storpoint CD access (web-misc.rules, Medium) 1526 <-> WEB-MISC basilix sendmail.inc access (web-misc.rules, Medium) 1527 <-> WEB-MISC basilix mysql.class access (web-misc.rules, Medium) 1528 <-> WEB-MISC BBoard access (web-misc.rules, Medium) 1544 <-> WEB-MISC Cisco Catalyst command execution attempt (web-misc.rules, Medium) 1551 <-> WEB-MISC /CVS/Entries access (web-misc.rules, Medium) 1552 <-> WEB-MISC cvsweb version access (web-misc.rules, Medium) 1553 <-> DELETED WEB-CGI /cart/cart.cgi access (deleted.rules, Medium) 1559 <-> WEB-MISC /doc/packages access (web-misc.rules, Medium) 1560 <-> WEB-MISC /doc/ access (web-misc.rules, Medium) 1561 <-> DELETED WEB-MISC ?open access (deleted.rules, Medium) 1563 <-> WEB-MISC login.htm attempt (web-misc.rules, Medium) 1564 <-> WEB-MISC login.htm access (web-misc.rules, Medium) 1575 <-> WEB-MISC Domino mab.nsf access (web-misc.rules, Medium) 1576 <-> WEB-MISC Domino cersvr.nsf access (web-misc.rules, Medium) 1577 <-> WEB-MISC Domino setup.nsf access (web-misc.rules, Medium) 1578 <-> WEB-MISC Domino statrep.nsf access (web-misc.rules, Medium) 1579 <-> WEB-MISC Domino webadmin.nsf access (web-misc.rules, Medium) 1580 <-> WEB-MISC Domino events4.nsf access (web-misc.rules, Medium) 1581 <-> WEB-MISC Domino ntsync4.nsf access (web-misc.rules, Medium) 1582 <-> WEB-MISC Domino collect4.nsf access (web-misc.rules, Medium) 1583 <-> WEB-MISC Domino mailw46.nsf access (web-misc.rules, Medium) 1584 <-> WEB-MISC Domino bookmark.nsf access (web-misc.rules, Medium) 1585 <-> WEB-MISC Domino agentrunner.nsf access (web-misc.rules, Medium) 1586 <-> WEB-MISC Domino mail.box access (web-misc.rules, Medium) 1587 <-> WEB-MISC cgitest.exe access (web-misc.rules, Medium) 1588 <-> WEB-MISC SalesLogix Eviewer access (web-misc.rules, Medium) 1589 <-> WEB-MISC musicat empower attempt (web-misc.rules, High) 1609 <-> DELETED WEB-CGI faxsurvey arbitrary file read attempt (deleted.rules, High) 1612 <-> WEB-MISC ftp.pl attempt (web-misc.rules, High) 1613 <-> WEB-MISC handler attempt (web-misc.rules, High) 1614 <-> WEB-MISC Novell Groupwise gwweb.exe attempt (web-misc.rules, Medium) 1615 <-> WEB-MISC htgrep attempt (web-misc.rules, High) 1619 <-> DELETED EXPERIMENTAL WEB-IIS .htr request (deleted.rules, Medium) 1647 <-> DELETED WEB-CGI faxsurvey attempt full path (deleted.rules, High) 1653 <-> DELETED WEB-CGI campus access (deleted.rules, Medium) 1662 <-> WEB-MISC /~ftp access (web-misc.rules, Medium) 1663 <-> WEB-MISC *%20.pl access (web-misc.rules, High) 1664 <-> WEB-MISC mkplog.exe access (web-misc.rules, Medium) 1665 <-> DELETED WEB-MISC mkilog.exe access (deleted.rules, Medium) 1670 <-> WEB-MISC /home/ftp access (web-misc.rules, Medium) 1671 <-> WEB-MISC /home/www access (web-misc.rules, Medium) 1738 <-> WEB-MISC global.inc access (web-misc.rules, High) 1749 <-> DELETED EXPERIMENTAL WEB-IIS .NET trace.axd access (deleted.rules, High) 1757 <-> WEB-MISC b2 arbitrary command execution attempt (web-misc.rules, High) 1758 <-> DELETED WEB-MISC b2 access (deleted.rules, High) 1766 <-> WEB-MISC search.dll directory listing attempt (web-misc.rules, High) 1767 <-> WEB-MISC search.dll access (web-misc.rules, Medium) 1769 <-> WEB-MISC .DS_Store access (web-misc.rules, Medium) 1770 <-> WEB-MISC .FBCIndex access (web-misc.rules, Medium) 1801 <-> DELETED WEB-IIS .asp HTTP header buffer overflow attempt (deleted.rules, High) 1814 <-> WEB-MISC CISCO VoIP DOS ATTEMPT (web-misc.rules, Medium) 1820 <-> WEB-MISC IBM Net.Commerce orderdspc.d2w access (web-misc.rules, Medium) 1826 <-> WEB-MISC WEB-INF access (web-misc.rules, Medium) 1827 <-> WEB-MISC Tomcat servlet mapping cross site scripting attempt (web-misc.rules, High) 1828 <-> WEB-MISC iPlanet Search directory traversal attempt (web-misc.rules, High) 1829 <-> WEB-MISC Tomcat TroubleShooter servlet access (web-misc.rules, Medium) 1830 <-> WEB-MISC Tomcat SnoopServlet servlet access (web-misc.rules, Medium) 1831 <-> WEB-MISC jigsaw dos attempt (web-misc.rules, High) 1835 <-> WEB-MISC Macromedia SiteSpring cross site scripting attempt (web-misc.rules, High) 1839 <-> WEB-MISC mailman cross site scripting attempt (web-misc.rules, High) 1847 <-> WEB-MISC webalizer access (web-misc.rules, Medium) 1848 <-> WEB-MISC webcart-lite access (web-misc.rules, Medium) 1849 <-> WEB-MISC webfind.exe access (web-misc.rules, Medium) 1851 <-> WEB-MISC active.log access (web-misc.rules, Medium) 1852 <-> WEB-MISC robots.txt access (web-misc.rules, Medium) 1857 <-> WEB-MISC robot.txt access (web-misc.rules, Medium) 1871 <-> WEB-MISC Oracle XSQLConfig.xml access (web-misc.rules, Medium) 1872 <-> WEB-MISC Oracle Dynamic Monitoring Services dms access (web-misc.rules, Medium) 1873 <-> WEB-MISC globals.jsa access (web-misc.rules, Medium) 1874 <-> WEB-MISC Oracle Java Process Manager access (web-misc.rules, Medium) 1880 <-> WEB-MISC oracle web application server access (web-misc.rules, Medium) 1943 <-> WEB-MISC /Carello/add.exe access (web-misc.rules, Medium) 1944 <-> WEB-MISC /ecscripts/ecware.exe access (web-misc.rules, Medium) 1969 <-> WEB-MISC ion-p access (web-misc.rules, Medium) 1979 <-> WEB-MISC perl post attempt (web-misc.rules, High) 2057 <-> WEB-MISC helpout.exe access (web-misc.rules, Medium) 2058 <-> WEB-MISC MsmMask.exe attempt (web-misc.rules, High) 2059 <-> WEB-MISC MsmMask.exe access (web-misc.rules, Medium) 2060 <-> WEB-MISC DB4Web access (web-misc.rules, Medium) 2061 <-> WEB-MISC Tomcat null byte directory listing attempt (web-misc.rules, High) 2062 <-> WEB-MISC iPlanet .perf access (web-misc.rules, Medium) 2063 <-> WEB-MISC Demarc SQL injection attempt (web-misc.rules, Medium) 2064 <-> DELETED WEB-MISC Lotus Notes .csp script source download attempt (deleted.rules, High) 2065 <-> WEB-MISC Lotus Notes .csp script source download attempt (web-misc.rules, High) 2066 <-> WEB-MISC Lotus Notes .pl script source download attempt (web-misc.rules, High) 2067 <-> WEB-MISC Lotus Notes .exe script source download attempt (web-misc.rules, High) 2068 <-> WEB-MISC BitKeeper arbitrary command attempt (web-misc.rules, High) 2069 <-> WEB-MISC chip.ini access (web-misc.rules, Medium) 2070 <-> WEB-MISC post32.exe arbitrary command attempt (web-misc.rules, High) 2071 <-> WEB-MISC post32.exe access (web-misc.rules, Medium) 2072 <-> WEB-MISC lyris.pl access (web-misc.rules, Medium) 2073 <-> WEB-MISC globals.pl access (web-misc.rules, Medium) 2135 <-> WEB-MISC philboard.mdb access (web-misc.rules, Medium) 2136 <-> WEB-MISC philboard_admin.asp authentication bypass attempt (web-misc.rules, High) 2137 <-> WEB-MISC philboard_admin.asp access (web-misc.rules, Medium) 2138 <-> WEB-MISC logicworks.ini access (web-misc.rules, Medium) 2139 <-> WEB-MISC /*.shtml access (web-misc.rules, Medium) 2156 <-> WEB-MISC mod_gzip_status access (web-misc.rules, Medium) 2231 <-> WEB-MISC register.dll access (web-misc.rules, Medium) 2232 <-> WEB-MISC ContentFilter.dll access (web-misc.rules, Medium) 2233 <-> WEB-MISC SFNofitication.dll access (web-misc.rules, Medium) 2234 <-> WEB-MISC TOP10.dll access (web-misc.rules, Medium) 2235 <-> WEB-MISC SpamExcp.dll access (web-misc.rules, Medium) 2236 <-> WEB-MISC spamrule.dll access (web-misc.rules, Medium) 2237 <-> WEB-MISC cgiWebupdate.exe access (web-misc.rules, Medium) 2238 <-> WEB-MISC WebLogic ConsoleHelp view source attempt (web-misc.rules, High) 2239 <-> WEB-MISC redirect.exe access (web-misc.rules, Medium) 2240 <-> WEB-MISC changepw.exe access (web-misc.rules, Medium) 2241 <-> WEB-MISC cwmail.exe access (web-misc.rules, Medium) 2242 <-> WEB-MISC ddicgi.exe access (web-misc.rules, Medium) 2243 <-> WEB-MISC ndcgi.exe access (web-misc.rules, Medium) 2244 <-> WEB-MISC VsSetCookie.exe access (web-misc.rules, Medium) 2245 <-> WEB-MISC Webnews.exe access (web-misc.rules, Medium) 2246 <-> WEB-MISC webadmin.dll access (web-misc.rules, Medium) 2276 <-> WEB-MISC oracle portal demo access (web-misc.rules, Medium) 2277 <-> WEB-MISC PeopleSoft PeopleBooks psdoccgi access (web-misc.rules, Medium) 2327 <-> WEB-MISC bsml.pl access (web-misc.rules, Medium) 2369 <-> WEB-MISC ISAPISkeleton.dll access (web-misc.rules, Medium) 2370 <-> WEB-MISC BugPort config.conf file access (web-misc.rules, Medium) 2371 <-> WEB-MISC Sample_showcode.html access (web-misc.rules, Medium) 2381 <-> WEB-MISC Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt (web-misc.rules, High) 2395 <-> WEB-MISC InteractiveQuery.jsp access (web-misc.rules, Medium) 2400 <-> WEB-MISC edittag.pl access (web-misc.rules, Medium) 2407 <-> WEB-MISC util.pl access (web-misc.rules, Medium) 2408 <-> WEB-MISC Invision Power Board search.pl access (web-misc.rules, Medium) 2418 <-> MISC MS Terminal Server no encryption session initiation attempt (misc.rules, Medium) 2435 <-> WEB-CLIENT Microsoft emf metafile access (web-client.rules, High) 2436 <-> WEB-CLIENT Microsoft wmf metafile access (web-client.rules, High) 2447 <-> WEB-MISC ServletManager access (web-misc.rules, Medium) 2448 <-> WEB-MISC setinfo.hts access (web-misc.rules, Medium) 2484 <-> WEB-MISC source.jsp access (web-misc.rules, Medium) 2527 <-> SMTP STARTTLS attempt (smtp.rules, Low) 2569 <-> WEB-MISC cPanel resetpass access (web-misc.rules, Medium) 2581 <-> WEB-MISC Crystal Reports crystalimagehandler.aspx access (web-misc.rules, Medium) 2582 <-> WEB-MISC Crystal Reports crystalImageHandler.aspx directory traversal attempt (web-misc.rules, High) 2585 <-> WEB-MISC nessus 2.x 404 probe (web-misc.rules, Medium) 2672 <-> WEB-MISC sresult.exe access (web-misc.rules, Medium) 2701 <-> WEB-MISC Oracle iSQLPlus sid overflow attempt (web-misc.rules, High) 2702 <-> WEB-MISC Oracle iSQLPlus username overflow attempt (web-misc.rules, High) 2703 <-> WEB-MISC Oracle iSQLPlus login.uix username overflow attempt (web-misc.rules, High) 2704 <-> WEB-MISC Oracle 10g iSQLPlus login.unix connectID overflow attempt (web-misc.rules, High) 2950 <-> DELETED NETBIOS SMB too many stacked requests (deleted.rules, Low) 3079 <-> WEB-CLIENT Microsoft ANI file parsing overflow (web-client.rules, High) 3086 <-> WEB-MISC 3Com 3CRADSL72 ADSL 11g Wireless Router app_sta.stm access attempt (web-misc.rules, Medium) 3467 <-> WEB-MISC CISCO VoIP Portinformation access (web-misc.rules, Medium) 3549 <-> DELETED WEB-CLIENT HTML DOM invalid DHTML element creation attempt (deleted.rules, High) 3551 <-> WEB-CLIENT .hta download attempt (web-client.rules, Low) 3676 <-> WEB-MISC newsscript.pl admin attempt (web-misc.rules, High) 3816 <-> WEB-MISC BadBlue ext.dll buffer overflow attempt (web-misc.rules, High) 3819 <-> WEB-CLIENT multipacket CHM file transfer start (web-client.rules, Low) 3822 <-> WEB-MISC Real Player realtext long URI request (web-misc.rules, Low) 4650 <-> WEB-MISC cacti graph_image.php access (web-misc.rules, Medium) 4985 <-> WEB-MISC Twiki rdiff rev command injection attempt (web-misc.rules, High) 4986 <-> WEB-MISC Twiki view rev command injection attempt (web-misc.rules, High) 4987 <-> WEB-MISC Twiki viewfile rev command injection attempt (web-misc.rules, High) 4988 <-> WEB-MISC Barracuda IMG.PL directory traversal attempt (web-misc.rules, High) 5320 <-> DELETED VIRUS Possible Sober virus set one call home attempt (deleted.rules, Medium) 5324 <-> DELETED VIRUS Possible Sober virus set two call home attempt (deleted.rules, Medium) 5692 <-> P2P Skype client successful install (p2p.rules, High) 5706 <-> POLICY Namazu incoming namazu.cgi access (policy.rules, Medium) 5707 <-> POLICY Namazu outbound namazu.cgi access (policy.rules, Medium) 5715 <-> WEB-MISC malformed ipv6 uri overflow attempt (web-misc.rules, High) 5740 <-> WEB-CLIENT Microsoft HTML help workshop file .hhp download attempt (web-client.rules, Low) 5804 <-> DELETED SPYWARE-PUT Trackware myway speedbar / mywebsearch toolbar runtime detection - ads (deleted.rules, Medium) 5832 <-> DELETED SPYWARE-PUT Hijacker comet systems runtime search detection - search request 1 (deleted.rules, Low) 5833 <-> DELETED SPYWARE-PUT Hijacker comet systems runtime search detection - search request 2 (deleted.rules, Low) 5869 <-> DELETED SPYWARE-PUT Trickler VX2/ABetterInternet transponder thinstaller runtime detection - download request 1 (deleted.rules, Low) 5870 <-> DELETED SPYWARE-PUT Trickler VX2/ABetterInternet transponder thinstaller runtime detection - download request 2 (deleted.rules, Low) 5877 <-> DELETED SPYWARE-PUT Adware trustyfiles v2.4.0.4 runtime detection - startup access (deleted.rules, Low) 5878 <-> DELETED SPYWARE-PUT Adware trustyfiles v2.4.0.4 runtime detection - configuration retrieval (deleted.rules, Low) 5879 <-> DELETED SPYWARE-PUT Adware trustyfiles v2.4.0.4 runtime detection - update notification (deleted.rules, Low) 5912 <-> DELETED SPYWARE-PUT Hijacker webcrawler runtime detection (deleted.rules, Low) 5931 <-> DELETED SPYWARE-PUT Adware cashbar runtime detection - stats track 1 (deleted.rules, Low) 6018 <-> BACKDOOR dsk lite 1.0 runtime detection - icq notification (backdoor.rules, High) 6019 <-> BACKDOOR dsk lite 1.0 runtime detection - cgi notification (backdoor.rules, High) 6020 <-> BACKDOOR dsk lite 1.0 runtime detection - php notification (backdoor.rules, High) 6023 <-> BACKDOOR silent spy 2.10 runtime detection - icq notification (backdoor.rules, High) 6029 <-> BACKDOOR fkwp 2.0 runtime detection - icq notification (backdoor.rules, High) 6039 <-> BACKDOOR fade 1.0 runtime detection - notification (backdoor.rules, High) 6042 <-> BACKDOOR fear 0.2 runtime detection - php notification (backdoor.rules, High) 6043 <-> BACKDOOR fear 0.2 runtime detection - cgi notification (backdoor.rules, High) 6058 <-> BACKDOOR neurotickat1.3 runtime detection - icq notification (backdoor.rules, High) 6059 <-> BACKDOOR neurotickat1.3 runtime detection - cgi notification (backdoor.rules, High) 6069 <-> BACKDOOR optixlite 1.0 runtime detection - icq notification (backdoor.rules, High) 6115 <-> BACKDOOR optix 1.32 runtime detection - icq notification (backdoor.rules, High) 6135 <-> DELETED BACKDOOR clindestine 1.0 icq notification of server installation (deleted.rules, High) 6210 <-> DELETED SPYWARE-PUT Adware deskwizz runtime detection - ad banner (deleted.rules, Low) 6217 <-> DELETED SPYWARE-PUT Adware aornum/iwon copilot runtime detection - ads 1 (deleted.rules, Low) 6226 <-> DELETED SPYWARE-PUT Adware exact.bargainbuddy runtime detection - ads - request (deleted.rules, Low) 6229 <-> DELETED SPYWARE-PUT Adware exact.bargainbuddy runtime detection - adp ads (deleted.rules, Low) 6231 <-> DELETED SPYWARE-PUT Adware mirar runtime detection - search (deleted.rules, Low) 6235 <-> DELETED SPYWARE-PUT Adware spoton runtime detection (deleted.rules, Low) 6262 <-> DELETED SPYWARE-PUT Hijacker gigatech superbar runtime detection - hijack ie auto search (deleted.rules, Low) 6272 <-> DELETED SPYWARE-PUT Adware bundleware ds3 runtime detection - initial connection (deleted.rules, Low) 6273 <-> DELETED SPYWARE-PUT Adware bundleware ds3 runtime detection - pop-up retreival (deleted.rules, Low) 6276 <-> DELETED SPYWARE-PUT Hijacker incredifind runtime detection - autosearch (deleted.rules, Low) 6277 <-> DELETED SPYWARE-PUT Hijacker navexcel runtime detection (deleted.rules, Low) 6291 <-> BACKDOOR justjoke v2.6 runtime detection (backdoor.rules, High) 6296 <-> BACKDOOR insurrection 1.1.0 runtime detection - icq notification 1 (backdoor.rules, High) 6297 <-> BACKDOOR insurrection 1.1.0 runtime detection - icq notification 2 (backdoor.rules, High) 6300 <-> BACKDOOR cia 1.3 runtime detection - icq notification (backdoor.rules, High) 6369 <-> DELETED SPYWARE-PUT Adware flashtrack media runtime detection - download .dll (deleted.rules, Low) 6370 <-> DELETED SPYWARE-PUT Adware flashtrack media runtime detection - download .exe (deleted.rules, Low) 6393 <-> DELETED SPYWARE-PUT Hijacker zeropopup runtime detection - button search (deleted.rules, Low) 6406 <-> POLICY Gizmo VOIP client start-up version check (policy.rules, High) 6474 <-> BACKDOOR w32.loosky.gen@mm runtime detection - notification (backdoor.rules, High) 6485 <-> DELETED SPYWARE-PUT Adware spyfalcon runtime detection - action report (deleted.rules, Low) 6486 <-> DELETED SPYWARE-PUT Adware spyfalcon runtime detection - notification (deleted.rules, Low) 6507 <-> WEB-MISC novell edirectory imonitor overflow attempt (web-misc.rules, High) 7070 <-> WEB-MISC encoded cross site scripting attempt (web-misc.rules, High) 7071 <-> WEB-MISC encoded cross site scripting HTML Image tag set to javascript attempt (web-misc.rules, High) 7073 <-> BACKDOOR w32.dumaru.gen@mm runtime detection - notification (backdoor.rules, High) 7074 <-> BACKDOOR w32.dumaru.gen@mm runtime detection - cmd (backdoor.rules, High) 7076 <-> BACKDOOR minimo v0.6 runtime detection - cgi notification (backdoor.rules, High) 7077 <-> BACKDOOR minimo v0.6 runtime detection - icq notification (backdoor.rules, High) 7131 <-> DELETED SPYWARE-PUT Hijacker wowok mp3 bar runtime detection - tracking (deleted.rules, Low) 7132 <-> DELETED SPYWARE-PUT Hijacker wowok mp3 bar runtime detection - advertising 1 (deleted.rules, Low) 7133 <-> DELETED SPYWARE-PUT Hijacker wowok mp3 bar runtime detection - advertising 2 (deleted.rules, Low) 7134 <-> DELETED SPYWARE-PUT Hijacker wowok mp3 bar runtime detection - search assissant hijacking (deleted.rules, Low) 7637 <-> BACKDOOR hornet 1.0 runtime detection - icq notification (backdoor.rules, High) 7639 <-> BACKDOOR air runtime detection - php notification (backdoor.rules, High) 7640 <-> BACKDOOR air runtime detection - webmail notification (backdoor.rules, High) 7692 <-> BACKDOOR exception 1.0 runtime detection - notification (backdoor.rules, High) 7704 <-> BACKDOOR roach 1.0 server installation notification - email (backdoor.rules, High) 7722 <-> BACKDOOR prorat 1.9 cgi notification detection (backdoor.rules, High) 7742 <-> BACKDOOR nova 1.0 runtime detection - cgi notification client-to-server (backdoor.rules, High) 7762 <-> BACKDOOR analftp 0.1 runtime detection - icq notification (backdoor.rules, High) 7805 <-> BACKDOOR war trojan ver1.0 runtime detection - ie hijacker (backdoor.rules, High) 7858 <-> POLICY Google Desktop initial install - firstuse request (policy.rules, High) 7859 <-> POLICY Google Desktop initial install - installer request (policy.rules, High) 7860 <-> POLICY Google Desktop search query (policy.rules, High) 8080 <-> BACKDOOR x2a runtime detection - client update (backdoor.rules, High) 8085 <-> WEB-MISC HP Openview NNM connectedNodes.ovpl port 3443 Unix command execution attempt (web-misc.rules, High) 8086 <-> WEB-MISC HP Openview NNM cdpView.ovpl port 3443 Unix command execution attempt (web-misc.rules, High) 8087 <-> WEB-MISC HP Openview NNM freeIPaddrs.ovpl port 3443 Unix command execution attempt (web-misc.rules, High) 8088 <-> WEB-MISC HP Openview NNM connectedNodes.ovpl Unix command execution attempt (web-misc.rules, High) 8089 <-> WEB-MISC HP Openview NNM cdpView.ovpl Unix command execution attempt (web-misc.rules, High) 8090 <-> WEB-MISC HP Openview NNM freeIPaddrs.ovpl Unix command execution attempt (web-misc.rules, High) 9418 <-> SPECIFIC-THREATS bagle.a http notification detection (specific-threats.rules, High) 9620 <-> WEB-MISC pajax call_dispatcher remote exec attempt (web-misc.rules, High) 9653 <-> BACKDOOR apofis 1.0 runtime detection - php notification (backdoor.rules, High) 9791 <-> WEB-MISC .cmd? access (web-misc.rules, Medium) 10196 <-> BACKDOOR Wordpress backdoor feed.php code execution attempt (backdoor.rules, High) 10197 <-> BACKDOOR Wordpress backdoor theme.php code execution attempt (backdoor.rules, High) 10396 <-> DELETED WEB-IIS Internet Data Query query.idq directory traversal attempt (deleted.rules, High) 10397 <-> DELETED WEB-IIS Internet Data Query exair query.idq directory traversal attempt (deleted.rules, High) 10398 <-> DELETED WEB-IIS Internet Data Query exair search.idq directory traversal attempt (deleted.rules, High) 10399 <-> DELETED WEB-IIS Internet Data Query iissamples fastq.idq directory traversal attempt (deleted.rules, High) 10400 <-> DELETED WEB-IIS Internet Data Query iissamples query.idq directory traversal attempt (deleted.rules, High) 10401 <-> DELETED WEB-IIS Internet Data Query prxdocs prxrch.idq directory traversal attempt (deleted.rules, High) 10403 <-> SPECIFIC-THREATS Trojan.Duntek Checkin GET Request (specific-threats.rules, High) 10419 <-> WEB-ACTIVEX HP Mercury Quality Center SPIDERLib ActiveX clsid access (web-activex.rules, High) 10421 <-> WEB-ACTIVEX HP Mercury Quality Center SPIDERLib ActiveX function call access (web-activex.rules, High) 10422 <-> WEB-ACTIVEX HP Mercury Quality Center SPIDERLib ActiveX function call unicode access (web-activex.rules, High) 10447 <-> BACKDOOR 51d 1b runtime detection - icq notification (backdoor.rules, High) 10990 <-> WEB-MISC encoded cross site scripting HTML Image tag attempt (web-misc.rules, High) 11193 <-> WEB-MISC Oracle iSQL Plus cross site scripting attempt (web-misc.rules, High) 11194 <-> WEB-MISC Oracle iSQL Plus cross site scripting attempt (web-misc.rules, High) 11223 <-> WEB-MISC google proxystylesheet arbitrary command execution attempt (web-misc.rules, High) 11616 <-> WEB-MISC Symantec Sygate Policy Manager SQL injection (web-misc.rules, High) 11685 <-> WEB-MISC Oracle iSQL Plus cross site scripting attempt (web-misc.rules, High) 12059 <-> WEB-MISC Oracle iSQL Plus cross site scripting attempt (web-misc.rules, High) 12060 <-> WEB-MISC Oracle iSQL Plus cross site scripting attempt (web-misc.rules, High) 12077 <-> DELETED BACKDOOR c99shell.php command request (deleted.rules, High) 12303 <-> POLICY Google Chat web client connection (policy.rules, High) 12304 <-> POLICY AOL Instant Messenger web client connection (policy.rules, High) 12305 <-> POLICY Yahoo Messenger web client connection (policy.rules, High) 12306 <-> POLICY Microsoft Messenger web client connection (policy.rules, High) 12455 <-> POLICY Crystal reports download request (policy.rules, High) 12488 <-> DELETED SPYWARE-PUT Adware adblaster 2.0 runtime detection (deleted.rules, Low) 12629 <-> WEB-MISC sharepoint cross site scripting attempt (web-misc.rules, High) 12691 <-> P2P Outbound Joltid PeerEnabler traffic detected (p2p.rules, High) 13302 <-> WEB-CLIENT Apache mod_imagemap cross site scripting attempt (web-client.rules, High) 13465 <-> WEB-CLIENT Microsoft Works file download request (web-client.rules, Low) 13583 <-> WEB-CLIENT Microsoft SYmbolic LinK file download request (web-client.rules, Low) 13584 <-> WEB-CLIENT csv file download request (web-client.rules, Low) 13592 <-> DELETED POLICY Inbound potentially malicious file download attempt (deleted.rules, Medium) 13625 <-> BACKDOOR MBR rootkit HTTP POST activity detected (backdoor.rules, High) 13627 <-> WEB-CLIENT Microsoft Access file download request (web-client.rules, Low) 13628 <-> WEB-CLIENT Microsoft Access file download request (web-client.rules, Low) 13632 <-> WEB-CLIENT Zango adware installation request (web-client.rules, High) 13656 <-> WEB-MISC Cisco Secure Access Control Server UCP Application CSuserCGI.exe buffer overflow attempt (web-misc.rules, High) 13789 <-> DELETED WEB-CLIENT Microsoft Word file download request (deleted.rules, Low) 13856 <-> BACKDOOR wintrim.z runtime detection (backdoor.rules, High) 13862 <-> POLICY Habbo chat client item information download (policy.rules, High) 13876 <-> BACKDOOR zlob.acc runtime detection (backdoor.rules, High) 13877 <-> BACKDOOR trojan-spy.win32.delf.uv runtime detection (backdoor.rules, High) 13911 <-> WEB-CLIENT Microsoft search file download attempt (web-client.rules, Low) 13915 <-> WEB-MISC backup file download attempt (web-misc.rules, Low) 13928 <-> WEB-MISC Adobe RoboHelp r0 SQL injection attempt (web-misc.rules, High) 13929 <-> WEB-MISC Adobe RoboHelp rx SQL injection attempt (web-misc.rules, High) 13941 <-> BACKDOOR trojan agent.nac runtime detection - click fraud (backdoor.rules, High) 13942 <-> BACKDOOR trojan agent.nac runtime detection - call home (backdoor.rules, High) 13944 <-> BACKDOOR trojan downloader small.gy runtime detection - get whitelist (backdoor.rules, High) 13945 <-> BACKDOOR trojan downloader small.gy runtime detection - update (backdoor.rules, High) 13952 <-> DELETED SPECIFIC-THREATS b.js download - possible Asprox trojan attack (deleted.rules, High) 13953 <-> SPECIFIC-THREATS Asprox trojan initial query (specific-threats.rules, High) 13982 <-> WEB-CLIENT Microsoft Powerpoint file download attempt (web-client.rules, Low) 13983 <-> WEB-CLIENT Microsoft Office eps file download (web-client.rules, Low) 14017 <-> WEB-CLIENT MPEG Layer 3 playlist file request (web-client.rules, Low) 14018 <-> WEB-CLIENT PLS multimedia playlist file request (web-client.rules, Low) 14082 <-> BACKDOOR trojan agent.aarm runtime detection - spread via spam (backdoor.rules, High) 14083 <-> BACKDOOR trojan agent.aarm runtime detection - download other malware (backdoor.rules, High) 14084 <-> BACKDOOR infostealer.banker.c runtime detection - download cfg.bin (backdoor.rules, High) 14086 <-> BACKDOOR Adware.Win32.Agent.BM runtime detection #1 (backdoor.rules, High) 14087 <-> BACKDOOR Adware.Win32.Agent.BM runtime detection #2 (backdoor.rules, High) 15013 <-> WEB-MISC Adobe Portable Document Format file download attempt (web-misc.rules, Low) 15123 <-> WEB-CLIENT Rich Text Format file request (web-client.rules, Low) 15158 <-> WEB-MISC XML Shareable Playlist Format file download attempt (web-misc.rules, Low) 15165 <-> BACKDOOR Pushdo client communication attempt (backdoor.rules, High) 15237 <-> WEB-MISC Java .class file download attempt (web-misc.rules, Low) 15239 <-> WEB-MISC RealMedia format file download attempt (web-misc.rules, Low) 15240 <-> WEB-MISC RealMedia format file download attempt (web-misc.rules, Low) 15242 <-> DELETED WEB-CLIENT HP OpenView Network Node Manager Toolbar.exe HTTP request buffer overflow attempt (deleted.rules, High) 15256 <-> ORACLE BPEL process manager XSS injection attempt (oracle.rules, High) 15257 <-> ORACLE Secure Backup common.php variable based command injection attempt (oracle.rules, High) 15258 <-> ORACLE Secure Backup login.php variable based command injection attempt (oracle.rules, High) 15261 <-> ORACLE Secure Backup exec_qr command injection attempt (oracle.rules, High) 15262 <-> ORACLE Secure Backup POST exec_qr command injection attempt (oracle.rules, High) 15263 <-> DELETED BEA WebLogic Apache connector HTTP version denial of service attempt (deleted.rules, Medium) 15294 <-> WEB-CLIENT Microsoft Visio file download request (web-client.rules, Low) 15295 <-> SPECIFIC-THREATS Trojan.Bankpatch.C configuration attempt (specific-threats.rules, High) 15296 <-> SPECIFIC-THREATS Trojan.Bankpatch.C malicious file download attempt (specific-threats.rules, High) 15385 <-> WEB-MISC vqf file request (web-misc.rules, Low) 15426 <-> WEB-CLIENT MAKI file request (web-client.rules, Low) 15427 <-> WEB-MISC SVG file request (web-misc.rules, Low) 15434 <-> WEB-MISC HP OpenView Network Node Manager OvOSLocale parameter buffer overflow attempt (web-misc.rules, High) 15444 <-> WEB-MISC Core Audio Format file download attempt (web-misc.rules, Low) 15463 <-> WEB-CLIENT Microsoft Excel file request (web-client.rules, Low) 15464 <-> WEB-CLIENT Microsoft Excel file request (web-client.rules, Low) 15481 <-> SPECIFIC-THREATS Zeus/Zbot malware config file download request (specific-threats.rules, High) 15483 <-> WEB-MISC Adobe Shockwave Flash file request (web-misc.rules, Low) 15510 <-> WEB-CLIENT Trend Micro OfficeScan Server cgiRecvFile overflow attempt (web-client.rules, High) 15516 <-> WEB-CLIENT AVI multimedia file request (web-client.rules, Low) 15518 <-> WEB-MISC Embedded Open Type Font download request (web-misc.rules, Low) 15553 <-> SPECIFIC-THREATS Sality virus HTTP GET request (specific-threats.rules, High) 15582 <-> WEB-MISC ARJ format file download attempt (web-misc.rules, Low) 15585 <-> WEB-CLIENT Excel file download request (web-client.rules, Low) 15586 <-> WEB-CLIENT Powerpoint file download request (web-client.rules, Low) 15587 <-> WEB-CLIENT Word file download request (web-client.rules, Low) 15865 <-> WEB-CLIENT MP4 file request (web-client.rules, Low) 15870 <-> WEB-MISC 4xm file request (web-misc.rules, Low) 15895 <-> DELETED CHAT Pidgin MSN P2P message 64bit integer overflow attempt (deleted.rules, High) 15898 <-> WEB-MISC Audio Interchange File Format download request (web-misc.rules, Low) 15899 <-> WEB-MISC Audio Interchange File Format file request (web-misc.rules, Low) 15900 <-> WEB-MISC Audio Interchange File Format request (web-misc.rules, Low) 15908 <-> WEB-MISC Trend Micro OfficeScan multiple CGI modules HTTP form processing buffer overflow attempt (web-misc.rules, High) 15921 <-> WEB-CLIENT Microsoft media format file download request (web-client.rules, Low) 15922 <-> WEB-CLIENT mp3 file download request (web-client.rules, Low) 15945 <-> WEB-CLIENT RSS file download request (web-client.rules, Low) 15962 <-> SPECIFIC-THREATS Sybase EAServer WebConsole overflow attempt (specific-threats.rules, High) 15978 <-> WEB-MISC Macromedia JRun 4 mod_jrun buffer overflow attempt (web-misc.rules, High) 15980 <-> WEB-MISC Apache mod_ssl hook functions format string attempt (web-misc.rules, High) 15982 <-> WEB-MISC Ipswitch WhatsUp Gold DOS Device HTTP request denial of service attempt (web-misc.rules, Medium) 15987 <-> WEB-MISC Microsoft Visio DXF file download request (web-misc.rules, Low) 15990 <-> WEB-MISC Macromedia JRun 4.x server file disclosure attempt (web-misc.rules, High) 16002 <-> WEB-CLIENT Apple Mac OS X installer package filename format string vulnerability (web-client.rules, High) 16003 <-> WEB-CLIENT Apple Mac OS X installer package filename format string vulnerability (web-client.rules, High) 16004 <-> WEB-CLIENT Apple Mac OS X installer package filename format string vulnerability (web-client.rules, High) 16052 <-> WEB-CLIENT Novell iManager Tomcat http post handling DoS attempt (web-client.rules, Medium) 16094 <-> BACKDOOR trojan downloader exchan.gen variant runtime detection (backdoor.rules, High) 16097 <-> BACKDOOR trojan win32.agent.vvm runtime detection (backdoor.rules, High) 16098 <-> BACKDOOR win32.cekar variant runtime detection (backdoor.rules, High) 16099 <-> BACKDOOR trojan-dropper.win32.agent.wdv runtime detection (backdoor.rules, High) 16100 <-> BACKDOOR trojan-downloader.win32.delf.phh runtime detection - file.exe (backdoor.rules, High) 16101 <-> BACKDOOR trojan-downloader.win32.delf.phh runtime detection - 57329.exe (backdoor.rules, High) 16102 <-> BACKDOOR trojan-downloader.win32.delf.phh runtime detection - sft_ver1.1454.0.exe (backdoor.rules, High) 16105 <-> BACKDOOR trojan.zlob runtime detection - topqualityads (backdoor.rules, High) 16108 <-> BACKDOOR trojan downloader exchanger.gen2 runtime detection (backdoor.rules, High) 16109 <-> BACKDOOR trojan-downloader.win32.zlob.wwv runtime detection - onestoponlineshop (backdoor.rules, High) 16110 <-> BACKDOOR trojan-downloader.win32.zlob.wwv runtime detection - childhe (backdoor.rules, High) 16111 <-> BACKDOOR trojan-downloader.win32.zlob.wwv installtime detection (backdoor.rules, High) 16112 <-> BACKDOOR trojan downloader.agent.vhb runtime detection - contact remote server (backdoor.rules, High) 16113 <-> BACKDOOR trojan downloader.agent.vhb runtime detection - request login page (backdoor.rules, High) 16141 <-> SPECIFIC-THREATS Kaspersky Online Scanner trojaned Dll download attempt (specific-threats.rules, High) 16144 <-> SPECIFIC-THREATS Bredolab downloader communication with server attempt (specific-threats.rules, High) 16190 <-> ORACLE Oracle Secure Backup Administration server property_box.php command injection attempt (oracle.rules, High) 16191 <-> ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET (oracle.rules, High) 16192 <-> ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via POST (oracle.rules, High) 16203 <-> DELETED Squid Proxy invalid HTTP response code denial of service attempt (deleted.rules, Medium) 16204 <-> WEB-CLIENT HP OpenView Network Node Manager ovlaunch host field overflow attempt (web-client.rules, High) 16205 <-> WEB-MISC bitmap file download request (web-misc.rules, Low) 16219 <-> WEB-CLIENT Adobe Director file format transfer (web-client.rules, Low) 16242 <-> BACKDOOR downloader-ash.gen.b runtime detection - adload (backdoor.rules, High) 16243 <-> BACKDOOR downloader-ash.gen.b runtime detection - 3264.php (backdoor.rules, High) 16244 <-> BACKDOOR rogue software xp police antivirus runtime detection - purchase (backdoor.rules, High) 16245 <-> BACKDOOR rogue software xp police antivirus install-timedetection (backdoor.rules, High) 16246 <-> BACKDOOR rogue software spyware protect 2009 runtime detection - purchase request (backdoor.rules, High) 16247 <-> BACKDOOR rogue software spyware protect 2009 runtime detection - block (backdoor.rules, High) 16248 <-> BACKDOOR rogue software ms antispyware 2009 runtime detection - start (backdoor.rules, High) 16249 <-> BACKDOOR rogue software ms antispyware 2009 runtime detection - pay (backdoor.rules, High) 16250 <-> BACKDOOR rogue software win pc defender runtime detection (backdoor.rules, High) 16251 <-> BACKDOOR rogue software win pc defender installtime detection (backdoor.rules, High) 16252 <-> BACKDOOR rogue software pro antispyware 2009 runtime detection - purchase (backdoor.rules, High) 16253 <-> BACKDOOR rogue software system security 2009 runtime detection (backdoor.rules, High) 16254 <-> BACKDOOR rogue software system security 2009 installtime detection (backdoor.rules, High) 16256 <-> BACKDOOR rogue software coreguard antivirus 2009 runtime detection (backdoor.rules, High) 16257 <-> BACKDOOR rogue software perfect defender 2009 runtime detection - update (backdoor.rules, High) 16258 <-> BACKDOOR rogue software perfect defender 2009 runtime detection - purchase (backdoor.rules, High) 16259 <-> BACKDOOR rogue software antivirusdoktor2009 runtime detection (backdoor.rules, High) 16260 <-> BACKDOOR rogue software xp antivirus protection runtime detection - installation (backdoor.rules, High) 16261 <-> BACKDOOR rogue software xp antivirus protection runtime detection - runtime (backdoor.rules, High) 16262 <-> BACKDOOR rogue software xp-shield runtime detection (backdoor.rules, High) 16263 <-> BACKDOOR rogue software xp-shield runtime detection - installation (backdoor.rules, High) 16264 <-> BACKDOOR rogue software 007 anti-spyware runtime detection - update (backdoor.rules, High) 16265 <-> BACKDOOR rogue software 007 anti-spyware runtime detection - register (backdoor.rules, High) 16266 <-> BACKDOOR rogue software pc antispyware 2010 runtime detection - buy (backdoor.rules, High) 16267 <-> BACKDOOR rogue software pc antispyware 2010 runtime detection - files (backdoor.rules, High) 16268 <-> BACKDOOR trojan.tdss.1.gen install-time detection - yournewsblog.net (backdoor.rules, High) 16269 <-> BACKDOOR trojan.tdss.1.gen install-time detection - findzproportal1.com (backdoor.rules, High) 16272 <-> BACKDOOR trojan-dropper.irc.tkb runtime detection - lordhack (backdoor.rules, High) 16273 <-> BACKDOOR trojan-dropper.irc.tkb runtime detection - dxcpm (backdoor.rules, High) 16279 <-> BACKDOOR rogue-software windows antivirus 2008 runtime detection - pre-sale page (backdoor.rules, High) 16280 <-> BACKDOOR rogue-software windows antivirus 2008 runtime detection - registration and payment page (backdoor.rules, High) 16286 <-> WEB-MISC TrueType font file download request (web-misc.rules, Low) 16362 <-> SPECIFIC-THREATS SpyForms malware call home attempt (specific-threats.rules, High) 16365 <-> SPECIFIC-THREATS Trojan OnlineGames download atttempt (specific-threats.rules, High) 16391 <-> SPECIFIC-THREATS Gozi Trojan connection to C&C attempt (specific-threats.rules, High) 16406 <-> WEB-MISC JPEG file download attempt (web-misc.rules, Low) 16407 <-> WEB-MISC JPEG file download attempt (web-misc.rules, Low) 16425 <-> WEB-CLIENT Portable Executable binary file transfer (web-client.rules, Low) 16429 <-> WEB-MISC Novell iManager eDirectory plugin schema buffer overflow attempt - GET request (web-misc.rules, High) 16430 <-> WEB-MISC Novell iManager eDirectory plugin schema buffer overflow attempt - POST request (web-misc.rules, High) 16451 <-> DELETED Palm WebOS 1.2.0 floating point exception denial of service attempt (deleted.rules, Medium) 16457 <-> BACKDOOR Trojan.Downloader.Win32.Cutwail.AI runtime detection (backdoor.rules, High) 16473 <-> WEB-CLIENT Microsoft Windows Movie Maker project file download request (web-client.rules, Low) 16476 <-> WEB-CLIENT Microsoft .MSProducer file download request (web-client.rules, Low) 16477 <-> WEB-CLIENT Microsoft .MSProducerZ file download request (web-client.rules, Low) 16478 <-> WEB-CLIENT Microsoft .MSProducerBF file download request (web-client.rules, Low) 16484 <-> SPECIFIC-THREATS Koobface contact to C&C server attempt (specific-threats.rules, Low) 16485 <-> SPECIFIC-THREATS Koobface request for captcha attempt (specific-threats.rules, Low) 16522 <-> WEB-CLIENT Novell QuickFinder server cross-site-scripting attempt (web-client.rules, High) 16527 <-> SPECIFIC-THREATS Zbot malware config file download request (specific-threats.rules, High) 16528 <-> SPECIFIC-THREATS Zbot malware config file download request (specific-threats.rules, High) 16529 <-> WEB-MISC JPEG file download attempt (web-misc.rules, Low) 16552 <-> WEB-CLIENT Adobe .pfb download attempt (web-client.rules, Medium) 16555 <-> WEB-MISC HP Openview Network Node Manager OvAcceptLang overflow attempt (web-misc.rules, High) 16556 <-> SPECIFIC-THREATS 2imaegshack/lmageshack IM worm get request attempt (specific-threats.rules, Low) 16604 <-> WEB-MISC HP OpenView Network Node Manager ovalarm.exe Accept-Language buffer overflow attempt (web-misc.rules, High)
