Sourcefire VRT Rules Update

Date: 2010-07-13

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8_6_0.

The format of the file is:

sid - Message (rule group, priority)

New rules:
16802 <-> WEB-ACTIVEX WinDVD IASystemInfo.dll ActiveX clsid access (web-activex.rules, High)
16803 <-> WEB-ACTIVEX WinDVD IASystemInfo.dll ActiveX clsid unicode access (web-activex.rules, High)
16804 <-> BACKDOOR  Backdoor.Win32.Qakbot.E - initial load (backdoor.rules, High)
16805 <-> BACKDOOR  Backdoor.Win32.Qakbot.E config check (backdoor.rules, High)
16806 <-> BACKDOOR Backdoor.Win32.Qakbot.E - FTP upload seclog (backdoor.rules, High)
16807 <-> BACKDOOR Backdoor.Win32.Qakbot.E - FTP Upload ps_dump (backdoor.rules, High)
16808 <-> BACKDOOR Backdoor.Win32.Qakbot.E - register client (backdoor.rules, High)
16809 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High)
16810 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High)
16811 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High)
16812 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High)
16813 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High)
16814 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High)
16815 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High)
16816 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High)
16817 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High)
16818 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High)
16819 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High)
16820 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High)
16821 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High)
16822 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High)
16823 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High)
16824 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High)
16825 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High)
16826 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High)
16827 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High)
16828 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High)
16829 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High)
16830 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High)
16831 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High)
16832 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High)
16833 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High)
16834 <-> BLACKLIST DNS request for known malware domain qd.netkill.com.cn - Trojan-Downloader.Win32.Adload.rzx (blacklist.rules, High)
16835 <-> BLACKLIST DNS request for known malware domain exe.146843.com - Trojan.Win32.Opeg.a (blacklist.rules, High)
16836 <-> BLACKLIST DNS request for known malware domain ra03.e5732.com - Trojan-Clicker.Win32.Small.afg (blacklist.rules, High)
16837 <-> BLACKLIST DNS request for known malware domain dangercheats.com.br - Trojan.Win32.Refroso.arnq (blacklist.rules, High)
16838 <-> BLACKLIST DNS request for known malware domain xlm.ppvsr.com - Trojan-GameThief.Win32.OnLineGames.wwcf (blacklist.rules, High)
16839 <-> BLACKLIST DNS request for known malware domain sh16.e8753.com - Trojan.Win32.Scar.ccqb (blacklist.rules, High)
16840 <-> BLACKLIST DNS request for known malware domain rx11.e6532.com - Trojan.Win32.Opeg.a (blacklist.rules, High)
16841 <-> BLACKLIST DNS request for known malware domain podgorz.org - Trojan-Spy.Win32.Zbot.gen (blacklist.rules, High)
16842 <-> BLACKLIST DNS request for known malware domain sp19.e4578.com - Trojan-Downloader.Win32.Genome.njz (blacklist.rules, High)
16843 <-> BLACKLIST DNS request for known malware domain 1.7zsm.com - Trojan-Downloader.Win32.Agent.dtuo (blacklist.rules, High)
16844 <-> BLACKLIST DNS request for known malware domain rm08.e4562.com - Trojan-Downloader.Win32.Agent.dngx (blacklist.rules, High)
16845 <-> BLACKLIST DNS request for known malware domain rc04.e6532.com - Trojan-Downloader.Win32.Genome.awld (blacklist.rules, High)
16846 <-> BLACKLIST DNS request for known malware domain bedayton.com - Trojan-Downloader.Win32.Agent.dlhe (blacklist.rules, High)
16847 <-> BLACKLIST DNS request for known malware domain rz12.e6805.com - Trojan-Downloader.Win32.Genome.awld (blacklist.rules, High)
16848 <-> BLACKLIST DNS request for known malware domain in.chinaitlm.cn - Trojan.VBS.HideIcon.d (blacklist.rules, High)
16849 <-> BLACKLIST DNS request for known malware domain re05.e6532.com - Trojan-Downloader.Win32.Genome.awld (blacklist.rules, High)
16850 <-> BLACKLIST DNS request for known malware domain kldmten.net - Trojan-Spy.Win32.Zbot.akra (blacklist.rules, High)
16851 <-> BLACKLIST DNS request for known malware domain forelc.cc - Trojan-Ransom.Win32.XBlocker.ahe (blacklist.rules, High)
16852 <-> BLACKLIST DNS request for known malware domain v.yao63.com - Trojan-Downloader.Win32.Agent.dqns (blacklist.rules, High)
16853 <-> BLACKLIST DNS request for known malware domain vh26.e4578.com - Trojan.Win32.Opeg.a (blacklist.rules, High)
16854 <-> BLACKLIST DNS request for known malware domain up1.give2sms.com - Trojan-Downloader.Win32.Genome.est (blacklist.rules, High)
16855 <-> BLACKLIST DNS request for known malware domain d.123kuaihuo.com - Trojan.Win32.Scar.clbx (blacklist.rules, High)
16856 <-> BLACKLIST DNS request for known malware domain andy.cd - Backdoor.Win32.Agent.auto (blacklist.rules, High)
16857 <-> BLACKLIST DNS request for known malware domain site.mynet.com - Trojan.Win32.Buzus.dxsr (blacklist.rules, High)
16858 <-> BLACKLIST DNS request for known malware domain charter-x.biz - Packed.Win32.Krap.ae (blacklist.rules, High)
16859 <-> BLACKLIST DNS request for known malware domain gerherber.com - Trojan-Spy.Win32.Zbot.akdw (blacklist.rules, High)
16860 <-> BLACKLIST DNS request for known malware domain urodinam.net - Trojan.Win32.TDSS.azsj (blacklist.rules, High)
16861 <-> BLACKLIST DNS request for known malware domain gite-eguisheim.com - Trojan-Downloader.Win32.Piker.clp (blacklist.rules, High)
16862 <-> BLACKLIST DNS request for known malware domain phaizeipeu.ru - Packed.Win32.Krap.gx (blacklist.rules, High)
16863 <-> BLACKLIST DNS request for known malware domain teendx.com - Trojan-Spy.Win32.Zbot.gen (blacklist.rules, High)
16864 <-> BLACKLIST DNS request for known malware domain taiping2033.2288.org - Trojan-Downloader.Win32.Selvice.afy (blacklist.rules, High)
16865 <-> BLACKLIST DNS request for known malware domain cnfg.maxsitesrevenues.net - Trojan.Win32.BHO.afke (blacklist.rules, High)
16866 <-> BLACKLIST DNS request for known malware domain members.multimania.co.uk - Trojan.Win32.Inject.ahqv (blacklist.rules, High)
16867 <-> BLACKLIST DNS request for known malware domain down.toopc.com - Trojan-Dropper.Win32.Clons.hai (blacklist.rules, High)
16868 <-> BLACKLIST DNS request for known malware domain hostshack.net - Trojan.Win32.Buzus.empl (blacklist.rules, High)
16869 <-> BLACKLIST DNS request for known malware domain tt.vv49.com - Trojan-GameThief.Win32.OnLineGames.bnkb (blacklist.rules, High)
16870 <-> BLACKLIST DNS request for known malware domain search.sidegreen.com - Backdoor.Win32.Agent.arqi (blacklist.rules, High)
16871 <-> BLACKLIST DNS request for known malware domain parfaitpournous.com - Trojan-Spy.Win32.Zbot.gen (blacklist.rules, High)
16872 <-> BLACKLIST DNS request for known malware domain postmetoday.ru - Packed.Win32.Katusha.j (blacklist.rules, High)
16873 <-> BLACKLIST DNS request for known malware domain youword.cn - Trojan.Win32.Scar.bvgu (blacklist.rules, High)
16874 <-> BLACKLIST DNS request for known malware domain ophaeghaev.ru - Trojan-Spy.Win32.Zbot.akmi (blacklist.rules, High)
16875 <-> BLACKLIST DNS request for known malware domain up1.free-sms.co.kr - Trojan.Win32.Vilsel.akp (blacklist.rules, High)
16876 <-> BLACKLIST DNS request for known malware domain c.softdowns.info - Trojan.BAT.Agent.yn (blacklist.rules, High)
16877 <-> BLACKLIST DNS request for known malware domain ddkom.biz - Trojan.Win32.Scar.ckhr (blacklist.rules, High)
16878 <-> BLACKLIST DNS request for known malware domain vopret.ru - Trojan.Win32.FraudPack.axwn (blacklist.rules, High)
16879 <-> BLACKLIST DNS request for known malware domain dnfpomo.dnfranran.com - Trojan-GameThief.Win32.OnLineGames.bnkx (blacklist.rules, High)
16880 <-> BLACKLIST DNS request for known malware domain dnfuu.3322.org - Trojan-Downloader.Win32.Genome.asrx (blacklist.rules, High)
16881 <-> BLACKLIST DNS request for known malware domain sex-gifts.ru - Trojan-Spy.Win32.Zbot.gen (blacklist.rules, High)
16882 <-> BLACKLIST DNS request for known malware domain 111.168lala.com - Backdoor.Win32.Popwin.cyn (blacklist.rules, High)
16883 <-> BLACKLIST DNS request for known malware domain mcafee-registry.ru - Trojan-Spy.Win32.Zbot.akgb (blacklist.rules, High)
16884 <-> BLACKLIST DNS request for known malware domain bits4ever.ru - Trojan-Spy.Win32.Zbot.aknt (blacklist.rules, High)
16885 <-> BLACKLIST DNS request for known malware domain monicaecarlos.com - Trojan-Downloader.Win32.Genome.awxv (blacklist.rules, High)
16886 <-> BLACKLIST DNS request for known malware domain d.trymedia.com - Trojan-Dropper.Win32.Delf.fkk (blacklist.rules, High)
16887 <-> BLACKLIST DNS request for known malware domain hesneclimi.ru - Packed.Win32.Krap.ae (blacklist.rules, High)
16888 <-> BLACKLIST DNS request for known malware domain dbtte.com - Trojan-Banker.Win32.Banz.crk (blacklist.rules, High)
16889 <-> BLACKLIST DNS request for known malware domain h1.ripway.com - Trojan.Win32.Refroso.bcdq (blacklist.rules, High)
16890 <-> BLACKLIST DNS request for known malware domain in6cs.com - Trojan.Win32.Tdss.beea (blacklist.rules, High)
16891 <-> BLACKLIST DNS request for known malware domain solo1928.ru - Trojan-Spy.Win32.Zbot.gen (blacklist.rules, High)
16892 <-> BLACKLIST DNS request for known malware domain fg545633.host.zgridc.com - Trojan.Win32.Pincav.abub (blacklist.rules, High)
16893 <-> BLACKLIST DNS request for known malware domain primusdns.ru - Backdoor.Win32.Havar.eh (blacklist.rules, High)
16894 <-> BLACKLIST DNS request for known malware domain eq.pccppc.com - Trojan-Downloader.Win32.Pher.fkl (blacklist.rules, High)
16895 <-> BLACKLIST DNS request for known malware domain alodh.in - Backdoor.Win32.Delf.vde (blacklist.rules, High)
16896 <-> BLACKLIST DNS request for known malware domain reward.pnshop.co.kr - Backdoor.Win32.Agent.ahra (blacklist.rules, High)
16897 <-> BLACKLIST DNS request for known malware domain sympathy.hdnews.net - Trojan-Spy.Win32.Zbot.gen (blacklist.rules, High)
16898 <-> BLACKLIST DNS request for known malware domain sx21.e4578.com - Trojan.Win32.Scar.ccqb (blacklist.rules, High)
16899 <-> BLACKLIST DNS request for known malware domain downloadering.9966.org - Trojan.Win32.Vilsel.adxv (blacklist.rules, High)
16900 <-> BLACKLIST DNS request for known malware domain reportes201.com - Trojan-Downloader.Win32.Genome.ashe (blacklist.rules, High)
16901 <-> BLACKLIST DNS request for known malware domain local.1140.co.kr - Trojan-Downloader.Win32.Genome.aobm (blacklist.rules, High)
16902 <-> BLACKLIST DNS request for known malware domain promojoy.net - Packed.Win32.Krap.gx (blacklist.rules, High)
16903 <-> BLACKLIST DNS request for known malware domain gpwg.ws - Worm.Win32.AutoRun.bjca (blacklist.rules, High)
16904 <-> BLACKLIST DNS request for known malware domain xoomer.alice.it - Trojan-Downloader.Win32.Banload.kdu (blacklist.rules, High)
16905 <-> BLACKLIST DNS request for known malware domain xoomer.virgilio.it - Backdoor.Win32.Clar.d (blacklist.rules, High)
16906 <-> BLACKLIST DNS request for known malware domain down.p2pplay.com - Trojan-GameThief.Win32.OnLineGames.wgkv (blacklist.rules, High)
16907 <-> BLACKLIST DNS request for known malware domain livetrust.info - Trojan-Spy.Win32.Zbot.akku (blacklist.rules, High)
16908 <-> BLACKLIST DNS request for known malware domain ootaivilei.ru - Trojan-Spy.Win32.Zbot.akme (blacklist.rules, High)
16909 <-> BLACKLIST DNS request for known malware domain babah20122012.com - Trojan-Spy.Win32.Zbot.akbb (blacklist.rules, High)
16910 <-> BLACKLIST DNS request for known malware domain pattern - 0-0-0-0-0-0-0.info (blacklist.rules, High)
16911 <-> BLACKLIST URI request for known malicious URI - ucsp0416.exe?t= (blacklist.rules, High)
16912 <-> BLACKLIST URI request for known malicious URI - net/cfg2.bin (blacklist.rules, High)
16913 <-> BLACKLIST URI request for known malicious URI - count_log/log/boot.php?p= (blacklist.rules, High)
16914 <-> BLACKLIST URI request for known malicious URI - .bin?ucsp (blacklist.rules, High)
16915 <-> BLACKLIST URI request for known malicious URI - /MNG/Download/?File=AZF (blacklist.rules, High)
16916 <-> BLACKLIST URI request for known malicious URI - /jarun/jezerce (blacklist.rules, High)
16917 <-> BLACKLIST URI request for known malicious URI - /ekaterina/velika (blacklist.rules, High)
16918 <-> BLACKLIST URI request for known malicious URI - /ultimate/fight (blacklist.rules, High)
16919 <-> BLACKLIST URI request for known malicious URI - /tmp/pm.exe?t= (blacklist.rules, High)
16920 <-> BLACKLIST URI request for known malicious URI - /DownLoadFile/BaePo/ver (blacklist.rules, High)
16921 <-> BLACKLIST URI request for known malicious URI - /s1/launcher/update/Update/data/ (blacklist.rules, High)
16922 <-> BLACKLIST URI request for known malicious URI - /cgi-bin/rd.cgi?f=/vercfg.dat?AgentID= (blacklist.rules, High)
16923 <-> BLACKLIST URI request for known malicious URI - /search.php?username=coolweb07&keywords= (blacklist.rules, High)
16924 <-> BLACKLIST URI request for known malicious URI - /inst.php?fff= (blacklist.rules, High)
16925 <-> BLACKLIST URI request for known malicious URI - /message.php?subid= (blacklist.rules, High)
16926 <-> BLACKLIST URI request for known malicious URI - /stat.htm?id= (blacklist.rules, High)
16927 <-> BLACKLIST URI request for known malicious URI - MGWEB.php?c=TestUrl (blacklist.rules, High)
16928 <-> BLACKLIST URI request for known malicious URI - /stat.html?0dPg0uXTraCSqrOdlrKpmpyorePbz (blacklist.rules, High)
16929 <-> BLACKLIST URI request for known malicious URI - gate.php?guid= (blacklist.rules, High)
16930 <-> BLACKLIST URI request for known malicious URI - count.asp?mac= (blacklist.rules, High)
16931 <-> BLACKLIST URI request for known malicious URI - feedbigfoot.php?m= (blacklist.rules, High)
16932 <-> BLACKLIST URI request for known malicious URI - /qqnongchang/qqkj. (blacklist.rules, High)
16933 <-> BLACKLIST URI request for known malicious URI - /root/9 frt.rar (blacklist.rules, High)
16934 <-> PHISHING-SPAM pku-edp.cn known spam email attempt (phishing-spam.rules, High)
16935 <-> PHISHING-SPAM sjtu-edp.cn known spam email attempt (phishing-spam.rules, High)
16936 <-> PHISHING-SPAM xoposuhop.cn xoposuhop.cn known spam email attempt (phishing-spam.rules, High)
16937 <-> PHISHING-SPAM bestdrug-store.com known spam email attempt (phishing-spam.rules, High)
16938 <-> PHISHING-SPAM pharmrik66y.ru known spam email attempt (phishing-spam.rules, High)
16939 <-> PHISHING-SPAM refillleonardo59y.ru known spam email attempt (phishing-spam.rules, High)
16940 <-> PHISHING-SPAM medfreddie55a.ru known spam email attempt (phishing-spam.rules, High)
16941 <-> PHISHING-SPAM drugshershel38w.ru known spam email attempt (phishing-spam.rules, High)
16942 <-> PHISHING-SPAM drugshayyim77n.ru known spam email attempt (phishing-spam.rules, High)
16943 <-> PHISHING-SPAM erectguthry99c.ru known spam email attempt (phishing-spam.rules, High)
16944 <-> PHISHING-SPAM pilldory92n.ru known spam email attempt (phishing-spam.rules, High)
16945 <-> PHISHING-SPAM tabwinn77t.ru known spam email attempt (phishing-spam.rules, High)
16946 <-> PHISHING-SPAM pillrenault15j.ru known spam email attempt (phishing-spam.rules, High)
16947 <-> PHISHING-SPAM pharmrolland95h.ru known spam email attempt (phishing-spam.rules, High)
16948 <-> PHISHING-SPAM onlineheindrick60i.ru known spam email attempt (phishing-spam.rules, High)
16949 <-> PHISHING-SPAM erectnormie71a.ru known spam email attempt (phishing-spam.rules, High)
16950 <-> PHISHING-SPAM tabscotti71i.ru known spam email attempt (phishing-spam.rules, High)
16951 <-> PHISHING-SPAM drugsjudd45f.ru known spam email attempt (phishing-spam.rules, High)
16952 <-> PHISHING-SPAM pharmharman55y.ru known spam email attempt (phishing-spam.rules, High)
16953 <-> PHISHING-SPAM medgaultiero11e.ru known spam email attempt (phishing-spam.rules, High)
16954 <-> PHISHING-SPAM pillgaylor21n.ru known spam email attempt (phishing-spam.rules, High)
16955 <-> PHISHING-SPAM drugspenn84f.ru known spam email attempt (phishing-spam.rules, High)
16956 <-> PHISHING-SPAM medebeneser68c.ru known spam email attempt (phishing-spam.rules, High)
16957 <-> PHISHING-SPAM tabmario94r.ru known spam email attempt (phishing-spam.rules, High)
16958 <-> PHISHING-SPAM tablennard88q.ru known spam email attempt (phishing-spam.rules, High)
16959 <-> PHISHING-SPAM medforster79j.ru known spam email attempt (phishing-spam.rules, High)
16960 <-> PHISHING-SPAM erectvincent21v.ru known spam email attempt (phishing-spam.rules, High)
16961 <-> PHISHING-SPAM drugsdemott21o.ru known spam email attempt (phishing-spam.rules, High)
16962 <-> PHISHING-SPAM onlinelovell30p.ru known spam email attempt (phishing-spam.rules, High)
16963 <-> PHISHING-SPAM erecttaylor49i.ru known spam email attempt (phishing-spam.rules, High)
16964 <-> PHISHING-SPAM smellexact.ru known spam email attempt (phishing-spam.rules, High)
16965 <-> PHISHING-SPAM givehome.ru known spam email attempt (phishing-spam.rules, High)
16966 <-> PHISHING-SPAM thingpath.ru known spam email attempt (phishing-spam.rules, High)
16967 <-> PHISHING-SPAM wereif.ru known spam email attempt (phishing-spam.rules, High)
16968 <-> PHISHING-SPAM bassmax.ru known spam email attempt (phishing-spam.rules, High)
16969 <-> PHISHING-SPAM steadfig.ru known spam email attempt (phishing-spam.rules, High)
16970 <-> PHISHING-SPAM drugsmayne5a.ru known spam email attempt (phishing-spam.rules, High)
16971 <-> PHISHING-SPAM mystick.ru known spam email attempt (phishing-spam.rules, High)
16972 <-> PHISHING-SPAM drugsrey95a.ru known spam email attempt (phishing-spam.rules, High)
16973 <-> PHISHING-SPAM milklowly.ru known spam email attempt (phishing-spam.rules, High)
16974 <-> PHISHING-SPAM numberenough.ru known spam email attempt (phishing-spam.rules, High)
16975 <-> PHISHING-SPAM oldsheer.ru known spam email attempt (phishing-spam.rules, High)
16976 <-> PHISHING-SPAM logzest.ru known spam email attempt (phishing-spam.rules, High)
16977 <-> PHISHING-SPAM energypotent.ru known spam email attempt (phishing-spam.rules, High)
16978 <-> PHISHING-SPAM outhave.ru known spam email attempt (phishing-spam.rules, High)
16979 <-> PHISHING-SPAM solvecalm.ru known spam email attempt (phishing-spam.rules, High)
16980 <-> PHISHING-SPAM stillvisit.ru known spam email attempt (phishing-spam.rules, High)
16981 <-> PHISHING-SPAM livelycall.ru known spam email attempt (phishing-spam.rules, High)
16982 <-> PHISHING-SPAM 64.com1.ru known spam email attempt (phishing-spam.rules, High)
16983 <-> PHISHING-SPAM heatsettle.ru known spam email attempt (phishing-spam.rules, High)
16984 <-> PHISHING-SPAM freshmuch.ru known spam email attempt (phishing-spam.rules, High)
16985 <-> PHISHING-SPAM extoleye.ru known spam email attempt (phishing-spam.rules, High)
16986 <-> PHISHING-SPAM extoleye.ru known spam email attempt (phishing-spam.rules, High)
16987 <-> PHISHING-SPAM tabemmerich86b.ru known spam email attempt (phishing-spam.rules, High)
16988 <-> PHISHING-SPAM moderneight.ru known spam email attempt (phishing-spam.rules, High)
16989 <-> PHISHING-SPAM tabferd49a.ru known spam email attempt (phishing-spam.rules, High)
16990 <-> PHISHING-SPAM nextmail.ru known spam email attempt (phishing-spam.rules, High)
16991 <-> PHISHING-SPAM fruitone.ru known spam email attempt (phishing-spam.rules, High)
16992 <-> PHISHING-SPAM liquideat.ru known spam email attempt (phishing-spam.rules, High)
16993 <-> PHISHING-SPAM tabwinn2a.ru known spam email attempt (phishing-spam.rules, High)
16994 <-> PHISHING-SPAM abletool.ru known spam email attempt (phishing-spam.rules, High)
16995 <-> PHISHING-SPAM miltyrefil.ru known spam email attempt (phishing-spam.rules, High)
16996 <-> PHISHING-SPAM quincytab.ru known spam email attempt (phishing-spam.rules, High)
16997 <-> PHISHING-SPAM giacoporx.ru known spam email attempt (phishing-spam.rules, High)
16998 <-> PHISHING-SPAM drugsnevile.ru known spam email attempt (phishing-spam.rules, High)
16999 <-> PHISHING-SPAM jasemed.ru known spam email attempt (phishing-spam.rules, High)
17000 <-> PHISHING-SPAM ximenezdrug.ru known spam email attempt (phishing-spam.rules, High)
17001 <-> PHISHING-SPAM dillonline.ru known spam email attempt (phishing-spam.rules, High)
17002 <-> PHISHING-SPAM swellliquid.ru known spam email attempt (phishing-spam.rules, High)
17003 <-> PHISHING-SPAM younglaugh.ru known spam email attempt (phishing-spam.rules, High)
17004 <-> PHISHING-SPAM 2047757.kaskad-travel.ru known spam email attempt (phishing-spam.rules, High)
17005 <-> PHISHING-SPAM paintwater.ru known spam email attempt (phishing-spam.rules, High)
17006 <-> PHISHING-SPAM lovingover.ru known spam email attempt (phishing-spam.rules, High)
17007 <-> PHISHING-SPAM pharmerastus.ru known spam email attempt (phishing-spam.rules, High)
17008 <-> PHISHING-SPAM hisoffer.ru known spam email attempt (phishing-spam.rules, High)
17009 <-> PHISHING-SPAM butleft.ru known spam email attempt (phishing-spam.rules, High)
17010 <-> PHISHING-SPAM starknow.ru known spam email attempt (phishing-spam.rules, High)
17011 <-> PHISHING-SPAM beginwisdom.ru known spam email attempt (phishing-spam.rules, High)
17012 <-> PHISHING-SPAM oneus.ru known spam email attempt (phishing-spam.rules, High)
17013 <-> PHISHING-SPAM reapcomfy.ru known spam email attempt (phishing-spam.rules, High)
17014 <-> PHISHING-SPAM rowsay.ru known spam email attempt (phishing-spam.rules, High)
17015 <-> PHISHING-SPAM pamperletter.ru known spam email attempt (phishing-spam.rules, High)
17016 <-> PHISHING-SPAM boxdouble.ru known spam email attempt (phishing-spam.rules, High)
17017 <-> PHISHING-SPAM beatmoon.ru known spam email attempt (phishing-spam.rules, High)
17018 <-> PHISHING-SPAM ensureequate.ru known spam email attempt (phishing-spam.rules, High)
17019 <-> PHISHING-SPAM miltyrefil.ru known spam email attempt (phishing-spam.rules, High)
17020 <-> PHISHING-SPAM sheerwheel.ru known spam email attempt (phishing-spam.rules, High)
17021 <-> PHISHING-SPAM nearpass.ru known spam email attempt (phishing-spam.rules, High)
17022 <-> PHISHING-SPAM thatmile.ru known spam email attempt (phishing-spam.rules, High)
17023 <-> PHISHING-SPAM hillfoot.ru known spam email attempt (phishing-spam.rules, High)
17024 <-> PHISHING-SPAM writeobject.ru known spam email attempt (phishing-spam.rules, High)
17025 <-> PHISHING-SPAM thoughthese.ru known spam email attempt (phishing-spam.rules, High)
17026 <-> PHISHING-SPAM redlead.ru known spam email attempt (phishing-spam.rules, High)
17027 <-> PHISHING-SPAM scoreenjoy.ru known spam email attempt (phishing-spam.rules, High)
17028 <-> PHISHING-SPAM pamperletter.ru known spam email attempt (phishing-spam.rules, High)
17029 <-> PHISHING-SPAM tenderpower.ru known spam email attempt (phishing-spam.rules, High)
17030 <-> PHISHING-SPAM fewvalley.ru known spam email attempt (phishing-spam.rules, High)
17031 <-> PHISHING-SPAM burnshy.ru known spam email attempt (phishing-spam.rules, High)
17032 <-> PHISHING-SPAM centtry.ru known spam email attempt (phishing-spam.rules, High)
17033 <-> PHISHING-SPAM signpearl.ru known spam email attempt (phishing-spam.rules, High)

Updated rules:
9418 <-> BOTNET-CNC bagle.a http notification detection (botnet-cnc.rules, High)
10113 <-> BOTNET-CNC Trojan Peacomm command and control propagation detected (botnet-cnc.rules, High)
10114 <-> BOTNET-CNC Trojan Peacomm command and control propagation detected (botnet-cnc.rules, High)
10403 <-> BOTNET-CNC Trojan.Duntek Checkin GET Request (botnet-cnc.rules, High)
13953 <-> BOTNET-CNC Asprox trojan initial query (botnet-cnc.rules, High)
15295 <-> BOTNET-CNC Trojan.Bankpatch.C configuration attempt (botnet-cnc.rules, High)
15296 <-> BOTNET-CNC Trojan.Bankpatch.C malicious file download attempt (botnet-cnc.rules, High)
15297 <-> BOTNET-CNC Trojan.Bankpatch.C report home attempt (botnet-cnc.rules, High)
15423 <-> BOTNET-CNC Clampi virus communication detected (botnet-cnc.rules, High)
15481 <-> BOTNET-CNC Zeus/Zbot malware config file download request (botnet-cnc.rules, High)
15553 <-> BOTNET-CNC Sality virus HTTP GET request (botnet-cnc.rules, High)
15730 <-> BOTNET-CNC Delf Trojan POST attempt (botnet-cnc.rules, High)
15938 <-> BOTNET-CNC Backdoor SubSeven client connection to server (botnet-cnc.rules, High)
16297 <-> BOTNET-CNC Palevo bot DNS request for C&C attempt (botnet-cnc.rules, High)
16298 <-> BOTNET-CNC Palevo bot DNS request attempt (botnet-cnc.rules, Low)
16299 <-> BOTNET-CNC Palevo bot DNS request attempt (botnet-cnc.rules, Low)
16302 <-> BOTNET-CNC Virut DNS request for C&C attempt (botnet-cnc.rules, High)
16303 <-> BOTNET-CNC Virut DNS request attempt (botnet-cnc.rules, High)
16304 <-> BOTNET-CNC Virut DNS request attempt (botnet-cnc.rules, High)
16368 <-> BOTNET-CNC Hydraq/Aurora connection to C&C server attempt (botnet-cnc.rules, High)
16391 <-> BOTNET-CNC Gozi Trojan connection to C&C attempt (botnet-cnc.rules, High)
16439 <-> BOTNET-CNC Possible Zeus User-Agent - _TEST_ (botnet-cnc.rules, High)
16440 <-> BOTNET-CNC Possible Zeus User-Agent - ie (botnet-cnc.rules, High)
16441 <-> BOTNET-CNC Possible Zeus User-Agent - Download (botnet-cnc.rules, High)
16442 <-> BOTNET-CNC Possible Zeus User-Agent - Mozilla (botnet-cnc.rules, High)
16459 <-> BOTNET-CNC Trojan command and control communication attempt (botnet-cnc.rules, High)
16483 <-> BOTNET-CNC Koobface worm submission of collected data to C&C server attempt (botnet-cnc.rules, High)
16484 <-> BOTNET-CNC Koobface contact to C&C server attempt (botnet-cnc.rules, High)
16485 <-> BOTNET-CNC Koobface request for captcha attempt (botnet-cnc.rules, High)
16526 <-> BOTNET-CNC VanBot IRC communication attempt (botnet-cnc.rules, High)
16527 <-> BOTNET-CNC Zbot malware config file download request (botnet-cnc.rules, High)
16528 <-> BOTNET-CNC Zbot malware config file download request (botnet-cnc.rules, High)