Sourcefire VRT Rules Update
Date: 2010-07-13
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8_6_0.
The format of the file is:
sid - Message (rule group, priority)
New rules: 16802 <-> WEB-ACTIVEX WinDVD IASystemInfo.dll ActiveX clsid access (web-activex.rules, High) 16803 <-> WEB-ACTIVEX WinDVD IASystemInfo.dll ActiveX clsid unicode access (web-activex.rules, High) 16804 <-> BACKDOOR Backdoor.Win32.Qakbot.E - initial load (backdoor.rules, High) 16805 <-> BACKDOOR Backdoor.Win32.Qakbot.E config check (backdoor.rules, High) 16806 <-> BACKDOOR Backdoor.Win32.Qakbot.E - FTP upload seclog (backdoor.rules, High) 16807 <-> BACKDOOR Backdoor.Win32.Qakbot.E - FTP Upload ps_dump (backdoor.rules, High) 16808 <-> BACKDOOR Backdoor.Win32.Qakbot.E - register client (backdoor.rules, High) 16809 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High) 16810 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High) 16811 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High) 16812 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High) 16813 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High) 16814 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High) 16815 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High) 16816 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High) 16817 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High) 16818 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High) 16819 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High) 16820 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High) 16821 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High) 16822 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High) 16823 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High) 16824 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High) 16825 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High) 16826 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High) 16827 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High) 16828 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High) 16829 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High) 16830 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High) 16831 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High) 16832 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High) 16833 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High) 16834 <-> BLACKLIST DNS request for known malware domain qd.netkill.com.cn - Trojan-Downloader.Win32.Adload.rzx (blacklist.rules, High) 16835 <-> BLACKLIST DNS request for known malware domain exe.146843.com - Trojan.Win32.Opeg.a (blacklist.rules, High) 16836 <-> BLACKLIST DNS request for known malware domain ra03.e5732.com - Trojan-Clicker.Win32.Small.afg (blacklist.rules, High) 16837 <-> BLACKLIST DNS request for known malware domain dangercheats.com.br - Trojan.Win32.Refroso.arnq (blacklist.rules, High) 16838 <-> BLACKLIST DNS request for known malware domain xlm.ppvsr.com - Trojan-GameThief.Win32.OnLineGames.wwcf (blacklist.rules, High) 16839 <-> BLACKLIST DNS request for known malware domain sh16.e8753.com - Trojan.Win32.Scar.ccqb (blacklist.rules, High) 16840 <-> BLACKLIST DNS request for known malware domain rx11.e6532.com - Trojan.Win32.Opeg.a (blacklist.rules, High) 16841 <-> BLACKLIST DNS request for known malware domain podgorz.org - Trojan-Spy.Win32.Zbot.gen (blacklist.rules, High) 16842 <-> BLACKLIST DNS request for known malware domain sp19.e4578.com - Trojan-Downloader.Win32.Genome.njz (blacklist.rules, High) 16843 <-> BLACKLIST DNS request for known malware domain 1.7zsm.com - Trojan-Downloader.Win32.Agent.dtuo (blacklist.rules, High) 16844 <-> BLACKLIST DNS request for known malware domain rm08.e4562.com - Trojan-Downloader.Win32.Agent.dngx (blacklist.rules, High) 16845 <-> BLACKLIST DNS request for known malware domain rc04.e6532.com - Trojan-Downloader.Win32.Genome.awld (blacklist.rules, High) 16846 <-> BLACKLIST DNS request for known malware domain bedayton.com - Trojan-Downloader.Win32.Agent.dlhe (blacklist.rules, High) 16847 <-> BLACKLIST DNS request for known malware domain rz12.e6805.com - Trojan-Downloader.Win32.Genome.awld (blacklist.rules, High) 16848 <-> BLACKLIST DNS request for known malware domain in.chinaitlm.cn - Trojan.VBS.HideIcon.d (blacklist.rules, High) 16849 <-> BLACKLIST DNS request for known malware domain re05.e6532.com - Trojan-Downloader.Win32.Genome.awld (blacklist.rules, High) 16850 <-> BLACKLIST DNS request for known malware domain kldmten.net - Trojan-Spy.Win32.Zbot.akra (blacklist.rules, High) 16851 <-> BLACKLIST DNS request for known malware domain forelc.cc - Trojan-Ransom.Win32.XBlocker.ahe (blacklist.rules, High) 16852 <-> BLACKLIST DNS request for known malware domain v.yao63.com - Trojan-Downloader.Win32.Agent.dqns (blacklist.rules, High) 16853 <-> BLACKLIST DNS request for known malware domain vh26.e4578.com - Trojan.Win32.Opeg.a (blacklist.rules, High) 16854 <-> BLACKLIST DNS request for known malware domain up1.give2sms.com - Trojan-Downloader.Win32.Genome.est (blacklist.rules, High) 16855 <-> BLACKLIST DNS request for known malware domain d.123kuaihuo.com - Trojan.Win32.Scar.clbx (blacklist.rules, High) 16856 <-> BLACKLIST DNS request for known malware domain andy.cd - Backdoor.Win32.Agent.auto (blacklist.rules, High) 16857 <-> BLACKLIST DNS request for known malware domain site.mynet.com - Trojan.Win32.Buzus.dxsr (blacklist.rules, High) 16858 <-> BLACKLIST DNS request for known malware domain charter-x.biz - Packed.Win32.Krap.ae (blacklist.rules, High) 16859 <-> BLACKLIST DNS request for known malware domain gerherber.com - Trojan-Spy.Win32.Zbot.akdw (blacklist.rules, High) 16860 <-> BLACKLIST DNS request for known malware domain urodinam.net - Trojan.Win32.TDSS.azsj (blacklist.rules, High) 16861 <-> BLACKLIST DNS request for known malware domain gite-eguisheim.com - Trojan-Downloader.Win32.Piker.clp (blacklist.rules, High) 16862 <-> BLACKLIST DNS request for known malware domain phaizeipeu.ru - Packed.Win32.Krap.gx (blacklist.rules, High) 16863 <-> BLACKLIST DNS request for known malware domain teendx.com - Trojan-Spy.Win32.Zbot.gen (blacklist.rules, High) 16864 <-> BLACKLIST DNS request for known malware domain taiping2033.2288.org - Trojan-Downloader.Win32.Selvice.afy (blacklist.rules, High) 16865 <-> BLACKLIST DNS request for known malware domain cnfg.maxsitesrevenues.net - Trojan.Win32.BHO.afke (blacklist.rules, High) 16866 <-> BLACKLIST DNS request for known malware domain members.multimania.co.uk - Trojan.Win32.Inject.ahqv (blacklist.rules, High) 16867 <-> BLACKLIST DNS request for known malware domain down.toopc.com - Trojan-Dropper.Win32.Clons.hai (blacklist.rules, High) 16868 <-> BLACKLIST DNS request for known malware domain hostshack.net - Trojan.Win32.Buzus.empl (blacklist.rules, High) 16869 <-> BLACKLIST DNS request for known malware domain tt.vv49.com - Trojan-GameThief.Win32.OnLineGames.bnkb (blacklist.rules, High) 16870 <-> BLACKLIST DNS request for known malware domain search.sidegreen.com - Backdoor.Win32.Agent.arqi (blacklist.rules, High) 16871 <-> BLACKLIST DNS request for known malware domain parfaitpournous.com - Trojan-Spy.Win32.Zbot.gen (blacklist.rules, High) 16872 <-> BLACKLIST DNS request for known malware domain postmetoday.ru - Packed.Win32.Katusha.j (blacklist.rules, High) 16873 <-> BLACKLIST DNS request for known malware domain youword.cn - Trojan.Win32.Scar.bvgu (blacklist.rules, High) 16874 <-> BLACKLIST DNS request for known malware domain ophaeghaev.ru - Trojan-Spy.Win32.Zbot.akmi (blacklist.rules, High) 16875 <-> BLACKLIST DNS request for known malware domain up1.free-sms.co.kr - Trojan.Win32.Vilsel.akp (blacklist.rules, High) 16876 <-> BLACKLIST DNS request for known malware domain c.softdowns.info - Trojan.BAT.Agent.yn (blacklist.rules, High) 16877 <-> BLACKLIST DNS request for known malware domain ddkom.biz - Trojan.Win32.Scar.ckhr (blacklist.rules, High) 16878 <-> BLACKLIST DNS request for known malware domain vopret.ru - Trojan.Win32.FraudPack.axwn (blacklist.rules, High) 16879 <-> BLACKLIST DNS request for known malware domain dnfpomo.dnfranran.com - Trojan-GameThief.Win32.OnLineGames.bnkx (blacklist.rules, High) 16880 <-> BLACKLIST DNS request for known malware domain dnfuu.3322.org - Trojan-Downloader.Win32.Genome.asrx (blacklist.rules, High) 16881 <-> BLACKLIST DNS request for known malware domain sex-gifts.ru - Trojan-Spy.Win32.Zbot.gen (blacklist.rules, High) 16882 <-> BLACKLIST DNS request for known malware domain 111.168lala.com - Backdoor.Win32.Popwin.cyn (blacklist.rules, High) 16883 <-> BLACKLIST DNS request for known malware domain mcafee-registry.ru - Trojan-Spy.Win32.Zbot.akgb (blacklist.rules, High) 16884 <-> BLACKLIST DNS request for known malware domain bits4ever.ru - Trojan-Spy.Win32.Zbot.aknt (blacklist.rules, High) 16885 <-> BLACKLIST DNS request for known malware domain monicaecarlos.com - Trojan-Downloader.Win32.Genome.awxv (blacklist.rules, High) 16886 <-> BLACKLIST DNS request for known malware domain d.trymedia.com - Trojan-Dropper.Win32.Delf.fkk (blacklist.rules, High) 16887 <-> BLACKLIST DNS request for known malware domain hesneclimi.ru - Packed.Win32.Krap.ae (blacklist.rules, High) 16888 <-> BLACKLIST DNS request for known malware domain dbtte.com - Trojan-Banker.Win32.Banz.crk (blacklist.rules, High) 16889 <-> BLACKLIST DNS request for known malware domain h1.ripway.com - Trojan.Win32.Refroso.bcdq (blacklist.rules, High) 16890 <-> BLACKLIST DNS request for known malware domain in6cs.com - Trojan.Win32.Tdss.beea (blacklist.rules, High) 16891 <-> BLACKLIST DNS request for known malware domain solo1928.ru - Trojan-Spy.Win32.Zbot.gen (blacklist.rules, High) 16892 <-> BLACKLIST DNS request for known malware domain fg545633.host.zgridc.com - Trojan.Win32.Pincav.abub (blacklist.rules, High) 16893 <-> BLACKLIST DNS request for known malware domain primusdns.ru - Backdoor.Win32.Havar.eh (blacklist.rules, High) 16894 <-> BLACKLIST DNS request for known malware domain eq.pccppc.com - Trojan-Downloader.Win32.Pher.fkl (blacklist.rules, High) 16895 <-> BLACKLIST DNS request for known malware domain alodh.in - Backdoor.Win32.Delf.vde (blacklist.rules, High) 16896 <-> BLACKLIST DNS request for known malware domain reward.pnshop.co.kr - Backdoor.Win32.Agent.ahra (blacklist.rules, High) 16897 <-> BLACKLIST DNS request for known malware domain sympathy.hdnews.net - Trojan-Spy.Win32.Zbot.gen (blacklist.rules, High) 16898 <-> BLACKLIST DNS request for known malware domain sx21.e4578.com - Trojan.Win32.Scar.ccqb (blacklist.rules, High) 16899 <-> BLACKLIST DNS request for known malware domain downloadering.9966.org - Trojan.Win32.Vilsel.adxv (blacklist.rules, High) 16900 <-> BLACKLIST DNS request for known malware domain reportes201.com - Trojan-Downloader.Win32.Genome.ashe (blacklist.rules, High) 16901 <-> BLACKLIST DNS request for known malware domain local.1140.co.kr - Trojan-Downloader.Win32.Genome.aobm (blacklist.rules, High) 16902 <-> BLACKLIST DNS request for known malware domain promojoy.net - Packed.Win32.Krap.gx (blacklist.rules, High) 16903 <-> BLACKLIST DNS request for known malware domain gpwg.ws - Worm.Win32.AutoRun.bjca (blacklist.rules, High) 16904 <-> BLACKLIST DNS request for known malware domain xoomer.alice.it - Trojan-Downloader.Win32.Banload.kdu (blacklist.rules, High) 16905 <-> BLACKLIST DNS request for known malware domain xoomer.virgilio.it - Backdoor.Win32.Clar.d (blacklist.rules, High) 16906 <-> BLACKLIST DNS request for known malware domain down.p2pplay.com - Trojan-GameThief.Win32.OnLineGames.wgkv (blacklist.rules, High) 16907 <-> BLACKLIST DNS request for known malware domain livetrust.info - Trojan-Spy.Win32.Zbot.akku (blacklist.rules, High) 16908 <-> BLACKLIST DNS request for known malware domain ootaivilei.ru - Trojan-Spy.Win32.Zbot.akme (blacklist.rules, High) 16909 <-> BLACKLIST DNS request for known malware domain babah20122012.com - Trojan-Spy.Win32.Zbot.akbb (blacklist.rules, High) 16910 <-> BLACKLIST DNS request for known malware domain pattern - 0-0-0-0-0-0-0.info (blacklist.rules, High) 16911 <-> BLACKLIST URI request for known malicious URI - ucsp0416.exe?t= (blacklist.rules, High) 16912 <-> BLACKLIST URI request for known malicious URI - net/cfg2.bin (blacklist.rules, High) 16913 <-> BLACKLIST URI request for known malicious URI - count_log/log/boot.php?p= (blacklist.rules, High) 16914 <-> BLACKLIST URI request for known malicious URI - .bin?ucsp (blacklist.rules, High) 16915 <-> BLACKLIST URI request for known malicious URI - /MNG/Download/?File=AZF (blacklist.rules, High) 16916 <-> BLACKLIST URI request for known malicious URI - /jarun/jezerce (blacklist.rules, High) 16917 <-> BLACKLIST URI request for known malicious URI - /ekaterina/velika (blacklist.rules, High) 16918 <-> BLACKLIST URI request for known malicious URI - /ultimate/fight (blacklist.rules, High) 16919 <-> BLACKLIST URI request for known malicious URI - /tmp/pm.exe?t= (blacklist.rules, High) 16920 <-> BLACKLIST URI request for known malicious URI - /DownLoadFile/BaePo/ver (blacklist.rules, High) 16921 <-> BLACKLIST URI request for known malicious URI - /s1/launcher/update/Update/data/ (blacklist.rules, High) 16922 <-> BLACKLIST URI request for known malicious URI - /cgi-bin/rd.cgi?f=/vercfg.dat?AgentID= (blacklist.rules, High) 16923 <-> BLACKLIST URI request for known malicious URI - /search.php?username=coolweb07&keywords= (blacklist.rules, High) 16924 <-> BLACKLIST URI request for known malicious URI - /inst.php?fff= (blacklist.rules, High) 16925 <-> BLACKLIST URI request for known malicious URI - /message.php?subid= (blacklist.rules, High) 16926 <-> BLACKLIST URI request for known malicious URI - /stat.htm?id= (blacklist.rules, High) 16927 <-> BLACKLIST URI request for known malicious URI - MGWEB.php?c=TestUrl (blacklist.rules, High) 16928 <-> BLACKLIST URI request for known malicious URI - /stat.html?0dPg0uXTraCSqrOdlrKpmpyorePbz (blacklist.rules, High) 16929 <-> BLACKLIST URI request for known malicious URI - gate.php?guid= (blacklist.rules, High) 16930 <-> BLACKLIST URI request for known malicious URI - count.asp?mac= (blacklist.rules, High) 16931 <-> BLACKLIST URI request for known malicious URI - feedbigfoot.php?m= (blacklist.rules, High) 16932 <-> BLACKLIST URI request for known malicious URI - /qqnongchang/qqkj. (blacklist.rules, High) 16933 <-> BLACKLIST URI request for known malicious URI - /root/9 frt.rar (blacklist.rules, High) 16934 <-> PHISHING-SPAM pku-edp.cn known spam email attempt (phishing-spam.rules, High) 16935 <-> PHISHING-SPAM sjtu-edp.cn known spam email attempt (phishing-spam.rules, High) 16936 <-> PHISHING-SPAM xoposuhop.cn xoposuhop.cn known spam email attempt (phishing-spam.rules, High) 16937 <-> PHISHING-SPAM bestdrug-store.com known spam email attempt (phishing-spam.rules, High) 16938 <-> PHISHING-SPAM pharmrik66y.ru known spam email attempt (phishing-spam.rules, High) 16939 <-> PHISHING-SPAM refillleonardo59y.ru known spam email attempt (phishing-spam.rules, High) 16940 <-> PHISHING-SPAM medfreddie55a.ru known spam email attempt (phishing-spam.rules, High) 16941 <-> PHISHING-SPAM drugshershel38w.ru known spam email attempt (phishing-spam.rules, High) 16942 <-> PHISHING-SPAM drugshayyim77n.ru known spam email attempt (phishing-spam.rules, High) 16943 <-> PHISHING-SPAM erectguthry99c.ru known spam email attempt (phishing-spam.rules, High) 16944 <-> PHISHING-SPAM pilldory92n.ru known spam email attempt (phishing-spam.rules, High) 16945 <-> PHISHING-SPAM tabwinn77t.ru known spam email attempt (phishing-spam.rules, High) 16946 <-> PHISHING-SPAM pillrenault15j.ru known spam email attempt (phishing-spam.rules, High) 16947 <-> PHISHING-SPAM pharmrolland95h.ru known spam email attempt (phishing-spam.rules, High) 16948 <-> PHISHING-SPAM onlineheindrick60i.ru known spam email attempt (phishing-spam.rules, High) 16949 <-> PHISHING-SPAM erectnormie71a.ru known spam email attempt (phishing-spam.rules, High) 16950 <-> PHISHING-SPAM tabscotti71i.ru known spam email attempt (phishing-spam.rules, High) 16951 <-> PHISHING-SPAM drugsjudd45f.ru known spam email attempt (phishing-spam.rules, High) 16952 <-> PHISHING-SPAM pharmharman55y.ru known spam email attempt (phishing-spam.rules, High) 16953 <-> PHISHING-SPAM medgaultiero11e.ru known spam email attempt (phishing-spam.rules, High) 16954 <-> PHISHING-SPAM pillgaylor21n.ru known spam email attempt (phishing-spam.rules, High) 16955 <-> PHISHING-SPAM drugspenn84f.ru known spam email attempt (phishing-spam.rules, High) 16956 <-> PHISHING-SPAM medebeneser68c.ru known spam email attempt (phishing-spam.rules, High) 16957 <-> PHISHING-SPAM tabmario94r.ru known spam email attempt (phishing-spam.rules, High) 16958 <-> PHISHING-SPAM tablennard88q.ru known spam email attempt (phishing-spam.rules, High) 16959 <-> PHISHING-SPAM medforster79j.ru known spam email attempt (phishing-spam.rules, High) 16960 <-> PHISHING-SPAM erectvincent21v.ru known spam email attempt (phishing-spam.rules, High) 16961 <-> PHISHING-SPAM drugsdemott21o.ru known spam email attempt (phishing-spam.rules, High) 16962 <-> PHISHING-SPAM onlinelovell30p.ru known spam email attempt (phishing-spam.rules, High) 16963 <-> PHISHING-SPAM erecttaylor49i.ru known spam email attempt (phishing-spam.rules, High) 16964 <-> PHISHING-SPAM smellexact.ru known spam email attempt (phishing-spam.rules, High) 16965 <-> PHISHING-SPAM givehome.ru known spam email attempt (phishing-spam.rules, High) 16966 <-> PHISHING-SPAM thingpath.ru known spam email attempt (phishing-spam.rules, High) 16967 <-> PHISHING-SPAM wereif.ru known spam email attempt (phishing-spam.rules, High) 16968 <-> PHISHING-SPAM bassmax.ru known spam email attempt (phishing-spam.rules, High) 16969 <-> PHISHING-SPAM steadfig.ru known spam email attempt (phishing-spam.rules, High) 16970 <-> PHISHING-SPAM drugsmayne5a.ru known spam email attempt (phishing-spam.rules, High) 16971 <-> PHISHING-SPAM mystick.ru known spam email attempt (phishing-spam.rules, High) 16972 <-> PHISHING-SPAM drugsrey95a.ru known spam email attempt (phishing-spam.rules, High) 16973 <-> PHISHING-SPAM milklowly.ru known spam email attempt (phishing-spam.rules, High) 16974 <-> PHISHING-SPAM numberenough.ru known spam email attempt (phishing-spam.rules, High) 16975 <-> PHISHING-SPAM oldsheer.ru known spam email attempt (phishing-spam.rules, High) 16976 <-> PHISHING-SPAM logzest.ru known spam email attempt (phishing-spam.rules, High) 16977 <-> PHISHING-SPAM energypotent.ru known spam email attempt (phishing-spam.rules, High) 16978 <-> PHISHING-SPAM outhave.ru known spam email attempt (phishing-spam.rules, High) 16979 <-> PHISHING-SPAM solvecalm.ru known spam email attempt (phishing-spam.rules, High) 16980 <-> PHISHING-SPAM stillvisit.ru known spam email attempt (phishing-spam.rules, High) 16981 <-> PHISHING-SPAM livelycall.ru known spam email attempt (phishing-spam.rules, High) 16982 <-> PHISHING-SPAM 64.com1.ru known spam email attempt (phishing-spam.rules, High) 16983 <-> PHISHING-SPAM heatsettle.ru known spam email attempt (phishing-spam.rules, High) 16984 <-> PHISHING-SPAM freshmuch.ru known spam email attempt (phishing-spam.rules, High) 16985 <-> PHISHING-SPAM extoleye.ru known spam email attempt (phishing-spam.rules, High) 16986 <-> PHISHING-SPAM extoleye.ru known spam email attempt (phishing-spam.rules, High) 16987 <-> PHISHING-SPAM tabemmerich86b.ru known spam email attempt (phishing-spam.rules, High) 16988 <-> PHISHING-SPAM moderneight.ru known spam email attempt (phishing-spam.rules, High) 16989 <-> PHISHING-SPAM tabferd49a.ru known spam email attempt (phishing-spam.rules, High) 16990 <-> PHISHING-SPAM nextmail.ru known spam email attempt (phishing-spam.rules, High) 16991 <-> PHISHING-SPAM fruitone.ru known spam email attempt (phishing-spam.rules, High) 16992 <-> PHISHING-SPAM liquideat.ru known spam email attempt (phishing-spam.rules, High) 16993 <-> PHISHING-SPAM tabwinn2a.ru known spam email attempt (phishing-spam.rules, High) 16994 <-> PHISHING-SPAM abletool.ru known spam email attempt (phishing-spam.rules, High) 16995 <-> PHISHING-SPAM miltyrefil.ru known spam email attempt (phishing-spam.rules, High) 16996 <-> PHISHING-SPAM quincytab.ru known spam email attempt (phishing-spam.rules, High) 16997 <-> PHISHING-SPAM giacoporx.ru known spam email attempt (phishing-spam.rules, High) 16998 <-> PHISHING-SPAM drugsnevile.ru known spam email attempt (phishing-spam.rules, High) 16999 <-> PHISHING-SPAM jasemed.ru known spam email attempt (phishing-spam.rules, High) 17000 <-> PHISHING-SPAM ximenezdrug.ru known spam email attempt (phishing-spam.rules, High) 17001 <-> PHISHING-SPAM dillonline.ru known spam email attempt (phishing-spam.rules, High) 17002 <-> PHISHING-SPAM swellliquid.ru known spam email attempt (phishing-spam.rules, High) 17003 <-> PHISHING-SPAM younglaugh.ru known spam email attempt (phishing-spam.rules, High) 17004 <-> PHISHING-SPAM 2047757.kaskad-travel.ru known spam email attempt (phishing-spam.rules, High) 17005 <-> PHISHING-SPAM paintwater.ru known spam email attempt (phishing-spam.rules, High) 17006 <-> PHISHING-SPAM lovingover.ru known spam email attempt (phishing-spam.rules, High) 17007 <-> PHISHING-SPAM pharmerastus.ru known spam email attempt (phishing-spam.rules, High) 17008 <-> PHISHING-SPAM hisoffer.ru known spam email attempt (phishing-spam.rules, High) 17009 <-> PHISHING-SPAM butleft.ru known spam email attempt (phishing-spam.rules, High) 17010 <-> PHISHING-SPAM starknow.ru known spam email attempt (phishing-spam.rules, High) 17011 <-> PHISHING-SPAM beginwisdom.ru known spam email attempt (phishing-spam.rules, High) 17012 <-> PHISHING-SPAM oneus.ru known spam email attempt (phishing-spam.rules, High) 17013 <-> PHISHING-SPAM reapcomfy.ru known spam email attempt (phishing-spam.rules, High) 17014 <-> PHISHING-SPAM rowsay.ru known spam email attempt (phishing-spam.rules, High) 17015 <-> PHISHING-SPAM pamperletter.ru known spam email attempt (phishing-spam.rules, High) 17016 <-> PHISHING-SPAM boxdouble.ru known spam email attempt (phishing-spam.rules, High) 17017 <-> PHISHING-SPAM beatmoon.ru known spam email attempt (phishing-spam.rules, High) 17018 <-> PHISHING-SPAM ensureequate.ru known spam email attempt (phishing-spam.rules, High) 17019 <-> PHISHING-SPAM miltyrefil.ru known spam email attempt (phishing-spam.rules, High) 17020 <-> PHISHING-SPAM sheerwheel.ru known spam email attempt (phishing-spam.rules, High) 17021 <-> PHISHING-SPAM nearpass.ru known spam email attempt (phishing-spam.rules, High) 17022 <-> PHISHING-SPAM thatmile.ru known spam email attempt (phishing-spam.rules, High) 17023 <-> PHISHING-SPAM hillfoot.ru known spam email attempt (phishing-spam.rules, High) 17024 <-> PHISHING-SPAM writeobject.ru known spam email attempt (phishing-spam.rules, High) 17025 <-> PHISHING-SPAM thoughthese.ru known spam email attempt (phishing-spam.rules, High) 17026 <-> PHISHING-SPAM redlead.ru known spam email attempt (phishing-spam.rules, High) 17027 <-> PHISHING-SPAM scoreenjoy.ru known spam email attempt (phishing-spam.rules, High) 17028 <-> PHISHING-SPAM pamperletter.ru known spam email attempt (phishing-spam.rules, High) 17029 <-> PHISHING-SPAM tenderpower.ru known spam email attempt (phishing-spam.rules, High) 17030 <-> PHISHING-SPAM fewvalley.ru known spam email attempt (phishing-spam.rules, High) 17031 <-> PHISHING-SPAM burnshy.ru known spam email attempt (phishing-spam.rules, High) 17032 <-> PHISHING-SPAM centtry.ru known spam email attempt (phishing-spam.rules, High) 17033 <-> PHISHING-SPAM signpearl.ru known spam email attempt (phishing-spam.rules, High) Updated rules: 9418 <-> BOTNET-CNC bagle.a http notification detection (botnet-cnc.rules, High) 10113 <-> BOTNET-CNC Trojan Peacomm command and control propagation detected (botnet-cnc.rules, High) 10114 <-> BOTNET-CNC Trojan Peacomm command and control propagation detected (botnet-cnc.rules, High) 10403 <-> BOTNET-CNC Trojan.Duntek Checkin GET Request (botnet-cnc.rules, High) 13953 <-> BOTNET-CNC Asprox trojan initial query (botnet-cnc.rules, High) 15295 <-> BOTNET-CNC Trojan.Bankpatch.C configuration attempt (botnet-cnc.rules, High) 15296 <-> BOTNET-CNC Trojan.Bankpatch.C malicious file download attempt (botnet-cnc.rules, High) 15297 <-> BOTNET-CNC Trojan.Bankpatch.C report home attempt (botnet-cnc.rules, High) 15423 <-> BOTNET-CNC Clampi virus communication detected (botnet-cnc.rules, High) 15481 <-> BOTNET-CNC Zeus/Zbot malware config file download request (botnet-cnc.rules, High) 15553 <-> BOTNET-CNC Sality virus HTTP GET request (botnet-cnc.rules, High) 15730 <-> BOTNET-CNC Delf Trojan POST attempt (botnet-cnc.rules, High) 15938 <-> BOTNET-CNC Backdoor SubSeven client connection to server (botnet-cnc.rules, High) 16297 <-> BOTNET-CNC Palevo bot DNS request for C&C attempt (botnet-cnc.rules, High) 16298 <-> BOTNET-CNC Palevo bot DNS request attempt (botnet-cnc.rules, Low) 16299 <-> BOTNET-CNC Palevo bot DNS request attempt (botnet-cnc.rules, Low) 16302 <-> BOTNET-CNC Virut DNS request for C&C attempt (botnet-cnc.rules, High) 16303 <-> BOTNET-CNC Virut DNS request attempt (botnet-cnc.rules, High) 16304 <-> BOTNET-CNC Virut DNS request attempt (botnet-cnc.rules, High) 16368 <-> BOTNET-CNC Hydraq/Aurora connection to C&C server attempt (botnet-cnc.rules, High) 16391 <-> BOTNET-CNC Gozi Trojan connection to C&C attempt (botnet-cnc.rules, High) 16439 <-> BOTNET-CNC Possible Zeus User-Agent - _TEST_ (botnet-cnc.rules, High) 16440 <-> BOTNET-CNC Possible Zeus User-Agent - ie (botnet-cnc.rules, High) 16441 <-> BOTNET-CNC Possible Zeus User-Agent - Download (botnet-cnc.rules, High) 16442 <-> BOTNET-CNC Possible Zeus User-Agent - Mozilla (botnet-cnc.rules, High) 16459 <-> BOTNET-CNC Trojan command and control communication attempt (botnet-cnc.rules, High) 16483 <-> BOTNET-CNC Koobface worm submission of collected data to C&C server attempt (botnet-cnc.rules, High) 16484 <-> BOTNET-CNC Koobface contact to C&C server attempt (botnet-cnc.rules, High) 16485 <-> BOTNET-CNC Koobface request for captcha attempt (botnet-cnc.rules, High) 16526 <-> BOTNET-CNC VanBot IRC communication attempt (botnet-cnc.rules, High) 16527 <-> BOTNET-CNC Zbot malware config file download request (botnet-cnc.rules, High) 16528 <-> BOTNET-CNC Zbot malware config file download request (botnet-cnc.rules, High)
