Sourcefire VRT Rules Update

Date: 2010-11-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.6.0.

The format of the file is:

sid - Message (rule group, priority)

New rules:
17815 <-> SPYWARE-PUT Thinkpoint fake antivirus - user display (spyware-put.rules, High)
17816 <-> SPYWARE-PUT Thinkpoint fake antivirus - credit card submission (spyware-put.rules, High)
17817 <-> SPECIFIC-THREATS Thinkpoint fake antivirus binary download (specific-threats.rules, High)
17818 <-> BLACKLIST DNS request for known malware domain ktr.t134.net (blacklist.rules, High)
17819 <-> BLACKLIST DNS request for known malware domain motuh.com (blacklist.rules, High)
17820 <-> BLACKLIST DNS request for known malware domain myanimalclips.com (blacklist.rules, High)
17821 <-> BLACKLIST DNS request for known malware domain ketsymbol.com (blacklist.rules, High)
17822 <-> BLACKLIST DNS request for known malware domain ics.hotbar.com (blacklist.rules, High)
17823 <-> BLACKLIST DNS request for known malware domain www.myroitracking.com (blacklist.rules, High)
17824 <-> BLACKLIST DNS request for known malware domain teenxmovs.net (blacklist.rules, High)
17825 <-> BLACKLIST DNS request for known malware domain px.smowtion.com (blacklist.rules, High)
17826 <-> BLACKLIST DNS request for known malware domain cheaps1.info (blacklist.rules, High)
17827 <-> BLACKLIST DNS request for known malware domain sexmoviesland.net (blacklist.rules, High)
17828 <-> BLACKLIST DNS request for known malware domain 67.201.36.16 (blacklist.rules, High)
17829 <-> BLACKLIST DNS request for known malware domain c7.zxxds.net (blacklist.rules, High)
17830 <-> BLACKLIST DNS request for known malware domain dickvsclit.net (blacklist.rules, High)
17831 <-> BLACKLIST DNS request for known malware domain edrichfinearts.com (blacklist.rules, High)
17832 <-> BLACKLIST DNS request for known malware domain img100.xvideos.com (blacklist.rules, High)
17833 <-> BLACKLIST DNS request for known malware domain www.dsnextgen.com (blacklist.rules, High)
17834 <-> BLACKLIST DNS request for known malware domain 343.boolans.com (blacklist.rules, High)
17835 <-> BLACKLIST DNS request for known malware domain xpresdnet.com (blacklist.rules, High)
17836 <-> BLACKLIST DNS request for known malware domain gbsup.com (blacklist.rules, High)
17837 <-> BLACKLIST DNS request for known malware domain xxsmovies.com (blacklist.rules, High)
17838 <-> BLACKLIST DNS request for known malware domain vc.iwriteweb.com (blacklist.rules, High)
17839 <-> BLACKLIST DNS request for known malware domain js.222233.com (blacklist.rules, High)
17840 <-> BLACKLIST DNS request for known malware domain www.grannyplanet.com (blacklist.rules, High)
17841 <-> BLACKLIST DNS request for known malware domain coop.crwdcntrl.net (blacklist.rules, High)
17842 <-> BLACKLIST DNS request for known malware domain extrahotx.net (blacklist.rules, High)
17843 <-> BLACKLIST DNS request for known malware domain extralargevideos.com (blacklist.rules, High)
17844 <-> BLACKLIST DNS request for known malware domain w55c.net (blacklist.rules, High)
17845 <-> BLACKLIST DNS request for known malware domain aahydrogen.com (blacklist.rules, High)
17846 <-> BLACKLIST DNS request for known malware domain widgets.amung.us (blacklist.rules, High)
17847 <-> BLACKLIST DNS request for known malware domain mskla.com (blacklist.rules, High)
17848 <-> BLACKLIST DNS request for known malware domain play.unionsky.cn (blacklist.rules, High)
17849 <-> BLACKLIST DNS request for known malware domain fuckersucker.com (blacklist.rules, High)
17850 <-> BLACKLIST DNS request for known malware domain pornfucklist.com (blacklist.rules, High)
17851 <-> BLACKLIST DNS request for known malware domain game.685faiudeme.com (blacklist.rules, High)
17852 <-> BLACKLIST DNS request for known malware domain 447.cc (blacklist.rules, High)
17853 <-> BLACKLIST DNS request for known malware domain dommonview.com (blacklist.rules, High)
17854 <-> BLACKLIST DNS request for known malware domain www.lamiaexragazza.com (blacklist.rules, High)
17855 <-> BLACKLIST DNS request for known malware domain acofinder.com (blacklist.rules, High)
17856 <-> BLACKLIST DNS request for known malware domain fuckfuckvids.com (blacklist.rules, High)
17857 <-> BLACKLIST DNS request for known malware domain www.cnhack.cn (blacklist.rules, High)
17858 <-> BLACKLIST DNS request for known malware domain kingsizematures.com (blacklist.rules, High)
17859 <-> BLACKLIST DNS request for known malware domain promotds.com (blacklist.rules, High)
17860 <-> BLACKLIST DNS request for known malware domain mejac.com (blacklist.rules, High)
17861 <-> BLACKLIST DNS request for known malware domain zq2.9wee.com (blacklist.rules, High)
17862 <-> BLACKLIST DNS request for known malware domain 122.770304123.cn (blacklist.rules, High)
17863 <-> BLACKLIST DNS request for known malware domain rpt2.21civ.com (blacklist.rules, High)
17864 <-> BLACKLIST DNS request for known malware domain tubexxxmatures.com (blacklist.rules, High)
17865 <-> BLACKLIST DNS request for known malware domain 110.770304123.cn (blacklist.rules, High)
17866 <-> BLACKLIST DNS request for known malware domain aebankonline.com (blacklist.rules, High)
17867 <-> BLACKLIST DNS request for known malware domain utm.trk.myfuncards.com (blacklist.rules, High)
17868 <-> BLACKLIST DNS request for known malware domain a.qq2233.com (blacklist.rules, High)
17869 <-> BLACKLIST DNS request for known malware domain px.mgplatform.com (blacklist.rules, High)
17870 <-> BLACKLIST DNS request for known malware domain trojan8.com (blacklist.rules, High)
17871 <-> BLACKLIST DNS request for known malware domain brutalxvideos.com (blacklist.rules, High)
17872 <-> BLACKLIST DNS request for known malware domain www3.sexown.com (blacklist.rules, High)
17873 <-> BLACKLIST DNS request for known malware domain mummimpegs.com (blacklist.rules, High)
17874 <-> BLACKLIST DNS request for known malware domain um.simpli.fi (blacklist.rules, High)
17875 <-> BLACKLIST DNS request for known malware domain www.very-young-boys.com (blacklist.rules, High)
17876 <-> BLACKLIST DNS request for known malware domain 91629.com (blacklist.rules, High)
17877 <-> BLACKLIST DNS request for known malware domain animal36.com (blacklist.rules, High)
17878 <-> BLACKLIST DNS request for known malware domain ayb.host127-0-0-1.com (blacklist.rules, High)
17879 <-> BLACKLIST DNS request for known malware domain cfg.353wanwan.com (blacklist.rules, High)
17880 <-> BLACKLIST DNS request for known malware domain www.027dj.com (blacklist.rules, High)
17881 <-> BLACKLIST DNS request for known malware domain fucktosky.com (blacklist.rules, High)
17882 <-> BLACKLIST DNS request for known malware domain procca.com (blacklist.rules, High)
17883 <-> BLACKLIST DNS request for known malware domain autouploaders.net (blacklist.rules, High)
17884 <-> BLACKLIST DNS request for known malware domain gimmemyporn.com (blacklist.rules, High)
17885 <-> BLACKLIST DNS request for known malware domain waytoall.com (blacklist.rules, High)
17886 <-> BLACKLIST DNS request for known malware domain www.spamature.com (blacklist.rules, High)
17887 <-> BLACKLIST DNS request for known malware domain info.collectionerrorreport.com (blacklist.rules, High)
17888 <-> BLACKLIST DNS request for known malware domain bn.xp1.ru4.com (blacklist.rules, High)
17889 <-> BLACKLIST DNS request for known malware domain www.ajie520.com (blacklist.rules, High)
17890 <-> BLACKLIST DNS request for known malware domain 114search1.118114.cn (blacklist.rules, High)
17891 <-> BLACKLIST DNS request for known malware domain http.content.ru4.com (blacklist.rules, High)
17892 <-> BLACKLIST DNS request for known malware domain raw.oggifinogi.com (blacklist.rules, High)
17893 <-> BLACKLIST DNS request for known malware domain www.zxc0001.com (blacklist.rules, High)
17894 <-> BLACKLIST DNS request for known malware domain streq.cn (blacklist.rules, High)
17895 <-> BLACKLIST DNS request for known malware domain pyow.prixi-soft.ir (blacklist.rules, High)
17896 <-> BLACKLIST DNS request for known malware domain 113552url.cptgt.com (blacklist.rules, High)
17897 <-> BLACKLIST DNS request for known malware domain www.moneytw8.com (blacklist.rules, High)
17898 <-> BLACKLIST URI request for known malicious URI - /get2.php?c=VTOXUGUI&d=26606B6739343F216560 (blacklist.rules, High)
17899 <-> BLACKLIST URI request for known malicious URI - /reques0.asp?kind=006&mac= (blacklist.rules, High)
17900 <-> BLACKLIST URI request for known malicious URI - /basic/cn3c2/c.*dll (blacklist.rules, High)
17901 <-> BLACKLIST URI request for known malicious URI - /mybackup21.rar (blacklist.rules, High)
17902 <-> BLACKLIST URI request for known malicious URI - /?getexe=loader.exe (blacklist.rules, High)
17903 <-> BLACKLIST URI request for known malicious URI - stid= (blacklist.rules, High)
17904 <-> BLACKLIST URI request for known malicious URI - /tongji.js (blacklist.rules, High)
17905 <-> BLACKLIST URI request for known malicious URI - 1de49069b6044785e9dfcd4c035cfd0c.php (blacklist.rules, High)
17906 <-> BLACKLIST URI request for known malicious URI - 2x/.*php (blacklist.rules, High)
17907 <-> BLACKLIST URI request for known malicious URI - /MNG/Download/?File=AZF|DATADIR|Download (blacklist.rules, High)
17908 <-> BLACKLIST URI request for known malicious URI - /images/crypt_22.exe (blacklist.rules, High)
17909 <-> BLACKLIST URI request for known malicious URI - /images/css/1.exe (blacklist.rules, High)
17910 <-> BLACKLIST URI request for known malicious URI - /7xdown.exe (blacklist.rules, High)
17911 <-> BLACKLIST URI request for known malicious URI - /winhelper.exe (blacklist.rules, High)
17912 <-> BLACKLIST URI request for known malicious URI - /upopwin/count.asp?mac= (blacklist.rules, High)
17913 <-> BLACKLIST URI request for known malicious URI - /ok.exe (blacklist.rules, High)
17914 <-> BLACKLIST URI request for known malicious URI - /LjBin/Bin.Dll (blacklist.rules, High)
17915 <-> BLACKLIST URI request for known malicious URI - /1001ns/cfg3n.bin (blacklist.rules, High)
17916 <-> BLACKLIST URI request for known malicious URI - /dh/stats.bin (blacklist.rules, High)
17917 <-> BLACKLIST URI request for known malicious URI - /zeus/config.bin (blacklist.rules, High)
17918 <-> PHISHING-SPAM aaof.onlinelewiss22r.ru known spam email attempt (phishing-spam.rules, High)
17919 <-> PHISHING-SPAM akiq.onlinetommie54y.ru known spam email attempt (phishing-spam.rules, High)
17920 <-> PHISHING-SPAM aobuii.onlinelewiss22r.ru known spam email attempt (phishing-spam.rules, High)
17921 <-> PHISHING-SPAM argue.medrayner44c.ru known spam email attempt (phishing-spam.rules, High)
17922 <-> PHISHING-SPAM ava.refilleldredge89r.ru known spam email attempt (phishing-spam.rules, High)
17923 <-> PHISHING-SPAM axoseb.medicdrugsxck.ru known spam email attempt (phishing-spam.rules, High)
17924 <-> PHISHING-SPAM azo.onlinetommie54y.ru known spam email attempt (phishing-spam.rules, High)
17925 <-> PHISHING-SPAM back.pharmroyce83b.ru known spam email attempt (phishing-spam.rules, High)
17926 <-> PHISHING-SPAM by.pharmroyce83b.ru known spam email attempt (phishing-spam.rules, High)
17927 <-> PHISHING-SPAM cardinals.refilldud86o.ru known spam email attempt (phishing-spam.rules, High)
17928 <-> PHISHING-SPAM chemist.onlineruggiero33q.ru known spam email attempt (phishing-spam.rules, High)
17929 <-> PHISHING-SPAM chula.pharmroyce83b.ru known spam email attempt (phishing-spam.rules, High)
17930 <-> PHISHING-SPAM classification.refillreade47j.ru known spam email attempt (phishing-spam.rules, High)
17931 <-> PHISHING-SPAM compensate.refilldud86o.ru known spam email attempt (phishing-spam.rules, High)
17932 <-> PHISHING-SPAM cswjlxey.ru known spam email attempt (phishing-spam.rules, High)
17933 <-> PHISHING-SPAM current.refillreade47j.ru known spam email attempt (phishing-spam.rules, High)
17934 <-> PHISHING-SPAM cyacaz.pilltodd73p.ru known spam email attempt (phishing-spam.rules, High)
17935 <-> PHISHING-SPAM deepcenter.ru known spam email attempt (phishing-spam.rules, High)
17936 <-> PHISHING-SPAM delegate.refillreade47j.ru known spam email attempt (phishing-spam.rules, High)
17937 <-> PHISHING-SPAM diet.medrayner44c.ru known spam email attempt (phishing-spam.rules, High)
17938 <-> PHISHING-SPAM direct.refillreade47j.ru known spam email attempt (phishing-spam.rules, High)
17939 <-> PHISHING-SPAM divyo.pillking74s.ru known spam email attempt (phishing-spam.rules, High)
17940 <-> PHISHING-SPAM drugsgeorge65g.ru known spam email attempt (phishing-spam.rules, High)
17941 <-> PHISHING-SPAM dux.erectnoll24k.ru known spam email attempt (phishing-spam.rules, High)
17942 <-> PHISHING-SPAM dypoh.erectjefferey85n.ru known spam email attempt (phishing-spam.rules, High)
17943 <-> PHISHING-SPAM eaihar.refilleldredge89r.ru known spam email attempt (phishing-spam.rules, High)
17944 <-> PHISHING-SPAM eeez.onlinehamel83i.ru known spam email attempt (phishing-spam.rules, High)
17945 <-> PHISHING-SPAM egi.refilleldredge89r.ru known spam email attempt (phishing-spam.rules, High)
17946 <-> PHISHING-SPAM ehyw.cumedicdrugsx.ru known spam email attempt (phishing-spam.rules, High)
17947 <-> PHISHING-SPAM eka.onlinehamel83i.ru known spam email attempt (phishing-spam.rules, High)
17948 <-> PHISHING-SPAM election.refillreade47j.ru known spam email attempt (phishing-spam.rules, High)
17949 <-> PHISHING-SPAM elik.drugslevy46b.ru known spam email attempt (phishing-spam.rules, High)
17950 <-> PHISHING-SPAM epeno.onlinelewiss22r.ru known spam email attempt (phishing-spam.rules, High)
17951 <-> PHISHING-SPAM erectgodart30s.ru known spam email attempt (phishing-spam.rules, High)
17952 <-> PHISHING-SPAM erol.camedicdrugsx.ru known spam email attempt (phishing-spam.rules, High)
17953 <-> PHISHING-SPAM exa.drugslevy46b.ru known spam email attempt (phishing-spam.rules, High)
17954 <-> PHISHING-SPAM eyu.onlinehamel83i.ru known spam email attempt (phishing-spam.rules, High)
17955 <-> PHISHING-SPAM fashionchannel.ru known spam email attempt (phishing-spam.rules, High)
17956 <-> PHISHING-SPAM fauxy.pillking74s.ru known spam email attempt (phishing-spam.rules, High)
17957 <-> PHISHING-SPAM food.refillreade47j.ru known spam email attempt (phishing-spam.rules, High)
17958 <-> PHISHING-SPAM generality.onlinehill21q.ru known spam email attempt (phishing-spam.rules, High)
17959 <-> PHISHING-SPAM goyry.ramedicdrugsx.ru known spam email attempt (phishing-spam.rules, High)
17960 <-> PHISHING-SPAM gueepa.erectnoll24k.ru known spam email attempt (phishing-spam.rules, High)
17961 <-> PHISHING-SPAM has.refillreade47j.ru known spam email attempt (phishing-spam.rules, High)
17962 <-> PHISHING-SPAM have.medrayner44c.ru known spam email attempt (phishing-spam.rules, High)
17963 <-> PHISHING-SPAM headtest.ru known spam email attempt (phishing-spam.rules, High)
17964 <-> PHISHING-SPAM huhuh.pilltodd73p.ru known spam email attempt (phishing-spam.rules, High)
17965 <-> PHISHING-SPAM hyem.pilltodd73p.ru known spam email attempt (phishing-spam.rules, High)
17966 <-> PHISHING-SPAM icysa.refilleldredge89r.ru known spam email attempt (phishing-spam.rules, High)
17967 <-> PHISHING-SPAM iiy.refilleldredge89r.ru known spam email attempt (phishing-spam.rules, High)
17968 <-> PHISHING-SPAM iki.onlinetommie54y.ru known spam email attempt (phishing-spam.rules, High)
17969 <-> PHISHING-SPAM iner.medicdrugsxdl.ru known spam email attempt (phishing-spam.rules, High)
17970 <-> PHISHING-SPAM in.onlinehill21q.ru known spam email attempt (phishing-spam.rules, High)
17971 <-> PHISHING-SPAM intelpost.ru known spam email attempt (phishing-spam.rules, High)
17972 <-> PHISHING-SPAM inunuw.medicdrugsxpo.ru known spam email attempt (phishing-spam.rules, High)
17973 <-> PHISHING-SPAM ipiig.drugslevy46b.ru known spam email attempt (phishing-spam.rules, High)
17974 <-> PHISHING-SPAM iqor.pilltodd73p.ru known spam email attempt (phishing-spam.rules, High)
17975 <-> PHISHING-SPAM is.medrayner44c.ru known spam email attempt (phishing-spam.rules, High)
17976 <-> PHISHING-SPAM itaca.erectnoll24k.ru known spam email attempt (phishing-spam.rules, High)
17977 <-> PHISHING-SPAM ive.pilltodd73p.ru known spam email attempt (phishing-spam.rules, High)
17978 <-> PHISHING-SPAM iweqyz.erectjefferey85n.ru known spam email attempt (phishing-spam.rules, High)
17979 <-> PHISHING-SPAM iycyde.medicdrugsxco.ru known spam email attempt (phishing-spam.rules, High)
17980 <-> PHISHING-SPAM iyw.refilleldredge89r.ru known spam email attempt (phishing-spam.rules, High)
17981 <-> PHISHING-SPAM jaecoh.erectnoll24k.ru known spam email attempt (phishing-spam.rules, High)
17982 <-> PHISHING-SPAM jael.pillking74s.ru known spam email attempt (phishing-spam.rules, High)
17983 <-> PHISHING-SPAM jex.remedicdrugsx.ru known spam email attempt (phishing-spam.rules, High)
17984 <-> PHISHING-SPAM john.onlinehill21q.ru known spam email attempt (phishing-spam.rules, High)
17985 <-> PHISHING-SPAM joseph.refillreade47j.ru known spam email attempt (phishing-spam.rules, High)
17986 <-> PHISHING-SPAM jyn.medicdrugsxdl.ru known spam email attempt (phishing-spam.rules, High)
17987 <-> PHISHING-SPAM jyzyv.refilleldredge89r.ru known spam email attempt (phishing-spam.rules, High)
17988 <-> PHISHING-SPAM koosaf.erectnoll24k.ru known spam email attempt (phishing-spam.rules, High)
17989 <-> PHISHING-SPAM lybah.pilltodd73p.ru known spam email attempt (phishing-spam.rules, High)
17990 <-> PHISHING-SPAM manila.onlinephilbert42f.ru known spam email attempt (phishing-spam.rules, High)
17991 <-> PHISHING-SPAM masa.erectjefferey85n.ru known spam email attempt (phishing-spam.rules, High)
17992 <-> PHISHING-SPAM medpenny17j.ru known spam email attempt (phishing-spam.rules, High)
17993 <-> PHISHING-SPAM minionspre.ru known spam email attempt (phishing-spam.rules, High)
17994 <-> PHISHING-SPAM nazuwu.onlinelewiss22r.ru known spam email attempt (phishing-spam.rules, High)
17995 <-> PHISHING-SPAM negotiations.refilldud86o.ru known spam email attempt (phishing-spam.rules, High)
17996 <-> PHISHING-SPAM niqiv.erectjefferey85n.ru known spam email attempt (phishing-spam.rules, High)
17997 <-> PHISHING-SPAM odimys.medicdrugsxlb.ru known spam email attempt (phishing-spam.rules, High)
17998 <-> PHISHING-SPAM odoog.onlinelewiss22r.ru known spam email attempt (phishing-spam.rules, High)
17999 <-> PHISHING-SPAM oekaka.aimedicdrugsx.ru known spam email attempt (phishing-spam.rules, High)
18000 <-> PHISHING-SPAM oeqio.erectnoll24k.ru known spam email attempt (phishing-spam.rules, High)
18001 <-> PHISHING-SPAM of.onlinephilbert42f.ru known spam email attempt (phishing-spam.rules, High)
18002 <-> PHISHING-SPAM of.refilldud86o.ru known spam email attempt (phishing-spam.rules, High)
18003 <-> PHISHING-SPAM of.refillreade47j.ru known spam email attempt (phishing-spam.rules, High)
18004 <-> PHISHING-SPAM oipek.onlinehamel83i.ru known spam email attempt (phishing-spam.rules, High)
18005 <-> PHISHING-SPAM oji.medicdrugsxto.ru known spam email attempt (phishing-spam.rules, High)
18006 <-> PHISHING-SPAM onotye.onlinelewiss22r.ru known spam email attempt (phishing-spam.rules, High)
18007 <-> PHISHING-SPAM opy.erectjefferey85n.ru known spam email attempt (phishing-spam.rules, High)
18008 <-> PHISHING-SPAM orderbuzz.ru known spam email attempt (phishing-spam.rules, High)
18009 <-> PHISHING-SPAM ouu.almedicdrugsx.ru known spam email attempt (phishing-spam.rules, High)
18010 <-> PHISHING-SPAM oxuc.pillking74s.ru known spam email attempt (phishing-spam.rules, High)
18011 <-> PHISHING-SPAM pillrolfe64l.ru known spam email attempt (phishing-spam.rules, High)
18012 <-> PHISHING-SPAM recently.refilldud86o.ru known spam email attempt (phishing-spam.rules, High)
18013 <-> PHISHING-SPAM records.onlinephilbert42f.ru known spam email attempt (phishing-spam.rules, High)
18014 <-> PHISHING-SPAM reobaj.onlinehamel83i.ru known spam email attempt (phishing-spam.rules, High)
18015 <-> PHISHING-SPAM research.onlinehill21q.ru known spam email attempt (phishing-spam.rules, High)
18016 <-> PHISHING-SPAM returning.refillreade47j.ru known spam email attempt (phishing-spam.rules, High)
18017 <-> PHISHING-SPAM right.refillreade47j.ru known spam email attempt (phishing-spam.rules, High)
18018 <-> PHISHING-SPAM riwaro.erectjefferey85n.ru known spam email attempt (phishing-spam.rules, High)
18019 <-> PHISHING-SPAM ruuav.erectnoll24k.ru known spam email attempt (phishing-spam.rules, High)
18020 <-> PHISHING-SPAM ryhux.medicdrugsxpa.ru known spam email attempt (phishing-spam.rules, High)
18021 <-> PHISHING-SPAM software-buyshop-7.ru known spam email attempt (phishing-spam.rules, High)
18022 <-> PHISHING-SPAM specialyou.ru known spam email attempt (phishing-spam.rules, High)
18023 <-> PHISHING-SPAM starring.pharmroyce83b.ru known spam email attempt (phishing-spam.rules, High)
18024 <-> PHISHING-SPAM store-softwarebuy-7.ru known spam email attempt (phishing-spam.rules, High)
18025 <-> PHISHING-SPAM sya.onlinehamel83i.ru known spam email attempt (phishing-spam.rules, High)
18026 <-> PHISHING-SPAM tabdarin80s.ru known spam email attempt (phishing-spam.rules, High)
18027 <-> PHISHING-SPAM tabgordan13n.ru known spam email attempt (phishing-spam.rules, High)
18028 <-> PHISHING-SPAM tablangston19a.ru known spam email attempt (phishing-spam.rules, High)
18029 <-> PHISHING-SPAM tabwebster77c.ru known spam email attempt (phishing-spam.rules, High)
18030 <-> PHISHING-SPAM tanuen.dimedicdrugsx.ru known spam email attempt (phishing-spam.rules, High)
18031 <-> PHISHING-SPAM the.onlinehill21q.ru known spam email attempt (phishing-spam.rules, High)
18032 <-> PHISHING-SPAM the.onlineruggiero33q.ru known spam email attempt (phishing-spam.rules, High)
18033 <-> PHISHING-SPAM to.medrayner44c.ru known spam email attempt (phishing-spam.rules, High)
18034 <-> PHISHING-SPAM trails.pharmroyce83b.ru known spam email attempt (phishing-spam.rules, High)
18035 <-> PHISHING-SPAM trusting-me.ru known spam email attempt (phishing-spam.rules, High)
18036 <-> PHISHING-SPAM twodays.ru known spam email attempt (phishing-spam.rules, High)
18037 <-> PHISHING-SPAM tyqaja.pilltodd73p.ru known spam email attempt (phishing-spam.rules, High)
18038 <-> PHISHING-SPAM uboi.onlinehamel83i.ru known spam email attempt (phishing-spam.rules, High)
18039 <-> PHISHING-SPAM uf.drugslevy46b.ru known spam email attempt (phishing-spam.rules, High)
18040 <-> PHISHING-SPAM uielij.pillking74s.ru known spam email attempt (phishing-spam.rules, High)
18041 <-> PHISHING-SPAM unasu.medicdrugsxto.ru known spam email attempt (phishing-spam.rules, High)
18042 <-> PHISHING-SPAM upazo.pilltodd73p.ru known spam email attempt (phishing-spam.rules, High)
18043 <-> PHISHING-SPAM utuqaj.pillking74s.ru known spam email attempt (phishing-spam.rules, High)
18044 <-> PHISHING-SPAM uuji.refilleldredge89r.ru known spam email attempt (phishing-spam.rules, High)
18045 <-> PHISHING-SPAM variation.refilldud86o.ru known spam email attempt (phishing-spam.rules, High)
18046 <-> PHISHING-SPAM via.refillreade47j.ru known spam email attempt (phishing-spam.rules, High)
18047 <-> PHISHING-SPAM voiceless.pharmroyce83b.ru known spam email attempt (phishing-spam.rules, High)
18048 <-> PHISHING-SPAM was.medrayner44c.ru known spam email attempt (phishing-spam.rules, High)
18049 <-> PHISHING-SPAM word.onlinephilbert42f.ru known spam email attempt (phishing-spam.rules, High)
18050 <-> PHISHING-SPAM world.onlinehill21q.ru known spam email attempt (phishing-spam.rules, High)
18051 <-> PHISHING-SPAM www.buhni.ru known spam email attempt (phishing-spam.rules, High)
18052 <-> PHISHING-SPAM www.visitcover.ru known spam email attempt (phishing-spam.rules, High)
18053 <-> PHISHING-SPAM xob.erectnoll24k.ru known spam email attempt (phishing-spam.rules, High)
18054 <-> PHISHING-SPAM ygy.onlinetommie54y.ru known spam email attempt (phishing-spam.rules, High)
18055 <-> PHISHING-SPAM yit.medicdrugsxor.ru known spam email attempt (phishing-spam.rules, High)
18056 <-> PHISHING-SPAM ylum.onlinelewiss22r.ru known spam email attempt (phishing-spam.rules, High)
18057 <-> PHISHING-SPAM ymyuto.onlinelewiss22r.ru known spam email attempt (phishing-spam.rules, High)
18058 <-> PHISHING-SPAM yomy.pillking74s.ru known spam email attempt (phishing-spam.rules, High)
18059 <-> PHISHING-SPAM yzugez.pillking74s.ru known spam email attempt (phishing-spam.rules, High)
18060 <-> PHISHING-SPAM zeroprices.ru known spam email attempt (phishing-spam.rules, High)
18061 <-> PHISHING-SPAM zueuz.onlinehamel83i.ru known spam email attempt (phishing-spam.rules, High)

Updated rules:
10012 <-> SMTP Microsoft Outlook VEVENT non-TZID overflow attempt (smtp.rules, High)