Snort

• Blog
• VRT
• Community
• Docs
• Services
• About
• Swag Store
• Sign In
• 

Sourcefire VRT Rules Update

Date: 2011-03-03

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.0.2.

The format of the file is:

sid - Message (rule group, priority)

New rules:
18473 <-> ICMPv6 Echo Reply (icmp-info.rules, Low)
18474 <-> ICMPv6 Echo Request (icmp-info.rules, Low)
18475 <-> WEB_MISC HP Openview OvWebHelp.exe buffer overflow (web-misc.rules, High)
18476 <-> SPECIFIC-THREATS IBM Lotus Notes DOC attachment viewer buffer overflow (specific-threats.rules, High)
18477 <-> SMTP Lotus Notes MIF viewer statement data overflow 2 (specific-threats.rules, High)
18478 <-> WEB-PHP miniBB rss.php premodDir remote file include attempt (web-php.rules, High)
18479 <-> WEB-PHP miniBB rss.php premodDir remote file include attempt (web-php.rules, High)
18480 <-> WEB-MISC HP openview network node manager ovlogin.exe buffer overflow - userid parameter (web-misc.rules, High)
18481 <-> WEB-MISC HP openview network node manager ovlogin.exe buffer overflow - password parameter (web-misc.rules, High)
18482 <-> SPECIFIC-THREATS Microsoft Internet Explorer History.go method double free corruption attempt (specific-threats.rules, High)
18483 <-> WEB-CLIENT Apple iTunes Playlist Overflow Attempt (web-client.rules, High)
18484 <-> WEB-CLIENT Apple iTunes Playlist Overflow Attempt (web-client.rules, High)
18485 <-> SPECIFIC-THREATS Mozilla Firefox JavaScript handler race condition memory corruption attempt (specific-threats.rules, High)
18486 <-> SPECIFIC-THREATS Mozilla Firefox JavaScript handler race condition memory corruption attempt (specific-threats.rules, High)
18487 <-> SPECIFIC-THREATS Ingres Database iidbms heap overflow attempt (specific-threats.rules, High)
18488 <-> WEB-CLIENT Adobe Photoshop Wintab32.dll dll-load exploit attempt (web-client.rules, High)
18489 <-> NETBIOS Adobe Photoshop Wintab32.dll dll-load exploit attempt (netbios.rules, High)
18490 <-> WEB-ACTIVEX Whale Client Components ActiveX clsid access (web-activex.rules, High)
18491 <-> WEB-ACTIVEX Whale Client Components ActiveX ProgID access (web-activex.rules, High)
18492 <-> BLACKLIST DNS request for known malware domain ilo.brenz.pl (blacklist.rules, High)
18493 <-> WEB-PHP generic PHP code obfuscation attempt (web-php.rules, High)

Updated rules:
 532 <-> DELETED NETBIOS SMB ADMIN$ share access (deleted.rules, Low)
 533 <-> DELETED NETBIOS SMB C$ share access (deleted.rules, Low)
 536 <-> DELETED NETBIOS SMB D$ share access (deleted.rules, Low)
1991 <-> CHAT MSN login attempt (chat.rules, High)
2467 <-> DELETED NETBIOS SMB D$ unicode share access (deleted.rules, Low)
2468 <-> DELETED NETBIOS SMB-DS D$ share access (deleted.rules, Low)
2469 <-> DELETED NETBIOS SMB-DS D$ unicode share access (deleted.rules, Low)
2470 <-> DELETED NETBIOS SMB C$ unicode share access (deleted.rules, Low)
2471 <-> DELETED NETBIOS SMB-DS C$ share access (deleted.rules, Low)
2472 <-> DELETED NETBIOS SMB-DS C$ unicode share access (deleted.rules, Low)
2473 <-> DELETED NETBIOS SMB ADMIN$ unicode share access (deleted.rules, Low)
2475 <-> DELETED NETBIOS SMB-DS ADMIN$ unicode share access (deleted.rules, Low)
2494 <-> DELETED NETBIOS DCEPRC ORPCThis request flood attempt (deleted.rules, Medium)
2495 <-> DELETED NETBIOS SMB DCEPRC ORPCThis request flood attempt (deleted.rules, Medium)
2496 <-> DELETED NETBIOS SMB-DS DCEPRC ORPCThis request flood attempt (deleted.rules, Medium)
2523 <-> DOS BGP spoofed connection reset attempt (dos.rules, Medium)
2973 <-> DELETED NETBIOS SMB D$ unicode andx share access (deleted.rules, Low)
2974 <-> DELETED NETBIOS SMB-DS D$ andx share access (deleted.rules, Low)
2975 <-> DELETED NETBIOS SMB-DS D$ unicode andx share access (deleted.rules, Low)
2976 <-> DELETED NETBIOS SMB C$ andx share access (deleted.rules, Low)
2977 <-> DELETED NETBIOS SMB C$ unicode andx share access (deleted.rules, Low)
2978 <-> DELETED NETBIOS SMB-DS C$ andx share access (deleted.rules, Low)
2979 <-> DELETED NETBIOS SMB-DS C$ unicode andx share access (deleted.rules, Low)
2980 <-> DELETED NETBIOS SMB ADMIN$ andx share access (deleted.rules, Low)
2981 <-> DELETED NETBIOS SMB ADMIN$ unicode andx share access (deleted.rules, Low)
2982 <-> DELETED NETBIOS SMB-DS ADMIN$ andx share access (deleted.rules, Low)
2983 <-> DELETED NETBIOS SMB-DS ADMIN$ unicode andx share access (deleted.rules, Low)
3527 <-> EXPLOIT Solaris LPD overflow attempt (exploit.rules, High)
4645 <-> IMAP search format string attempt (imap.rules, High)
5321 <-> DELETED VIRUS Possible Sober virus set one NTP time check attempt (deleted.rules, Medium)
5322 <-> DELETED VIRUS Possible Sober virus set two NTP time check attempt (deleted.rules, Medium)
5323 <-> DELETED VIRUS Possible Sober virus set three NTP time check attempt (deleted.rules, Medium)
5742 <-> SPYWARE-PUT Keylogger activitylogger runtime detection (spyware-put.rules, Medium)
5744 <-> SPYWARE-PUT Hijacker actualnames runtime detection - online.php request (spyware-put.rules, Low)
5749 <-> SPYWARE-PUT Trackware alexa runtime detection (spyware-put.rules, Medium)
5750 <-> SPYWARE-PUT Adware dogpile runtime detection (spyware-put.rules, Low)
5760 <-> SPYWARE-PUT Hijacker marketscore runtime detection (spyware-put.rules, Low)
5764 <-> SPYWARE-PUT Hijacker begin2search runtime detection - fcgi query (spyware-put.rules, Low)
5765 <-> SPYWARE-PUT Hijacker begin2search runtime detection - ico query (spyware-put.rules, Low)
5767 <-> SPYWARE-PUT Hijacker begin2search runtime detection - download unauthorized code (spyware-put.rules, Low)
5773 <-> SPYWARE-PUT Adware forbes runtime detection (spyware-put.rules, Low)
5774 <-> SPYWARE-PUT Hijacker freescratch runtime detection - get card (spyware-put.rules, Low)
5775 <-> SPYWARE-PUT Hijacker freescratch runtime detection - scratch card (spyware-put.rules, Low)
5776 <-> SPYWARE-PUT Trickler grokster runtime detection (spyware-put.rules, Low)
5794 <-> SPYWARE-PUT Hijacker coolwebsearch.aboutblank variant runtime detection (spyware-put.rules, Low)
5796 <-> SPYWARE-PUT Adware keenvalue runtime detection (spyware-put.rules, Low)
5801 <-> SPYWARE-PUT Trackware myway speedbar / mywebsearch toolbar runtime detection - track activity 1 (spyware-put.rules, Medium)
5802 <-> SPYWARE-PUT Trackware myway speedbar / mywebsearch toolbar runtime detection - track activity 2 (spyware-put.rules, Medium)
5803 <-> SPYWARE-PUT Trackware myway speedbar / mywebsearch toolbar runtime detection - collect information (spyware-put.rules, Medium)
5804 <-> DELETED SPYWARE-PUT Trackware myway speedbar / mywebsearch toolbar runtime detection - ads (deleted.rules, Medium)
5805 <-> SPYWARE-PUT Trackware myway speedbar runtime detection - switch engines (spyware-put.rules, Medium)
5806 <-> DELETED SPYWARE-PUT Hijacker searchmiracle-elitebar runtime detection (deleted.rules, Low)
5807 <-> SPYWARE-PUT Hijacker shopathomeselect runtime detection (spyware-put.rules, Low)
5824 <-> SPYWARE-PUT Dialer stripplayer runtime detection (spyware-put.rules, Low)
5825 <-> SPYWARE-PUT Adware broadcasturban tuner runtime detection - start tuner (spyware-put.rules, Low)
5828 <-> SPYWARE-PUT Adware broadcasturban tuner runtime detection - connect to station (spyware-put.rules, Low)
5829 <-> SPYWARE-PUT Trickler clipgenie runtime detection (spyware-put.rules, Low)
5830 <-> DELETED SPYWARE-PUT Hijacker comet systems runtime detection - track activity (deleted.rules, Low)
5831 <-> DELETED SPYWARE-PUT Hijacker comet systems runtime detection - update requests (deleted.rules, Low)
5832 <-> DELETED SPYWARE-PUT Hijacker comet systems runtime search detection - search request 1 (deleted.rules, Low)
5835 <-> SPYWARE-PUT Adware gamespy_arcade runtime detection (spyware-put.rules, Low)
5836 <-> SPYWARE-PUT Trickler nictech.bm2 runtime detection (spyware-put.rules, Low)
5837 <-> SPYWARE-PUT Trackware ucmore runtime detection - track activity (spyware-put.rules, Medium)
5838 <-> SPYWARE-PUT Trackware ucmore runtime detection - get sponsor/ad links (spyware-put.rules, Medium)
5841 <-> SPYWARE-PUT Trickler minibug runtime detection - retrieve weather information (spyware-put.rules, Low)
5842 <-> SPYWARE-PUT Trickler minibug runtime detection - ads (spyware-put.rules, Low)
5846 <-> SPYWARE-PUT Trickler VX2/DLmax/BestOffers/Aurora runtime detection (spyware-put.rules, Low)
5852 <-> SPYWARE-PUT Adware warez_p2p runtime detection - cache.dat request (spyware-put.rules, Low)
5853 <-> SPYWARE-PUT Adware warez_p2p runtime detection - download ads (spyware-put.rules, Low)
5856 <-> DELETED SPYWARE-PUT Hijacker funbuddyicons runtime detection - funwebproducts user-agent string (deleted.rules, Low)
5858 <-> SPYWARE-PUT Adware praizetoolbar runtime detection (spyware-put.rules, Low)
5865 <-> SPYWARE-PUT Adware zapspot runtime detection - pop up ads (spyware-put.rules, Low)
5866 <-> SPYWARE-PUT Hijacker couponbar runtime detection - download new coupon offers and links (spyware-put.rules, Low)
5867 <-> SPYWARE-PUT Hijacker couponbar runtime detection - get updates to toolbar buttons (spyware-put.rules, Low)
5871 <-> SPYWARE-PUT Trickler VX2/ABetterInternet transponder thinstaller runtime detection - post information (spyware-put.rules, Low)
5879 <-> DELETED SPYWARE-PUT Adware trustyfiles v2.4.0.4 runtime detection - update notification (deleted.rules, Low)
5881 <-> SPYWARE-PUT Keylogger spyagent runtime detect - ftp delivery (spyware-put.rules, Medium)
5889 <-> SPYWARE-PUT Hijacker shopnav runtime detection - collect information (spyware-put.rules, Low)
5890 <-> SPYWARE-PUT Hijacker shopnav runtime detection - self-update request 1 (spyware-put.rules, Low)
5891 <-> SPYWARE-PUT Hijacker shopnav runtime detection - self-update request 2 (spyware-put.rules, Low)
5896 <-> SPYWARE-PUT Hacker-Tool timbuktu pro runtime detection - tcp port 407 (spyware-put.rules, Low)
5897 <-> SPYWARE-PUT Hacker-Tool timbuktu pro runtime detection - udp port 407 (spyware-put.rules, Low)
5899 <-> SPYWARE-PUT Trackware adtools-screenmate runtime detection - generate desktop alert (spyware-put.rules, Medium)
5903 <-> SPYWARE-PUT Adware download accelerator plus runtime detection - get ads (spyware-put.rules, Low)
5910 <-> DELETED SPYWARE-PUT Trackware casalemedia runtime detection (deleted.rules, Medium)
5912 <-> DELETED SPYWARE-PUT Hijacker webcrawler runtime detection (deleted.rules, Low)
5914 <-> SPYWARE-PUT Hijacker locatorstoolbar runtime detection - configuration download (spyware-put.rules, Low)
5915 <-> SPYWARE-PUT Hijacker locatorstoolbar runtime detection - autosearch hijack (spyware-put.rules, Low)
5916 <-> SPYWARE-PUT Hijacker locatorstoolbar runtime detection - sidebar search (spyware-put.rules, Low)
5917 <-> SPYWARE-PUT Hijacker locatorstoolbar runtime detection - toolbar search (spyware-put.rules, Low)
5918 <-> SPYWARE-PUT Hijacker painter runtime detection - ping 'alive' signal (spyware-put.rules, Low)
5921 <-> SPYWARE-PUT Trackware fftoolbar toolbar runtime detection - send user url request (spyware-put.rules, Medium)
5922 <-> SPYWARE-PUT Trackware fftoolbar toolbar runtime detection - display advertisement news (spyware-put.rules, Medium)
5925 <-> SPYWARE-PUT Adware active shopper runtime detection - check (spyware-put.rules, Low)
5926 <-> SPYWARE-PUT Adware active shopper runtime detection - collect information (spyware-put.rules, Low)
5927 <-> SPYWARE-PUT Adware cashbar runtime detection - .smx requests (spyware-put.rules, Low)
5928 <-> SPYWARE-PUT Adware cashbar runtime detection - ads request (spyware-put.rules, Low)
5929 <-> SPYWARE-PUT Adware cashbar runtime detection - pop-up ad 1 (spyware-put.rules, Low)
5930 <-> SPYWARE-PUT Adware cashbar runtime detection - pop-up ad 2 (spyware-put.rules, Low)
5931 <-> DELETED SPYWARE-PUT Adware cashbar runtime detection - stats track 1 (deleted.rules, Low)
5932 <-> SPYWARE-PUT Adware cashbar runtime detection - stats track (spyware-put.rules, Low)
5939 <-> SPYWARE-PUT Trackware supreme toolbar runtime detection - get cfg (spyware-put.rules, Medium)
5940 <-> SPYWARE-PUT Trackware supreme toolbar runtime detection - search request (spyware-put.rules, Medium)
5942 <-> SPYWARE-PUT Trackware supreme toolbar runtime detection - pass information to its controlling server (spyware-put.rules, Medium)
5943 <-> SPYWARE-PUT Trackware supreme toolbar runtime detection - third party information collection (spyware-put.rules, Medium)
5944 <-> SPYWARE-PUT Adware free access bar runtime detection 1 (spyware-put.rules, Low)
5945 <-> SPYWARE-PUT Adware weirdontheweb runtime detection - track.cgi request (spyware-put.rules, Low)
5946 <-> SPYWARE-PUT Adware weirdontheweb runtime detection - monitor user web activity (spyware-put.rules, Low)
5949 <-> SPYWARE-PUT Trackware iggsey toolbar detection - simpleticker.htm request (spyware-put.rules, Medium)
5950 <-> SPYWARE-PUT Trackware iggsey toolbar detection - pass information to server (spyware-put.rules, Medium)
5951 <-> SPYWARE-PUT Trackware iggsey toolbar detection - search request (spyware-put.rules, Medium)
5954 <-> SPYWARE-PUT Trackware browserpal runtime detection - post user info to server (spyware-put.rules, Medium)
5961 <-> SPYWARE-PUT Hijacker searchfast detection - news ticker (spyware-put.rules, Low)
5966 <-> SPYWARE-PUT trackware searchinweb detection - search request (spyware-put.rules, Medium)
5970 <-> SPYWARE-PUT hijacker smart finder detection - keys update (spyware-put.rules, Low)
5971 <-> SPYWARE-PUT hijacker smart finder detection - track hits (spyware-put.rules, Low)
5973 <-> SPYWARE-PUT hijacker smart finder detection - search engines hijack (spyware-put.rules, Low)
5974 <-> SPYWARE-PUT hijacker smart finder detection - pop-up ads (spyware-put.rules, Low)
5975 <-> SPYWARE-PUT hijacker topfive searchassistant detection - search request (spyware-put.rules, Low)
5976 <-> SPYWARE-PUT hijacker topfive searchassistant detection - side search (spyware-put.rules, Low)
5977 <-> SPYWARE-PUT hijacker topfive searchassistant detection - post user information to server (spyware-put.rules, Low)
5978 <-> SPYWARE-PUT hijacker topfive searchassistant detection - update (spyware-put.rules, Low)
5979 <-> SPYWARE-PUT Trackware anwb toolbar runtime detection - track user ip address (spyware-put.rules, Medium)
5980 <-> SPYWARE-PUT Trackware anwb toolbar runtime detection - display advertisement (spyware-put.rules, Medium)
5981 <-> SPYWARE-PUT Hijacker seeqtoolbar runtime detection - autosearch hijack or search in toolbar (spyware-put.rules, Low)
5982 <-> SPYWARE-PUT Hijacker seeqtoolbar runtime detection - email login page (spyware-put.rules, Low)
5983 <-> SPYWARE-PUT Adware powerstrip runtime detection (spyware-put.rules, Low)
5986 <-> SPYWARE-PUT Trickler teomasearchbar runtime detection (spyware-put.rules, Low)
5987 <-> SPYWARE-PUT Hijacker wishbone runtime detection (spyware-put.rules, Low)
5988 <-> SPYWARE-PUT Trackware windupdates-mediagateway runtime detection - post data (spyware-put.rules, Medium)
5989 <-> SPYWARE-PUT Adware broadcastpc runtime detection - get config (spyware-put.rules, Low)
5990 <-> SPYWARE-PUT Adware broadcastpc runtime detection - get up-to-date movie/tv/ad information (spyware-put.rules, Low)
5992 <-> SPYWARE-PUT Hijacker getmirar runtime detection - get keyword-related content (spyware-put.rules, Low)
5993 <-> SPYWARE-PUT Hijacker getmirar runtime detection - track activity (spyware-put.rules, Low)
5994 <-> SPYWARE-PUT Hijacker getmirar runtime detection - click related button (spyware-put.rules, Low)
5995 <-> SPYWARE-PUT Adware offeragent runtime detection - information checking (spyware-put.rules, Low)
5996 <-> SPYWARE-PUT Adware offeragent runtime detection - ads request (spyware-put.rules, Low)
6107 <-> BACKDOOR backage 3.1 runtime detection (backdoor.rules, High)
6122 <-> BACKDOOR millenium v1.0 runtime detection (backdoor.rules, High)
6127 <-> BACKDOOR dkangel runtime detection - udp client-to-server (backdoor.rules, High)
6128 <-> BACKDOOR dkangel runtime detection - icmp echo reply client-to-server (backdoor.rules, High)
6146 <-> BACKDOOR mantis runtime detection - sent notify option client-to-server 2 (backdoor.rules, High)
6174 <-> BACKDOOR cookie monster 0.24 runtime detection - file explorer (backdoor.rules, High)
6176 <-> BACKDOOR guptachar 2.0 runtime detection (backdoor.rules, High)
6189 <-> SPYWARE-PUT Trackware try2find detection (spyware-put.rules, Medium)
6191 <-> SPYWARE-PUT Trackware onetoolbar runtime detection (spyware-put.rules, Medium)
6192 <-> SPYWARE-PUT Adware seekmo runtime detection - reporting keyword (spyware-put.rules, Low)
6196 <-> SPYWARE-PUT Hijacker smart shopper runtime detection - services requests (spyware-put.rules, Low)
6197 <-> SPYWARE-PUT Hijacker smart shopper runtime detection - track/upgrade/report activities (spyware-put.rules, Low)
6198 <-> SPYWARE-PUT Trackware squaretrade side bar runtime detection - collect user information (spyware-put.rules, Medium)
6199 <-> SPYWARE-PUT Hijacker smart search runtime detection - hijack/ads (spyware-put.rules, Low)
6200 <-> SPYWARE-PUT Hijacker smart search runtime detection - get settings (spyware-put.rules, Low)
6203 <-> SPYWARE-PUT Trickler farmmext runtime detection - drk.syn request (spyware-put.rules, Low)
6206 <-> SPYWARE-PUT Hacker-Tool sin stealer 1.1 runtime detection (spyware-put.rules, Low)
6207 <-> SPYWARE-PUT Keylogger winsession runtime detection - smtp (spyware-put.rules, Medium)
6208 <-> SPYWARE-PUT Keylogger winsession runtime detection - ftp (spyware-put.rules, Medium)
6209 <-> SPYWARE-PUT Adware deskwizz/zquest runtime detection - get config information / ad banner (spyware-put.rules, Low)
6212 <-> SPYWARE-PUT Adware commonname runtime detection (spyware-put.rules, Low)
6213 <-> SPYWARE-PUT Hijacker 7fasst runtime detection - auto requests (spyware-put.rules, Low)
6219 <-> SPYWARE-PUT Adware bonzibuddy runtime detection (spyware-put.rules, Low)
6220 <-> SPYWARE-PUT Keylogger boss everyware runtime detection (spyware-put.rules, Medium)
6222 <-> SPYWARE-PUT Adware delfin media viewer runtime detection - contact server (spyware-put.rules, Low)
6223 <-> SPYWARE-PUT Adware delfin media viewer runtime detection - retrieve schedule (spyware-put.rules, Low)
6225 <-> DELETED SPYWARE-PUT Adware exact.bargainbuddy runtime detection - ads - getsize request (deleted.rules, Low)
6228 <-> DELETED SPYWARE-PUT Adware exact.bargainbuddy runtime detection - disclaimer text (deleted.rules, Low)
6229 <-> DELETED SPYWARE-PUT Adware exact.bargainbuddy runtime detection - adp ads (deleted.rules, Low)
6232 <-> SPYWARE-PUT Adware mirar runtime detection - thumbnail (spyware-put.rules, Low)
6233 <-> SPYWARE-PUT Adware mirar runtime detection - delayed (spyware-put.rules, Low)
6237 <-> SPYWARE-PUT Adware lop runtime detection - check update request (spyware-put.rules, Low)
6239 <-> SPYWARE-PUT Adware lop runtime detection - collect info request 2 (spyware-put.rules, Low)
6241 <-> SPYWARE-PUT Adware lop runtime detection - ie autosearch hijack (spyware-put.rules, Low)
6250 <-> SPYWARE-PUT Adware hotbar runtime detection - hotbar user-agent (spyware-put.rules, Low)
6251 <-> SPYWARE-PUT Adware hotbar runtime detection - hostie user-agent (spyware-put.rules, Low)
6252 <-> SPYWARE-PUT Trackware quicksearch toolbar runtime detection - search request (spyware-put.rules, Medium)
6254 <-> SPYWARE-PUT Trackware quicksearch toolbar runtime detection - redirect (spyware-put.rules, Medium)
6270 <-> SPYWARE-PUT Hijacker topicks runtime detection (spyware-put.rules, Low)
6275 <-> SPYWARE-PUT Hijacker incredifind runtime detection - cookie (spyware-put.rules, Low)
6281 <-> SPYWARE-PUT Hijacker yoursitebar runtime detection (spyware-put.rules, Low)
6282 <-> SPYWARE-PUT Hijacker customtoolbar runtime detection (spyware-put.rules, Low)
6290 <-> BACKDOOR netspy runtime detection - command pattern server-to-client (backdoor.rules, High)
6321 <-> BACKDOOR ptakks2.1 runtime detection - keepalive acknowledgement (backdoor.rules, High)
6322 <-> BACKDOOR ptakks2.1 runtime detection - command pattern (backdoor.rules, High)
6324 <-> BACKDOOR 3xBackdoor runtime detection (backdoor.rules, High)
6336 <-> BACKDOOR buttman v0.9p runtime detection - remote control (backdoor.rules, High)
6341 <-> SPYWARE-PUT Hijacker spediabar user-agent string detected (spyware-put.rules, Low)
6342 <-> SPYWARE-PUT Hijacker spediabar runtime detection - info check (spyware-put.rules, Low)
6343 <-> SPYWARE-PUT Adware targetsaver runtime detection (spyware-put.rules, Low)
6358 <-> SPYWARE-PUT Hijacker need2find search query detection (spyware-put.rules, Low)
6359 <-> SPYWARE-PUT Adware altnet runtime detection - initial retrieval (spyware-put.rules, Low)
6360 <-> SPYWARE-PUT Adware altnet runtime detection - update (spyware-put.rules, Low)
6361 <-> SPYWARE-PUT Adware altnet runtime detection - status report (spyware-put.rules, Low)
6363 <-> SPYWARE-PUT adware surfaccuracy runtime detection (spyware-put.rules, Low)
6364 <-> SPYWARE-PUT Hijacker imeshbar runtime detection (spyware-put.rules, Low)
6365 <-> SPYWARE-PUT Other-Technologies sony rootkit runtime detection (spyware-put.rules, Low)
6372 <-> SPYWARE-PUT Trickler spyblocs eblocs detection - get wsliveup.dat (spyware-put.rules, Low)
6373 <-> SPYWARE-PUT Trickler spyblocs eblocs detection - stbarpat.dat (spyware-put.rules, Low)
6374 <-> SPYWARE-PUT Trickler spyblocs eblocs detection - get spyblpat.dat/spyblini.ini (spyware-put.rules, Low)
6377 <-> SPYWARE-PUT Hijacker girafa toolbar - browser hijack (spyware-put.rules, Low)
6384 <-> SPYWARE-PUT Keylogger stealthwatcher 2000 runtime detection - agent discover broadcast (spyware-put.rules, Medium)
6385 <-> SPYWARE-PUT Keylogger stealthwatcher 2000 runtime detection - agent status monitoring (spyware-put.rules, Medium)
6386 <-> SPYWARE-PUT Keylogger stealthwatcher 2000 runtime detection - agent up notification (spyware-put.rules, Medium)
6398 <-> BACKDOOR http rat runtime detection - http (backdoor.rules, High)
6408 <-> POLICY webshots desktop traffic (policy.rules, Low)
6467 <-> CHAT jabber traffic detected (chat.rules, High)
6477 <-> SPYWARE-PUT Hacker-Tool beee runtime detection - smtp (spyware-put.rules, Low)
6478 <-> SPYWARE-PUT Trackware searchingall toolbar runtime detection - send user url request (spyware-put.rules, Medium)
6480 <-> SPYWARE-PUT Hijacker cws.cameup runtime detection - home page (spyware-put.rules, Low)
6481 <-> SPYWARE-PUT Hijacker cws.cameup runtime detection - search (spyware-put.rules, Low)
6482 <-> SPYWARE-PUT Hijacker makemesearch toolbar runtime detection - get info (spyware-put.rules, Low)
6483 <-> SPYWARE-PUT Hijacker makemesearch toolbar runtime detection - home page hijacker (spyware-put.rules, Low)
6484 <-> SPYWARE-PUT Hijacker makemesearch toolbar runtime detection - search (spyware-put.rules, Low)
6487 <-> SPYWARE-PUT Adware searchnugget toolbar runtime detection - check updates (spyware-put.rules, Low)
6488 <-> SPYWARE-PUT Adware searchnugget toolbar runtime detection - redirect mistyped urls (spyware-put.rules, Low)
6489 <-> SPYWARE-PUT Hijacker analyze IE runtime detection - default page hijacker (spyware-put.rules, Low)
6490 <-> SPYWARE-PUT Dialer yeaknet runtime detection - home page hijacker (spyware-put.rules, Low)
6494 <-> SPYWARE-PUT Adware yourenhancement runtime detection (spyware-put.rules, Low)
6496 <-> SPYWARE-PUT Adware adpowerzone runtime detection (spyware-put.rules, Low)
7033 <-> POLICY GoToMyPC local service running (policy.rules, High)
7034 <-> POLICY GoToMyPC remote control attempt (policy.rules, High)
7050 <-> SPYWARE-PUT Hijacker freecruise toolbar runtime detection (spyware-put.rules, Low)
7055 <-> SPYWARE-PUT Hijacker vip01 biz runtime detection - adv (spyware-put.rules, Low)
7068 <-> BACKDOOR delta source 0.5 beta runtime detection - ping (backdoor.rules, High)
7069 <-> BACKDOOR delta source 0.5 beta runtime detection - pc info (backdoor.rules, High)
7074 <-> BACKDOOR w32.dumaru.gen@mm runtime detection - cmd (backdoor.rules, High)
7100 <-> DELETED BACKDOOR mass connect 1.1 runtime detection - http (deleted.rules, High)
7118 <-> BACKDOOR y3k 1.2 runtime detection - user-agent string detected (backdoor.rules, High)
7138 <-> SPYWARE-PUT Other-Technologies clicktrojan runtime detection - version check (spyware-put.rules, Low)
7139 <-> SPYWARE-PUT Other-Technologies clicktrojan runtime detection - fake search query (spyware-put.rules, Low)
7140 <-> SPYWARE-PUT Adware pay-per-click runtime detection - configuration (spyware-put.rules, Low)
7141 <-> SPYWARE-PUT Adware pay-per-click runtime detection - update (spyware-put.rules, Low)
7142 <-> SPYWARE-PUT Adware ares flash downloader 2.04 runtime detection (spyware-put.rules, Low)
7143 <-> SPYWARE-PUT Adware digink.com runtime detection (spyware-put.rules, Low)
7144 <-> SPYWARE-PUT Hijacker cool search runtime detection (spyware-put.rules, Low)
7154 <-> SPYWARE-PUT Keylogger active keylogger home runtime detection (spyware-put.rules, Medium)
7169 <-> SPYWARE-PUT Keylogger ab system spy runtime detection - information exchange (spyware-put.rules, Medium)
7174 <-> DELETED SPYWARE-PUT Keylogger ab system spy runtime detection - info update (deleted.rules, Medium)
7177 <-> SPYWARE-PUT Keylogger ab system spy runtime detection - info send through email (spyware-put.rules, Medium)
7180 <-> SPYWARE-PUT Keylogger desktop detective 2000 runtime detection - init connection (spyware-put.rules, Medium)
7182 <-> DELETED SPYWARE-PUT Keylogger desktop detective 2000 runtime detection - info request (deleted.rules, Medium)
7185 <-> SPYWARE-PUT Keylogger 007 spy software runtime detection - ftp (spyware-put.rules, Medium)
7190 <-> SPYWARE-PUT Adware trustyfiles v3.1.0.1 runtime detection - host retrieval (spyware-put.rules, Low)
7191 <-> SPYWARE-PUT Adware trustyfiles v3.1.0.1 runtime detection - url retrieval (spyware-put.rules, Low)
7192 <-> SPYWARE-PUT Adware trustyfiles v3.1.0.1 runtime detection - sponsor selection (spyware-put.rules, Low)
7193 <-> SPYWARE-PUT Adware trustyfiles v3.1.0.1 runtime detection - startup access (spyware-put.rules, Low)
7194 <-> SPYWARE-PUT Hijacker shopprreports runtime detection - services requests (spyware-put.rules, Low)
7195 <-> SPYWARE-PUT Hijacker shopprreports runtime detection - track/upgrade/report activities (spyware-put.rules, Low)
7504 <-> SPYWARE-PUT Keylogger actualspy runtime detection - ftp-data (spyware-put.rules, Medium)
7505 <-> SPYWARE-PUT Keylogger actualspy runtime detection - smtp (spyware-put.rules, Medium)
7511 <-> SPYWARE-PUT Trickler edonkey2000 runtime detection - get ads page (spyware-put.rules, Low)
7514 <-> SPYWARE-PUT Keylogger watchdog runtime detection - send out info to server periodically (spyware-put.rules, Medium)
7515 <-> SPYWARE-PUT Keylogger watchdog runtime detection - remote monitoring (spyware-put.rules, Medium)
7516 <-> SPYWARE-PUT Trickler hmtoolbar runtime detection (spyware-put.rules, Low)
7518 <-> SPYWARE-PUT Trackware earthlink toolbar runtime detection - get up-to-date news info (spyware-put.rules, Medium)
7519 <-> DELETED SPYWARE-PUT Trackware earthlink toolbar runtime detection - track activity (deleted.rules, Medium)
7522 <-> SPYWARE-PUT Trackware earthlink toolbar runtime detection - search toolbar request 2 (spyware-put.rules, Medium)
7523 <-> SPYWARE-PUT Trackware earthlink toolbar runtime detection - click news button links (spyware-put.rules, Medium)
7524 <-> SPYWARE-PUT Hijacker moneybar runtime detection - cgispy counter (spyware-put.rules, Low)
7525 <-> SPYWARE-PUT Trackware hotblox toolbar runtime detection - barad.asp request (spyware-put.rules, Medium)
7526 <-> SPYWARE-PUT Trackware hotblox toolbar runtime detection - stat counter (spyware-put.rules, Medium)
7527 <-> SPYWARE-PUT Trackware hotblox toolbar runtime detection - toolbar find function (spyware-put.rules, Medium)
7529 <-> SPYWARE-PUT Snoopware halflife jacker runtime detection (spyware-put.rules, Medium)
7531 <-> SPYWARE-PUT Trickler mediaseek.pl client runtime detection - login (spyware-put.rules, Low)
7532 <-> SPYWARE-PUT Adware piolet runtime detection - user-agent (spyware-put.rules, Low)
7533 <-> SPYWARE-PUT Adware piolet runtime detection - ads request (spyware-put.rules, Low)
7534 <-> SPYWARE-PUT Hijacker clearsearch variant runtime detection - ie hijacking (spyware-put.rules, Low)
7535 <-> SPYWARE-PUT Hijacker clearsearch variant runtime detection - pass information (spyware-put.rules, Low)
7537 <-> SPYWARE-PUT Trackware arrow search runtime detection (spyware-put.rules, Medium)
7539 <-> SPYWARE-PUT Keylogger eye spy pro 1.0 runtime detection (spyware-put.rules, Medium)
7547 <-> SPYWARE-PUT Keylogger activity monitor 3.8 runtime detection - agent status monitoring (spyware-put.rules, Medium)
7548 <-> SPYWARE-PUT Keylogger activity monitor 3.8 runtime detection - agent up notification (spyware-put.rules, Medium)
7549 <-> SPYWARE-PUT Keylogger activity monitor 3.8 runtime detection (spyware-put.rules, Medium)
7550 <-> SPYWARE-PUT Adware adroar runtime detection (spyware-put.rules, Low)
7551 <-> SPYWARE-PUT Keylogger ardamax keylogger runtime detection - smtp (spyware-put.rules, Medium)
7552 <-> SPYWARE-PUT Keylogger ardamax keylogger runtime detection - ftp (spyware-put.rules, Medium)
7557 <-> SPYWARE-PUT Trackware purityscan runtime detection - start up (spyware-put.rules, Medium)
7558 <-> SPYWARE-PUT Trackware purityscan runtime detection - installation notify (spyware-put.rules, Medium)
7559 <-> SPYWARE-PUT Trackware purityscan runtime detection - track user activity and status (spyware-put.rules, Medium)
7562 <-> SPYWARE-PUT Adware morpheus runtime detection - ad 1 (spyware-put.rules, Low)
7563 <-> SPYWARE-PUT Adware morpheus runtime detection - ad 2 (spyware-put.rules, Low)
7567 <-> SPYWARE-PUT Trackware funwebproducts mywebsearchtoolbar-funtools runtime detection (spyware-put.rules, Medium)
7569 <-> SPYWARE-PUT Adware lordofsearch runtime detection (spyware-put.rules, Low)
7570 <-> SPYWARE-PUT Hijacker linkspider search bar runtime detection - ads (spyware-put.rules, Low)
7571 <-> SPYWARE-PUT Hijacker linkspider search bar runtime detection - toolbar search (spyware-put.rules, Low)
7572 <-> SPYWARE-PUT Trickler album galaxy runtime detection - startup data (spyware-put.rules, Low)
7573 <-> SPYWARE-PUT Trickler album galaxy runtime detection - p2p gnutella (spyware-put.rules, Low)
7575 <-> SPYWARE-PUT Hijacker starware toolbar runtime detection - weather request (spyware-put.rules, Low)
7576 <-> SPYWARE-PUT Hijacker starware toolbar runtime detection - hijack ie browser (spyware-put.rules, Low)
7581 <-> SPYWARE-PUT Hijacker flashbar runtime detection - user-agent (spyware-put.rules, Low)
7582 <-> SPYWARE-PUT Trickler pcast runtime detection - update checking (spyware-put.rules, Low)
7587 <-> SPYWARE-PUT Trickler urlblaze runtime detection - software information request (spyware-put.rules, Low)
7589 <-> SPYWARE-PUT Trickler urlblaze runtime detection - irc notification (spyware-put.rules, Low)
7593 <-> SPYWARE-PUT Trackware trellian toolbarbrowser runtime detection (spyware-put.rules, Medium)
7594 <-> SPYWARE-PUT Adware comedy planet runtime detection - ads (spyware-put.rules, Low)
7597 <-> SPYWARE-PUT Keylogger spy lantern keylogger runtime detection (spyware-put.rules, Medium)
7603 <-> SPYWARE-PUT Snoopware big brother v3.5.1 runtime detection - connect to receiver (spyware-put.rules, Medium)
7613 <-> DELETED BACKDOOR flux 1.0 runtime detection - successful initial connection (deleted.rules, High)
7615 <-> DELETED BACKDOOR flux 1.0 runtime detection - keep alive (deleted.rules, High)
7624 <-> BACKDOOR remote control 1.7 runtime detection - data communication (backdoor.rules, High)
7642 <-> BACKDOOR am remote client runtime detection - server-to-client (backdoor.rules, High)
7646 <-> BACKDOOR snipernet 2.1 runtime detection (backdoor.rules, High)
7647 <-> BACKDOOR minicom lite runtime detection - udp (backdoor.rules, High)
7649 <-> BACKDOOR minicom lite runtime detection - server-to-client (backdoor.rules, High)
7655 <-> DELETED BACKDOOR small uploader 1.01 runtime detection - remote shell (deleted.rules, High)
7669 <-> BACKDOOR screen control 1.0 runtime detection - capture on port 2213 (backdoor.rules, High)
7691 <-> BACKDOOR evade runtime detection - file manager (backdoor.rules, High)
7706 <-> BACKDOOR omniquad instant remote control runtime detection - initial connection (backdoor.rules, High)
7711 <-> BACKDOOR amitis runtime command detection attacker to victim (backdoor.rules, High)
7712 <-> BACKDOOR amitis runtime detection victim to attacker (backdoor.rules, High)
7727 <-> BACKDOOR reversable ver1.0 runtime detection - execute command (backdoor.rules, High)
7732 <-> BACKDOOR outbreak_0.2.7 runtime detection - ring client-to-server (backdoor.rules, High)
7739 <-> BACKDOOR alexmessomalex runtime detection - grab (backdoor.rules, High)
7758 <-> BACKDOOR glacier runtime detection - initial connection and directory browse (backdoor.rules, High)
7759 <-> BACKDOOR glacier runtime detection - screen capture (backdoor.rules, High)
7760 <-> BACKDOOR netthief runtime detection (backdoor.rules, High)
7801 <-> BACKDOOR portal of doom runtime detection - udp cts (backdoor.rules, High)
7802 <-> BACKDOOR portal of doom runtime detection - udp stc (backdoor.rules, High)
7822 <-> BACKDOOR xbkdr runtime detection (backdoor.rules, High)
7827 <-> SPYWARE-PUT Adware whenu runtime detection - search request 1 (spyware-put.rules, Low)
7828 <-> SPYWARE-PUT Adware whenu runtime detection - search request 2 (spyware-put.rules, Low)
7829 <-> SPYWARE-PUT Adware gator user-agent detected (spyware-put.rules, Low)
7832 <-> SPYWARE-PUT Hijacker navexcel helper runtime detection - active/update (spyware-put.rules, Low)
7835 <-> SPYWARE-PUT Hacker-Tool nettracker runtime detection - report browsing (spyware-put.rules, Low)
7837 <-> SPYWARE-PUT Keylogger spyoutside runtime detection - email delivery (spyware-put.rules, Medium)
7839 <-> SPYWARE-PUT Hijacker rx toolbar runtime detection (spyware-put.rules, Low)
7848 <-> SPYWARE-PUT Hijacker netguide runtime detection (spyware-put.rules, Low)
7856 <-> SPYWARE-PUT Trackware winsysba-a runtime detection - track surfing activity (spyware-put.rules, Medium)
7861 <-> POLICY Google Desktop activity (policy.rules, High)
8071 <-> SPYWARE-PUT Hijacker findthewebsiteyouneed runtime detection - search hijack (spyware-put.rules, Low)
8072 <-> SPYWARE-PUT Hijacker findthewebsiteyouneed runtime detection - surf monitor (spyware-put.rules, Low)
8073 <-> SPYWARE-PUT Adware zango toolbar runtime detection (spyware-put.rules, Low)
8358 <-> SPYWARE-PUT Hijacker yok supersearch runtime detection - addressbar keyword search hijack (spyware-put.rules, Low)
8359 <-> SPYWARE-PUT Hijacker yok supersearch runtime detection - target website display (spyware-put.rules, Low)
8360 <-> SPYWARE-PUT Hijacker yok supersearch runtime detection - search info collect (spyware-put.rules, Low)
8464 <-> SPYWARE-PUT Adware henbang runtime detection (spyware-put.rules, Low)
8467 <-> SPYWARE-PUT Keylogger netobserve runtime detection - remote login response (spyware-put.rules, Medium)
8468 <-> SPYWARE-PUT Hijacker accoona runtime detection - collect info (spyware-put.rules, Low)
8477 <-> DELETED BACKDOOR superspy 2.0 beta runtime detection - file management (deleted.rules, High)
8542 <-> SPYWARE-PUT Trackware deluxecommunications runtime detection - collect info (spyware-put.rules, Medium)
8544 <-> SPYWARE-PUT Keylogger nicespy runtime detection - smtp (spyware-put.rules, Medium)
8545 <-> SPYWARE-PUT Adware roogoo runtime detection - surfing monitor (spyware-put.rules, Low)
8549 <-> BACKDOOR zxshell runtime detection - setting information retrieve (backdoor.rules, High)
9327 <-> SPECIFIC-THREATS netsky.af smtp propagation detection (specific-threats.rules, High)
9329 <-> SPECIFIC-THREATS yarner.b smtp propagation detection (specific-threats.rules, High)
9330 <-> SPECIFIC-THREATS mydoom.e smtp propagation detection (specific-threats.rules, High)
9331 <-> SPECIFIC-THREATS mydoom.m smtp propagation detection (specific-threats.rules, High)
9332 <-> SPECIFIC-THREATS mimail.a smtp propagation detection (specific-threats.rules, High)
9333 <-> SPECIFIC-THREATS mimail.e smtp propagation detection (specific-threats.rules, High)
9336 <-> SPECIFIC-THREATS netsky.t smtp propagation detection (specific-threats.rules, High)
9337 <-> SPECIFIC-THREATS netsky.x smtp propagation detection (specific-threats.rules, High)
9338 <-> SPECIFIC-THREATS mydoom.i smtp propagation detection (specific-threats.rules, High)
9339 <-> SPECIFIC-THREATS klez.g web propagation detection (specific-threats.rules, High)
9340 <-> SPECIFIC-THREATS klez.i web propagation detection (specific-threats.rules, High)
9342 <-> SPECIFIC-THREATS paroc.a smtp propagation detection (specific-threats.rules, High)
9345 <-> SPECIFIC-THREATS kipis.a smtp propagation detection (specific-threats.rules, High)
9351 <-> SPECIFIC-THREATS lovgate.a netshare propagation detection (specific-threats.rules, High)
9352 <-> SPECIFIC-THREATS lovgate.a smtp propagation detection (specific-threats.rules, High)
9354 <-> SPECIFIC-THREATS deborm.y netshare propagation detection (specific-threats.rules, High)
9355 <-> SPECIFIC-THREATS deborm.u netshare propagation detection (specific-threats.rules, High)
9361 <-> SPECIFIC-THREATS mimail.l smtp propagation detection (specific-threats.rules, High)
9365 <-> SPECIFIC-THREATS cult.c smtp propagation detection (specific-threats.rules, High)
9366 <-> SPECIFIC-THREATS mimail.s smtp propagation detection (specific-threats.rules, High)
9372 <-> SPECIFIC-THREATS blebla.a smtp propagation detection (specific-threats.rules, High)
9373 <-> SPECIFIC-THREATS clepa smtp propagation detection (specific-threats.rules, High)
9374 <-> SPECIFIC-THREATS creepy.b smtp propagation detection (specific-threats.rules, High)
9375 <-> SPECIFIC-THREATS duksten.c smtp propagation detection (specific-threats.rules, High)
9377 <-> SPECIFIC-THREATS mydoom.g smtp propagation detection (specific-threats.rules, High)
9380 <-> SPECIFIC-THREATS jitux msn messenger propagation detection (specific-threats.rules, High)
9383 <-> SPECIFIC-THREATS netsky.y smtp propagation detection (specific-threats.rules, High)
9386 <-> SPECIFIC-THREATS bagle.f smtp propagation detection (specific-threats.rules, High)
9387 <-> SPECIFIC-THREATS klez.j web propagation detection (specific-threats.rules, High)
9389 <-> SPECIFIC-THREATS bagle.i smtp propagation detection (specific-threats.rules, High)
9390 <-> SPECIFIC-THREATS deborm.d netshare propagation detection (specific-threats.rules, High)
9392 <-> SPECIFIC-THREATS bagle.j smtp propagation detection (specific-threats.rules, High)
9393 <-> SPECIFIC-THREATS bagle.k smtp propagation detection (specific-threats.rules, High)
9397 <-> SPECIFIC-THREATS neysid smtp propagation detection (specific-threats.rules, High)
9400 <-> SPECIFIC-THREATS abotus smtp propagation detection (specific-threats.rules, High)
9403 <-> SPECIFIC-THREATS netsky.aa smtp propagation detection (specific-threats.rules, High)
9404 <-> SPECIFIC-THREATS netsky.ac smtp propagation detection (specific-threats.rules, High)
9405 <-> SPECIFIC-THREATS netsky.af smtp propagation detection (specific-threats.rules, High)
9407 <-> SPECIFIC-THREATS lovgate.b netshare propagation detection (specific-threats.rules, High)
9408 <-> SPECIFIC-THREATS lacrow smtp propagation detection (specific-threats.rules, High)
9413 <-> SPECIFIC-THREATS ganda smtp propagation detection (specific-threats.rules, High)
9417 <-> SPECIFIC-THREATS bagle.a smtp propagation detection (specific-threats.rules, High)
9418 <-> BOTNET-CNC bagle.a http notification detection (botnet-cnc.rules, High)
9425 <-> SPECIFIC-THREATS netsky attachment (specific-threats.rules, High)
9622 <-> DOS Spiffit UDP denial of service attempt (dos.rules, Medium)
9644 <-> SPYWARE-PUT Adware imnames runtime detection (spyware-put.rules, Low)
9648 <-> SPYWARE-PUT Keylogger emailspypro runtime detection (spyware-put.rules, Medium)
9650 <-> SPYWARE-PUT Keylogger ghost Keylogger runtime detection (spyware-put.rules, Medium)
9652 <-> SPYWARE-PUT Hijacker oemji bar runtime detection (spyware-put.rules, Low)
9655 <-> BACKDOOR apofis 1.0 runtime detection - remote controlling (backdoor.rules, High)
9657 <-> BACKDOOR bersek 1.0 runtime detection - init connection (backdoor.rules, High)
9663 <-> BACKDOOR bersek 1.0 runtime detection - start remote shell (backdoor.rules, High)
9667 <-> BACKDOOR superra runtime detection - issue remote control command (backdoor.rules, High)
9827 <-> SPYWARE-PUT Keylogger paq keylog runtime detection - smtp (spyware-put.rules, Medium)
9829 <-> SPYWARE-PUT Trackware relevantknowledge runtime detection (spyware-put.rules, Medium)
9830 <-> SPYWARE-PUT Keylogger supreme spy runtime detection (spyware-put.rules, Medium)
9839 <-> BACKDOOR sun shadow 1.70 runtime detection - keep alive (backdoor.rules, High)
10088 <-> SPYWARE-PUT Keylogger beyond Keylogger runtime detection - log sent by smtp (spyware-put.rules, Medium)
10091 <-> SPYWARE-PUT Hacker-Tool spylply.a runtime detection (spyware-put.rules, Low)
10092 <-> SPYWARE-PUT Trackware russian searchbar runtime detection (spyware-put.rules, Medium)
10094 <-> SPYWARE-PUT Adware borlan runtime detection (spyware-put.rules, Low)
10095 <-> SPYWARE-PUT Trackware bydou runtime detection (spyware-put.rules, Medium)
10096 <-> SPYWARE-PUT Keylogger win32.remotekeylog.b runtime detection - keylog (spyware-put.rules, Medium)
10107 <-> BACKDOOR icmp cmd 1.0 runtime detection - pslist (backdoor.rules, High)
10108 <-> BACKDOOR icmp cmd 1.0 runtime detection - pskill (backdoor.rules, High)
10113 <-> BOTNET-CNC Trojan Peacomm command and control propagation detected (botnet-cnc.rules, High)
10114 <-> BOTNET-CNC Trojan Peacomm command and control propagation detected (botnet-cnc.rules, High)
10123 <-> SPECIFIC-THREATS PA168 chipset based IP phone default password attempt (specific-threats.rules, High)
10124 <-> SPECIFIC-THREATS PA168 chipset based IP phone authentication bypass (specific-threats.rules, High)
10164 <-> SPYWARE-PUT Adware adclicker-ej runtime detection (spyware-put.rules, Low)
10166 <-> SPYWARE-PUT Trackware baigoo runtime detection (spyware-put.rules, Medium)
10168 <-> BACKDOOR one runtime detection (backdoor.rules, High)
10169 <-> BACKDOOR matrix 1.03 by mtronic runtime detection - init connection (backdoor.rules, High)
10179 <-> SPYWARE-PUT Trackware bysoo runtime detection (spyware-put.rules, Medium)
10180 <-> SPYWARE-PUT Adware eqiso runtime detection (spyware-put.rules, Low)
10181 <-> SPYWARE-PUT Keylogger systemsleuth runtime detection (spyware-put.rules, Medium)
10182 <-> SPYWARE-PUT Adware newweb runtime detection (spyware-put.rules, Low)
10183 <-> SPYWARE-PUT Keylogger activity Keylogger runtime detection (spyware-put.rules, Medium)
10184 <-> BACKDOOR wow 23 runtime detection (backdoor.rules, High)
10185 <-> BACKDOOR x-door runtime detection (backdoor.rules, High)
10407 <-> EXPLOIT RealNetworks Helix Server LoadTestPassword buffer overflow attempt (exploit.rules, High)
10438 <-> SPYWARE-PUT Hijacker bazookabar runtime detection (spyware-put.rules, Low)
10440 <-> SPYWARE-PUT Keylogger pc black box runtime detection (spyware-put.rules, Medium)
10441 <-> SPYWARE-PUT Hacker-Tool statwin runtime detection (spyware-put.rules, Low)
10443 <-> BACKDOOR acidbattery 1.0 runtime detection - sniff info (backdoor.rules, High)
10446 <-> BACKDOOR acidbattery 1.0 runtime detection - get server info (backdoor.rules, High)
10447 <-> BACKDOOR 51d 1b runtime detection - icq notification (backdoor.rules, High)
10451 <-> BACKDOOR only 1 rat runtime detection - control command (backdoor.rules, High)
10452 <-> BACKDOOR only 1 rat runtime detection - icmp request (backdoor.rules, High)
11306 <-> SPYWARE-PUT Snoopware childwebguardian runtime detection - udp broadcast (spyware-put.rules, Medium)
11307 <-> SPYWARE-PUT Keylogger computer monitor Keylogger runtime detection (spyware-put.rules, Medium)
11311 <-> SPYWARE-PUT Keylogger pcsentinelsoftware Keylogger runtime detection - upload infor (spyware-put.rules, Medium)
11312 <-> SPYWARE-PUT Trackware uplink runtime detection (spyware-put.rules, Medium)
11315 <-> DELETED BACKDOOR ykw v375 runtime detection (deleted.rules, High)
11317 <-> BACKDOOR abremote pro 3.1 runtime detection - init connection (backdoor.rules, High)
11817 <-> WEB-CGI WhatsUpGold configuration access (web-cgi.rules, Medium)
11948 <-> SPYWARE-PUT Hijacker snap toolbar runtime detection - cookie (spyware-put.rules, Low)
11950 <-> BACKDOOR killav_gj (backdoor.rules, High)
11951 <-> BACKDOOR winshadow runtime detection - init connection request (backdoor.rules, High)
11952 <-> BACKDOOR winshadow runtime detection - udp response (backdoor.rules, High)
11954 <-> BACKDOOR supervisor plus runtime detection (backdoor.rules, High)
12002 <-> VOIP-SIP BYE flood (voip.rules, Medium)
12003 <-> VOIP-SIP CANCEL flood (voip.rules, Medium)
12004 <-> VOIP-SIP INVITE message invalid Content-Length size of zero (voip.rules, Medium)
12052 <-> BACKDOOR the[x] 1.2 runtime detection - execute command (backdoor.rules, High)
12073 <-> VOIP-SIP inbound 100 Trying message (voip.rules, Low)
12074 <-> VOIP-SIP outbound 100 Trying message (voip.rules, Low)
12121 <-> SPYWARE-PUT Adware pprich runtime detection - udp info sent out (spyware-put.rules, Low)
12122 <-> SPYWARE-PUT Trackware spynova runtime detection (spyware-put.rules, Medium)
12126 <-> SPYWARE-PUT Trackware lookster toolbar runtime detection - collect user information (spyware-put.rules, Medium)
12127 <-> SPYWARE-PUT Trackware lookster toolbar runtime detection - ads (spyware-put.rules, Medium)
12132 <-> SPYWARE-PUT Keylogger remotekeylog.b runtime detection - keylogging (spyware-put.rules, Medium)
12134 <-> SPYWARE-PUT Keylogger remotekeylog.b runtime detection - open url (spyware-put.rules, Medium)
12137 <-> SPYWARE-PUT Keylogger Keylogger king home 2.3 runtime detection (spyware-put.rules, Medium)
12138 <-> SPYWARE-PUT Adware zamingo runtime detection (spyware-put.rules, Low)
12149 <-> BACKDOOR back orifice 2006 - v1.1.5 runtime detection - init connection (backdoor.rules, High)
12151 <-> BACKDOOR cafeini 1.0 runtime detection (backdoor.rules, High)
12159 <-> BACKDOOR optix pro v1.32 runtime detection - keylogging (backdoor.rules, High)
12162 <-> BACKDOOR optix pro v1.32 runtime detection - screen capturing (backdoor.rules, High)
12224 <-> SPYWARE-PUT Adware enbrowser snackman runtime detection (spyware-put.rules, Low)
12228 <-> SPYWARE-PUT Trackware snap ultrasearch/desktop toolbar runtime detection - cookie (spyware-put.rules, Medium)
12291 <-> SPYWARE-PUT Trackware vmn toolbar runtime detection (spyware-put.rules, Medium)
12294 <-> SPYWARE-PUT Hijacker 3search runtime detection - counter (spyware-put.rules, Low)
12295 <-> SPYWARE-PUT Hijacker 3search runtime detection - hijacking (spyware-put.rules, Low)
12365 <-> SPYWARE-PUT Hijacker proventactics 3.5 runtime detection - redirect searches (spyware-put.rules, Low)
12366 <-> SPYWARE-PUT Hijacker proventactics 3.5 runtime detection - toolbar search function (spyware-put.rules, Low)
12367 <-> SPYWARE-PUT Hijacker imesh mediabar runtime detection - hijack ie searches (spyware-put.rules, Low)
12368 <-> SPYWARE-PUT Hijacker imesh mediabar runtime detection - hijack ie side search (spyware-put.rules, Low)
12369 <-> SPYWARE-PUT Hijacker imesh mediabar runtime detection - collect user information (spyware-put.rules, Low)
12371 <-> SPYWARE-PUT Hijacker sbu hotbar 4.8.4 runtime detection - user-agent string (spyware-put.rules, Low)
12378 <-> BACKDOOR shark 2.3.2 runtime detection (backdoor.rules, High)
12481 <-> SPYWARE-PUT Hijacker 411web toolbar runtime detection (spyware-put.rules, Low)
12482 <-> SPYWARE-PUT Trickler pseudorat 0.1b runtime detection (spyware-put.rules, Low)
12485 <-> SPYWARE-PUT Adware instant buzz runtime detection - random text ads (spyware-put.rules, Low)
12486 <-> SPYWARE-PUT Hijacker soso toolbar runtime detection - get weather information (spyware-put.rules, Low)
12487 <-> SPYWARE-PUT Hijacker soso toolbar runtime detection - hijack ie auto searches / soso toolbar searches requests (spyware-put.rules, Low)
12661 <-> BACKDOOR troll.a runtime detection (backdoor.rules, High)
12674 <-> SPYWARE-PUT Trackware searchmiracle elitebar runtime detection - track activity (spyware-put.rules, Medium)
12679 <-> SPYWARE-PUT Trackware myway speedbar / mywebsearch toolbar user-agent detection (spyware-put.rules, Medium)
12693 <-> SPYWARE-PUT Hijacker personalweb runtime detection (spyware-put.rules, Low)
12697 <-> SPYWARE-PUT Trackware browser accelerator runtime detection - pass user information to server (spyware-put.rules, Medium)
12698 <-> SPYWARE-PUT Keylogger net vizo 5.2 runtime detection (spyware-put.rules, Medium)
12700 <-> BACKDOOR poison ivy 2.3.0 runtime detection - init connection (backdoor.rules, High)
12702 <-> DELETED BACKDOOR poison ivy 2.3.0 runtime detection - server connection (deleted.rules, High)
12720 <-> SPYWARE-PUT Adware pestbot runtime detection - update (spyware-put.rules, Low)
12721 <-> SPYWARE-PUT Adware pestbot runtime detection - purchase (spyware-put.rules, Low)
12727 <-> BACKDOOR bandook 1.35 runtime detection (backdoor.rules, High)
12759 <-> SPYWARE-PUT Keylogger/RAT digi watcher 2.32 runtime detection (spyware-put.rules, Medium)
12761 <-> SPYWARE-PUT Keylogger powered Keylogger 2.2 runtime detection (spyware-put.rules, Medium)
12791 <-> SPYWARE-PUT Adware gophoria toolbar runtime detection (spyware-put.rules, Low)
12793 <-> SPYWARE-PUT Keylogger spy lantern Keylogger pro 6.0 runtime detection (spyware-put.rules, Medium)
12794 <-> SPYWARE-PUT Hijacker gralicwrap runtime detection - search frauddb process (spyware-put.rules, Low)
12795 <-> SPYWARE-PUT Hijacker gralicwrap runtime detection - display frauddb information (spyware-put.rules, Low)
13242 <-> SPYWARE-PUT Adware netpumper 1.26 runtime detection (spyware-put.rules, Low)
13282 <-> SPYWARE-PUT Adware jily ie toolbar runtime detection (spyware-put.rules, Low)
13285 <-> SPYWARE-PUT Hijacker phazebar runtime detection (spyware-put.rules, Low)
13341 <-> SPYWARE-PUT Hijacker search4top runtime detection - popup ads (spyware-put.rules, Low)
13343 <-> SPYWARE-PUT Adware 2005-search loader runtime detection (spyware-put.rules, Low)
13489 <-> SPYWARE-PUT Hijacker people pal toolbar runtime detection - traffic for searching (spyware-put.rules, Low)
13497 <-> SPYWARE-PUT Hijacker ez-tracks toolbar runtime detection - tracking traffic (spyware-put.rules, Low)
13499 <-> SPYWARE-PUT Hijacker hbtbar runtime detection - search traffic 2 (spyware-put.rules, Low)
13503 <-> SPYWARE-PUT Hijacker dealio toolbar runtime detection user-agent detected (spyware-put.rules, Low)
13507 <-> BACKDOOR evilotus 1.3.2 runtime detection - init connection (backdoor.rules, High)
13509 <-> BACKDOOR xploit 1.4.5 pc runtime detection (backdoor.rules, High)
13558 <-> SPYWARE-PUT Hijacker kword interkey runtime detection - log user info (spyware-put.rules, Low)
13568 <-> SPYWARE-PUT Keylogger sys keylog 1.3 advanced runtime detection (spyware-put.rules, Medium)
13648 <-> SPYWARE-PUT Hijacker mysearch bar 2.0.2.28 runtime detection (spyware-put.rules, Low)
13651 <-> SPYWARE-PUT Keylogger family cyber alert runtime detection - smtp traffic for recorded activities (spyware-put.rules, Medium)
13652 <-> SPYWARE-PUT Keylogger all in one Keylogger runtime detection (spyware-put.rules, Medium)
13653 <-> SPYWARE-PUT Adware cashfiesta adbar runtime detection - updates traffic (spyware-put.rules, Low)
13655 <-> BACKDOOR nuclear rat 2.1 runtime detection - init connection (backdoor.rules, High)
13810 <-> SPYWARE-PUT Trickler Adware.Win32.Ejik runtime detection - udp payload (spyware-put.rules, Low)
13812 <-> SPYWARE-PUT Keylogger refog Keylogger runtime detection (spyware-put.rules, Medium)
13813 <-> SPYWARE-PUT Trickler mm.exe runtime detection (spyware-put.rules, Low)
13849 <-> SPYWARE-PUT Hijacker rcse 4.4 runtime detection - hijack ie browser (spyware-put.rules, Low)
13852 <-> SPYWARE-PUT Hijacker bitroll 5.0 runtime detection (spyware-put.rules, Low)
13855 <-> SPYWARE-PUT Trackware speed runner runtime detection (spyware-put.rules, Medium)
13856 <-> BACKDOOR wintrim.z runtime detection (backdoor.rules, High)
13867 <-> SPYWARE-PUT Trackware adclicker-fc.gen.a runtime detection (spyware-put.rules, Medium)
13876 <-> BACKDOOR zlob.acc runtime detection (backdoor.rules, High)
13940 <-> SPYWARE-PUT Hijacker win32.bho.bgf runtime detection (spyware-put.rules, Low)
13941 <-> BACKDOOR trojan agent.nac runtime detection - click fraud (backdoor.rules, High)
13942 <-> BACKDOOR trojan agent.nac runtime detection - call home (backdoor.rules, High)
14055 <-> SPYWARE-PUT Hijacker rediff toolbar runtime detection - hijack ie auto search (spyware-put.rules, Low)
14057 <-> SPYWARE-PUT Trackware murzilka2 runtime detection (spyware-put.rules, Medium)
14065 <-> SPYWARE-PUT Keylogger emptybase j runtime detection (spyware-put.rules, Medium)
14066 <-> SPYWARE-PUT Adware winsecuredisc runtime detection (spyware-put.rules, Low)
14085 <-> BACKDOOR infostealer.banker.c runtime detection - collect user info (backdoor.rules, High)
14086 <-> BACKDOOR Adware.Win32.Agent.BM runtime detection 1 (backdoor.rules, High)
14087 <-> BACKDOOR Adware.Win32.Agent.BM runtime detection 2 (backdoor.rules, High)
15071 <-> SCADA Modbus exception returned (scada.rules, Low)
15072 <-> SCADA Modbus invalid protocol version (scada.rules, Low)
15073 <-> SCADA Modbus oversized payload (scada.rules, Low)
15074 <-> SCADA Modbus user-defined function code - 65 to 72 (scada.rules, Low)
15075 <-> SCADA Modbus user-defined function code - 100 to 110 (scada.rules, Low)
15076 <-> SCADA Modbus write multiple coils - too many outputs (scada.rules, Low)
15077 <-> SCADA Modbus read multiple coils - too many inputs (scada.rules, Low)
15292 <-> CHAT QQ protocol detected - version 2006 (chat.rules, High)
15293 <-> CHAT QQ protocol detected - version 2008 (chat.rules, High)
15423 <-> BOTNET-CNC Clampi virus communication detected (botnet-cnc.rules, High)
15425 <-> WEB-PHP phpBB mod tag board sql injection attempt (web-php.rules, High)
15486 <-> DELETED BACKDOOR Kraken command and control server search attempt (deleted.rules, High)
15577 <-> CHAT MSN Messenger web client activity (chat.rules, High)
15578 <-> SPECIFIC-THREATS Slowloris http DoS tool (specific-threats.rules, Medium)
15712 <-> SCADA DNP3 declared length too small (scada.rules, Low)
15713 <-> SCADA DNP3 device trouble (scada.rules, Low)
15714 <-> SCADA DNP3 corrupt configuration (scada.rules, Low)
15715 <-> SCADA DNP3 event buffer overflow error (scada.rules, Low)
15716 <-> SCADA DNP3 parameter error (scada.rules, Low)
15717 <-> SCADA DNP3 unknown object error (scada.rules, Low)
15718 <-> SCADA DNP3 unsupported function code error (scada.rules, Low)
15719 <-> SCADA DNP3 link service not supported (scada.rules, Low)
15720 <-> SCADA DNP3 reserved source address (scada.rules, Low)
15721 <-> SCADA DNP3 reserved destination address (scada.rules, Low)
16058 <-> SPECIFIC-THREATS Samba WINS Server Name Registration handling stack buffer overflow attempt (specific-threats.rules, High)
16092 <-> BACKDOOR win32.delf.jwh runtime detection (backdoor.rules, High)
16095 <-> BACKDOOR td.exe runtime detection - getfile (backdoor.rules, High)
16096 <-> BACKDOOR td.exe runtime detection - download (backdoor.rules, High)
16105 <-> BACKDOOR trojan.zlob runtime detection - topqualityads (backdoor.rules, High)
16116 <-> SPYWARE-PUT Trackware rightonadz.biz adrotator runtime detection - pass user info to remote server (spyware-put.rules, Medium)
16117 <-> SPYWARE-PUT Trackware rightonadz.biz adrotator runtime detection - ads (spyware-put.rules, Medium)
16121 <-> SPYWARE-PUT Hijacker weatherstudio runtime detection (spyware-put.rules, Low)
16271 <-> BACKDOOR srat 1.6 runtime detection (backdoor.rules, High)
17410 <-> WEB-MISC Generic HyperLink buffer overflow attempt (web-misc.rules, High)
17531 <-> SPECIFIC-THREATS Apple Quicktime MOV file JVTCompEncodeFrame heap overflow attempt (specific-threats.rules, High)
17537 <-> SPECIFIC-THREATS Microsoft Excel unspecified memory corruption attempt (specific-threats.rules, High)
17538 <-> SPECIFIC-THREATS Microsoft Excel unspecified memory corruption attempt (specific-threats.rules, High)
17539 <-> SPECIFIC-THREATS Microsoft Excel unspecified memory corruption attempt (specific-threats.rules, High)
18462 <-> SPECIFIC-THREATS Microsoft Windows 2003 browser election remote heap overflow attempt (specific-threats.rules, High)