Sourcefire VRT Rules Update

Date: 2012-03-27

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.1.2.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:21644 <-> ENABLED <-> SPYWARE-PUT Adware.MediaGetInstaller inbound connection - destination ip infected (spyware-put.rules)
 * 1:21641 <-> DISABLED <-> SPECIFIC-THREATS Possible banking trojan with known banking strings (specific-threats.rules)
 * 1:21624 <-> DISABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules)
 * 1:21631 <-> ENABLED <-> BOTNET-CNC Trojan.Sinowal javascript delivery method (botnet-cnc.rules)
 * 1:21639 <-> ENABLED <-> BLACKLIST USER-AGENT known Adware user agent mus - TDSS related (blacklist.rules)
 * 1:21626 <-> DISABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules)
 * 1:21643 <-> DISABLED <-> BOTNET-CNC Trojan.Bredolab variant outbound connection (botnet-cnc.rules)
 * 1:21634 <-> DISABLED <-> WEB-CLIENT Microsoft Windows wab32res.dll dll-load exploit attempt (web-client.rules)
 * 1:21632 <-> ENABLED <-> BOTNET-CNC Trojan.Ransom variant outbound connection (botnet-cnc.rules)
 * 1:21645 <-> ENABLED <-> SPYWARE-PUT Adware.MediaGetInstaller outbound connection - source ip infected (spyware-put.rules)
 * 1:21633 <-> DISABLED <-> NETBIOS Microsoft Windows wab32res.dll dll-load exploit attempt (netbios.rules)
 * 1:21630 <-> ENABLED <-> WEB-CLIENT ELF file parsing in different antivirus evasion attempt (web-client.rules)
 * 1:21640 <-> DISABLED <-> SPECIFIC-THREATS Possible Phoenix exploit kit landing page (specific-threats.rules)
 * 1:21625 <-> DISABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules)
 * 1:21638 <-> ENABLED <-> BOTNET-CNC Trojan.Aluereon TDSS infection variant outbound connection (botnet-cnc.rules)
 * 1:21635 <-> DISABLED <-> BACKDOOR Backdoor.Win32.Phdet.gen.A runtime detection (backdoor.rules)
 * 1:21642 <-> DISABLED <-> SPECIFIC-THREATS Possible malicious jar file download page (specific-threats.rules)
 * 1:21627 <-> DISABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules)
 * 1:21621 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules)
 * 1:21629 <-> ENABLED <-> WEB-CLIENT ELF file parsing in different antivirus evasion attempt (web-client.rules)
 * 1:21637 <-> ENABLED <-> PHISHING-SPAM local user attempted to fill out paypal phishing form (phishing-spam.rules)
 * 1:21636 <-> ENABLED <-> BLACKLIST USER-AGENT known Adware user agent gbot (blacklist.rules)
 * 1:21623 <-> DISABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules)
 * 1:21628 <-> DISABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules)
 * 1:21622 <-> ENABLED <-> BOTNET-CNC Trojan.Georbot variant outbound connection (botnet-cnc.rules)
 * 1:21620 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules)

Modified Rules:


 * 1:16000 <-> ENABLED <-> WEB-CLIENT Sun Microsystems Java gif handling memory corruption attempt (web-client.rules)
 * 1:4679 <-> DISABLED <-> WEB-CLIENT Apple Quicktime movie file component name integer overflow multipacket attempt (web-client.rules)
 * 1:6696 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected pHYs overflow attempt (web-client.rules)
 * 1:12219 <-> ENABLED <-> WEB-CLIENT RealNetworks RealPlayer SMIL wallclock parsing buffer overflow (web-client.rules)
 * 1:11180 <-> DISABLED <-> WEB-CLIENT Apple Quicktime movie ftyp buffer underflow (web-client.rules)
 * 1:16318 <-> ENABLED <-> WEB-CLIENT Microsoft Office Visio invalid ho tag attempt (web-client.rules)
 * 1:16231 <-> DISABLED <-> WEB-CLIENT Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt (web-client.rules)
 * 1:16268 <-> ENABLED <-> BACKDOOR trojan.tdss.1.gen install-time detection - yournewsblog.net (backdoor.rules)
 * 1:8445 <-> DISABLED <-> WEB-CLIENT Microsoft Windows RTF file with embedded object package download attempt (web-client.rules)
 * 1:9801 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player or Explorer Malformed MIDI File DOS attempt (web-client.rules)
 * 1:9840 <-> DISABLED <-> WEB-CLIENT Apple QuickTime HREF Track Detected (web-client.rules)
 * 1:16342 <-> ENABLED <-> WEB-CLIENT Microsoft Windows AVIFile truncated media file processing memory corruption attempt (web-client.rules)
 * 1:16353 <-> ENABLED <-> WEB-CLIENT FFmpeg OGV file format memory corruption attempt (web-client.rules)
 * 1:20288 <-> ENABLED <-> WEB-CLIENT RealNetworks RealPlayer QCP parsing buffer overflow attempt (web-client.rules)
 * 1:20270 <-> ENABLED <-> WEB-CLIENT Microsoft Windows afd.sys kernel-mode memory corruption attempt (web-client.rules)
 * 1:16360 <-> DISABLED <-> WEB-CLIENT Apple QuickTime Image Description Atom sign extension memory corruption attempt (web-client.rules)
 * 1:16361 <-> DISABLED <-> WEB-CLIENT Microsoft Office BMP header biClrUsed integer overflow attempt (web-client.rules)
 * 1:16422 <-> DISABLED <-> EXPLOIT Microsoft Windows Paint JPEG with malformed SOFx field (exploit.rules)
 * 1:16517 <-> ENABLED <-> WEB-CLIENT Free Download Manager .torrent parsing comment overflow attempt (web-client.rules)
 * 1:16518 <-> ENABLED <-> WEB-CLIENT Free Download Manager .torrent parsing announce overflow attempt (web-client.rules)
 * 1:16519 <-> ENABLED <-> WEB-CLIENT Free Download Manager .torrent parsing name overflow attempt (web-client.rules)
 * 1:16520 <-> ENABLED <-> WEB-CLIENT Free Download Manager .torrent parsing path overflow attempt (web-client.rules)
 * 1:16535 <-> ENABLED <-> EXPLOIT Microsoft Office Visio improper attribute code execution attempt (exploit.rules)
 * 1:16536 <-> ENABLED <-> EXPLOIT Microsoft Office Visio off-by-one in array index code execution attempt (exploit.rules)
 * 1:16542 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt (specific-threats.rules)
 * 1:16661 <-> ENABLED <-> EXPLOIT Microsoft Windows DirectX quartz.dll MJPEG content processing memory corruption attempt (exploit.rules)
 * 1:16673 <-> DISABLED <-> WEB-CLIENT Adobe Shockwave DIR file PAMI chunk code execution attempt (web-client.rules)
 * 1:16683 <-> ENABLED <-> WEB-MISC Nullsoft Winamp CAF file processing integer overflow attempt (web-misc.rules)
 * 1:16692 <-> DISABLED <-> WEB-CLIENT BlazeVideo BlazeDVD PLF playlist file name buffer overflow attempt (web-client.rules)
 * 1:16716 <-> DISABLED <-> WEB-CLIENT Oracle Java Web Start Splashscreen PNG processing buffer overflow attempt (web-client.rules)
 * 1:16739 <-> DISABLED <-> WEB-CLIENT MultiMedia Jukebox playlist file handling heap overflow attempt (web-client.rules)
 * 1:16743 <-> DISABLED <-> WEB-CLIENT Cain & Abel Remote Desktop Protocol file handling buffer overflow attempt (web-client.rules)
 * 1:17117 <-> ENABLED <-> EXPLOIT Microsoft Windows MPEG Layer-3 audio heap corruption attempt (exploit.rules)
 * 1:17128 <-> ENABLED <-> EXPLOIT Cinepak Codec VIDC decompression remote code execution attempt (exploit.rules)
 * 1:17134 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel out-of-bounds structure read memory corruption attempt (web-client.rules)
 * 1:17135 <-> ENABLED <-> EXPLOIT Microsoft Windows Movie Maker string size overflow attempt (exploit.rules)
 * 1:17149 <-> ENABLED <-> WEB-CLIENT VideoLAN VLC renamed zip file handling code execution attempt - 2 (web-client.rules)
 * 1:17150 <-> ENABLED <-> WEB-CLIENT VideoLAN VLC renamed zip file handling code execution attempt - 3 (web-client.rules)
 * 1:17190 <-> ENABLED <-> EXPLOIT Adobe Director remote code execution attempt (exploit.rules)
 * 1:17191 <-> ENABLED <-> EXPLOIT Adobe Director remote code execution attempt (exploit.rules)
 * 1:17192 <-> ENABLED <-> EXPLOIT Adobe Director remote code execution attempt (exploit.rules)
 * 1:17193 <-> ENABLED <-> EXPLOIT Adobe Director remote code execution attempt (exploit.rules)
 * 1:17194 <-> ENABLED <-> EXPLOIT Adobe Director file tSAC tag exploit attempt (exploit.rules)
 * 1:17196 <-> ENABLED <-> EXPLOIT Adobe Director file exploit attempt (exploit.rules)
 * 1:17197 <-> ENABLED <-> EXPLOIT Adobe Director file exploit attempt (exploit.rules)
 * 1:17198 <-> ENABLED <-> EXPLOIT Adobe Director file exploit attempt (exploit.rules)
 * 1:17231 <-> DISABLED <-> WEB-CLIENT Microsoft Kodak Imaging small offset malformed tiff - little-endian (web-client.rules)
 * 1:17238 <-> ENABLED <-> WEB-CLIENT ACD Systems ACDSee Products XBM file handling buffer overflow attempt (web-client.rules)
 * 1:17276 <-> DISABLED <-> WEB-MISC Multiple vendor Antivirus magic byte detection evasion attempt (web-misc.rules)
 * 1:17277 <-> DISABLED <-> WEB-MISC Multiple vendor Antivirus magic byte detection evasion attempt (web-misc.rules)
 * 1:17278 <-> DISABLED <-> WEB-MISC Multiple vendor Antivirus magic byte detection evasion attempt (web-misc.rules)
 * 1:17304 <-> ENABLED <-> WEB-CLIENT Microsoft Works file converter file section header index table stack overflow attempt (web-client.rules)
 * 1:17315 <-> ENABLED <-> WEB-CLIENT OpenOffice OLE File Stream Buffer Overflow (web-client.rules)
 * 1:17365 <-> DISABLED <-> WEB-CLIENT Microsoft Help Workshop CNT Help contents buffer overflow attempt (web-client.rules)
 * 1:17372 <-> ENABLED <-> WEB-CLIENT Apple QuickTime udta atom parsing heap overflow vulnerability (web-client.rules)
 * 1:17378 <-> ENABLED <-> WEB-CLIENT Mozilla Firefox Animated PNG Processing integer overflow (web-client.rules)
 * 1:17379 <-> ENABLED <-> WEB-CLIENT Mozilla Firefox Animated PNG Processing integer overflow (web-client.rules)
 * 1:17381 <-> ENABLED <-> SPECIFIC-THREATS Apple QuickTime PDAT Atom parsing buffer overflow attempt (specific-threats.rules)
 * 1:17388 <-> DISABLED <-> WEB-CLIENT OpenOffice EMF file EMR record parsing integer overflow attempt (web-client.rules)
 * 1:17395 <-> ENABLED <-> SPECIFIC-THREATS Oracle Java Web Start Splashscreen GIF decoding buffer overflow attempt (specific-threats.rules)
 * 1:17403 <-> ENABLED <-> WEB-CLIENT OpenOffice RTF File parsing heap buffer overflow attempt (web-client.rules)
 * 1:17443 <-> DISABLED <-> WEB-CLIENT Microsoft DirectShow AVI decoder buffer overflow attempt (web-client.rules)
 * 1:17523 <-> DISABLED <-> SPECIFIC-THREATS Apple QuickTime H.264 Movie File Buffer Overflow (specific-threats.rules)
 * 1:17531 <-> ENABLED <-> SPECIFIC-THREATS Apple Quicktime MOV file JVTCompEncodeFrame heap overflow attempt (specific-threats.rules)
 * 1:17541 <-> DISABLED <-> SPECIFIC-THREATS Avast! Antivirus Engine Remote LHA buffer overflow attempt (specific-threats.rules)
 * 1:17548 <-> ENABLED <-> WEB-CLIENT Apple Quicktime SMIL File Handling Integer Overflow attempt (web-client.rules)
 * 1:17553 <-> DISABLED <-> SPECIFIC-THREATS Adobe Pagemaker Font Name Buffer Overflow attempt (specific-threats.rules)
 * 1:17574 <-> DISABLED <-> SPECIFIC-THREATS Sophos Anti-Virus Visio File Parsing Buffer Overflow attempt (specific-threats.rules)
 * 1:17601 <-> ENABLED <-> WEB-CLIENT Mozilla Firefox file type memory corruption attempt (web-client.rules)
 * 1:17610 <-> ENABLED <-> WEB-CLIENT GStreamer QuickTime file parsing multiple heap overflow attempt (web-client.rules)
 * 1:17611 <-> ENABLED <-> WEB-CLIENT GStreamer QuickTime file parsing multiple heap overflow attempt (web-client.rules)
 * 1:17612 <-> ENABLED <-> WEB-CLIENT GStreamer QuickTime file parsing multiple heap overflow attempt (web-client.rules)
 * 1:17650 <-> ENABLED <-> SPECIFIC-THREATS Adobe Pagemaker Key Strings Stack Buffer Overflow attempt (specific-threats.rules)
 * 1:17678 <-> ENABLED <-> WEB-CLIENT Adobe BMP image handler buffer overflow attempt (web-client.rules)
 * 1:17734 <-> ENABLED <-> WEB-MISC Microsoft Office Excel REPT integer underflow attempt (web-misc.rules)
 * 1:17735 <-> ENABLED <-> SPECIFIC-THREATS Adobe Pagemaker Font Name Buffer Overflow attempt (specific-threats.rules)
 * 1:17740 <-> DISABLED <-> SPECIFIC-THREATS Apple Quicktime FlashPix processing overflow attempt (specific-threats.rules)
 * 1:17747 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer compressed HDMX font processing integer overflow attempt (exploit.rules)
 * 1:17752 <-> ENABLED <-> EXPLOIT OpenType Font file parsing denial of service attempt (exploit.rules)
 * 1:17773 <-> ENABLED <-> EXPLOIT Microsoft Windows Media Player Firefox plugin memory corruption attempt (exploit.rules)
 * 1:17803 <-> ENABLED <-> WEB-CLIENT Adobe Shockwave Director rcsL chunk memory corruption attempt (web-client.rules)
 * 1:17806 <-> ENABLED <-> SPECIFIC-THREATS Adobe Shockwave Director rcsL chunk remote code execution attempt (specific-threats.rules)
 * 1:17807 <-> ENABLED <-> SPECIFIC-THREATS Adobe Shockwave Director rcsL chunk remote code execution attempt (specific-threats.rules)
 * 1:18201 <-> ENABLED <-> EXPLOIT Microsoft Office TIFF filter remote code execution attempt (exploit.rules)
 * 1:18212 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Publisher tyo.oty field heap overflow attempt (specific-threats.rules)
 * 1:18214 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Publisher 97 conversion remote code execution attempt (specific-threats.rules)
 * 1:18219 <-> DISABLED <-> WEB-CLIENT Microsoft Windows ATMFD font driver remote code execution attempt (web-client.rules)
 * 1:18229 <-> ENABLED <-> SPECIFIC-THREATS Microsoft FlashPix tile length overflow attempt (specific-threats.rules)
 * 1:18230 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Publisher memory corruption attempt (specific-threats.rules)
 * 1:18236 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office TIFFIM32.FLT filter memory corruption attempt (specific-threats.rules)
 * 1:18331 <-> ENABLED <-> WEB-CLIENT Microsoft Office Visio DXF variable name overflow attempt (web-client.rules)
 * 1:18413 <-> ENABLED <-> EXPLOIT Microsoft Windows WMI tracing api integer truncation attempt (exploit.rules)
 * 1:18415 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Visio deserialization double free attempt (specific-threats.rules)
 * 1:18416 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Visio ORMinfo classes length overflow attempt (specific-threats.rules)
 * 1:18417 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Visio ORMinfo classes length overflow attempt (specific-threats.rules)
 * 1:18450 <-> DISABLED <-> SPECIFIC-THREATS Adobe Reader malformed BMP RGBQUAD attempt (specific-threats.rules)
 * 1:18463 <-> ENABLED <-> EXPLOIT Microsoft Windows MPEG Layer-3 audio heap corruption attempt (exploit.rules)
 * 1:18483 <-> ENABLED <-> WEB-CLIENT Apple iTunes Playlist Overflow Attempt (web-client.rules)
 * 1:18484 <-> ENABLED <-> WEB-CLIENT Apple iTunes Playlist Overflow Attempt (web-client.rules)
 * 1:18510 <-> ENABLED <-> WEB-CLIENT Apple Quicktime FlashPix Movie file integer overflow attempt (web-client.rules)
 * 1:18537 <-> ENABLED <-> WEB-CLIENT OpenOffice.org XPM file processing integer overflow attempt (web-client.rules)
 * 1:18561 <-> DISABLED <-> WEB-CLIENT Apple QuickTime PICT file overread buffer overflow attempt (web-client.rules)
 * 1:18599 <-> ENABLED <-> SPECIFIC-THREATS QuickTime PictureViewer buffer overflow attempt (specific-threats.rules)
 * 1:18600 <-> ENABLED <-> SPECIFIC-THREATS QuickTime PictureViewer buffer overflow attempt (specific-threats.rules)
 * 1:18615 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Works 4.x converter font name buffer overflow attempt (specific-threats.rules)
 * 1:18616 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Works 4.x converter font name buffer overflow attempt (specific-threats.rules)
 * 1:18635 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office PowerPoint malformed record call to freed object attempt (specific-threats.rules)
 * 1:18645 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows GDI+ arbitrary code execution attempt (specific-threats.rules)
 * 1:18680 <-> ENABLED <-> WEB-CLIENT Microsoft Office RTF malformed pfragments field (web-client.rules)
 * 1:18706 <-> ENABLED <-> WEB-CLIENT Microsoft Office RTF malformed second pfragments field (web-client.rules)
 * 1:18755 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Visio Data Type Memory Corruption (specific-threats.rules)
 * 1:18776 <-> DISABLED <-> WEB-CLIENT Adobe Shockwave Director pamm chunk memory corruption attempt (web-client.rules)
 * 1:18928 <-> DISABLED <-> WEB-CLIENT Apple QuickTime streaming debug error logging buffer overflow attempt (web-client.rules)
 * 1:18948 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office PowerPoint converter bad indirection remote code execution attempt (specific-threats.rules)
 * 1:18952 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows uniscribe fonts parsing memory corruption attempt (specific-threats.rules)
 * 1:19011 <-> DISABLED <-> WEB-CLIENT Adobe Shockwave Player Lnam chunk processing buffer overflow attempt (web-client.rules)
 * 1:19012 <-> DISABLED <-> WEB-CLIENT Adobe Shockwave Player Lnam chunk processing buffer overflow attempt (web-client.rules)
 * 1:19063 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows Movie Maker string size overflow attempt (specific-threats.rules)
 * 1:19064 <-> DISABLED <-> SPECIFIC-THREATS Microsoft OpenType font index remote code execution attempt (specific-threats.rules)
 * 1:19112 <-> DISABLED <-> SPECIFIC-THREATS Adobe Shockwave 3D stucture heap overflow (specific-threats.rules)
 * 1:19113 <-> DISABLED <-> SPECIFIC-THREATS Adobe Shockwave 3D structure opcode 81 overflow attempt (specific-threats.rules)
 * 1:19114 <-> DISABLED <-> SPECIFIC-THREATS Adobe Shockwave 3D structure opcode 45 overflow attempt (specific-threats.rules)
 * 1:19115 <-> DISABLED <-> SPECIFIC-THREATS Adobe Shockwave 3D structure opcode 89 overflow attempt (specific-threats.rules)
 * 1:19118 <-> DISABLED <-> SPECIFIC-THREATS Adobe Reader script injection vulnerability (specific-threats.rules)
 * 1:19126 <-> DISABLED <-> SPECIFIC-THREATS RealNetworks RealPlayer IVR handling heap buffer overflow attempt (specific-threats.rules)
 * 1:19127 <-> DISABLED <-> SPECIFIC-THREATS RealNetworks RealPlayer IVR handling heap buffer overflow attempt (specific-threats.rules)
 * 1:19130 <-> DISABLED <-> WEB-CLIENT Microsoft Windows MSPaint jpeg with malformed SOFx field exploit attempt (web-client.rules)
 * 1:19144 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows MPEG Layer-3 audio heap corruption attempt (specific-threats.rules)
 * 1:19146 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows DirectX quartz.dll MJPEG content processing memory corruption attempt (specific-threats.rules)
 * 1:19164 <-> ENABLED <-> BOTNET-CNC Trojan SpyEye outbound connection (botnet-cnc.rules)
 * 1:19170 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows .NET Framework XAML browser applications stack corruption (specific-threats.rules)
 * 1:19212 <-> DISABLED <-> EXPLOIT Microsoft Windows MFC Document title updating buffer overflow attempt (exploit.rules)
 * 1:19219 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows Fax Services Cover Page Editor Double Free Memory Corruption (specific-threats.rules)
 * 1:19220 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows Fax Services Cover Page Editor Double Free Memory Corruption (specific-threats.rules)
 * 1:19229 <-> DISABLED <-> EXPLOIT Microsoft Office Excel SLK file excessive Picture records exploit attempt (exploit.rules)
 * 1:19253 <-> ENABLED <-> WEB-CLIENT Adobe Acrobat Reader malicious language.engtesselate.ln file download attempt (web-client.rules)
 * 1:19306 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Publisher pubconv.dll corruption attempt (specific-threats.rules)
 * 1:19308 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows embedded OpenType EOT font integer overflow attempt (specific-threats.rules)
 * 1:19316 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office TIFF filter remote code execution attempt (specific-threats.rules)
 * 1:19403 <-> ENABLED <-> SPECIFIC-THREATS Cinepak Codec VIDC decompression remote code execution attempt (specific-threats.rules)
 * 1:19413 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt (specific-threats.rules)
 * 1:19414 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt (specific-threats.rules)
 * 1:19420 <-> DISABLED <-> SPECIFIC-THREATS VideoLAN VLC Media Player Subtitle StripTags Heap Buffer Overflow (specific-threats.rules)
 * 1:19421 <-> DISABLED <-> SPECIFIC-THREATS VideoLAN VLC Media Player Subtitle StripTags Heap Buffer Overflow (specific-threats.rules)
 * 1:19431 <-> DISABLED <-> WEB-CLIENT Nullsoft Winamp MIDI Timestamp buffer overflow attempt (web-client.rules)
 * 1:19432 <-> DISABLED <-> WEB-CLIENT Nullsoft Winamp MIDI Timestamp buffer overflow attempt (web-client.rules)
 * 1:19442 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office embedded Office Art drawings execution attempt (specific-threats.rules)
 * 1:19443 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office embedded Office Art drawings execution attempt (specific-threats.rules)
 * 1:19579 <-> ENABLED <-> BOTNET-CNC Trojan Win32.Potao.A outbound connection (botnet-cnc.rules)
 * 1:19621 <-> DISABLED <-> WEB-CLIENT MultiMedia Soft Components AdjMmsEng.dll PLS file processing buffer overflow attempt (web-client.rules)
 * 1:19807 <-> DISABLED <-> WEB-CLIENT Apple Safari Webkit SVG memory corruption attempt (web-client.rules)
 * 1:19811 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office PowerPoint malformed record call to freed object attempt (specific-threats.rules)
 * 1:19908 <-> DISABLED <-> WEB-MISC Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (web-misc.rules)
 * 1:19932 <-> ENABLED <-> WEB-CLIENT Microsoft Office Publisher 2007 pointer dereference attempt (web-client.rules)
 * 1:19956 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Movie Maker project file heap buffer overflow attempt (web-client.rules)
 * 1:19995 <-> ENABLED <-> BOTNET-CNC Waledac outbound connection (botnet-cnc.rules)
 * 1:20034 <-> DISABLED <-> EXPLOIT ESTsoft ALZip MIM File Buffer Overflow Attempt (exploit.rules)
 * 1:20049 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel SLK file excessive Picture records exploit attempt (specific-threats.rules)
 * 1:20055 <-> DISABLED <-> SPECIFIC-THREATS Oracle Java runtime JPEGImageReader overflow attempt (specific-threats.rules)
 * 1:20059 <-> DISABLED <-> SPECIFIC-THREATS Apple Quicktime PictureViewer GIF rendering vulnerability (specific-threats.rules)
 * 1:20062 <-> DISABLED <-> EXPLOIT Microsoft Office Excel File Importing Code Execution (exploit.rules)
 * 1:20128 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office invalid MS-OGRAPH DataFormat record (specific-threats.rules)
 * 1:20133 <-> DISABLED <-> WEB-CLIENT Microsoft MHTML XSS attempt (web-client.rules)
 * 1:20224 <-> DISABLED <-> WEB-CLIENT MPlayer SMI file buffer overflow attempt (web-client.rules)
 * 1:20227 <-> DISABLED <-> EXPLOIT VideoLAN VLC webm memory corruption attempt (exploit.rules)
 * 1:11267 <-> DISABLED <-> WEB-CLIENT Adobe Photoshop PNG file handling stack buffer overflow attempt (web-client.rules)
 * 1:12184 <-> DISABLED <-> MISC Microsoft Office Excel workbook workspace designation handling arbitrary code execution attempt (misc.rules)
 * 1:6691 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected sBIT overflow attempt (web-client.rules)
 * 1:3534 <-> DISABLED <-> WEB-CLIENT Mozilla GIF single packet heap overflow - NETSCAPE2.0 (web-client.rules)
 * 1:20237 <-> DISABLED <-> WEB-CLIENT MultiMedia Jukebox playlist file handling heap overflow attempt (web-client.rules)
 * 1:21492 <-> ENABLED <-> SPECIFIC-THREATS Blackhole landing page with specific structure - prototype catch (specific-threats.rules)
 * 1:21510 <-> ENABLED <-> SPECIFIC-THREATS Sakura exploit kit logo transfer (specific-threats.rules)
 * 1:6690 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected iCCP overflow attempt (web-client.rules)
 * 1:21582 <-> DISABLED <-> SPECIFIC-THREATS PDF obfuscation attempt (specific-threats.rules)
 * 1:20283 <-> DISABLED <-> WEB-CLIENT VideoLAN VLC ModPlug ReadS3M overflow attempt (web-client.rules)
 * 1:2440 <-> DISABLED <-> WEB-CLIENT RealNetworks RealPlayer playlist rtsp URL overflow attempt (web-client.rules)
 * 1:3632 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Bitmap width integer overflow attempt (web-client.rules)
 * 1:20261 <-> DISABLED <-> WEB-CLIENT Microsoft Windows win32k.sys kernel mode null pointer dereference attempt (web-client.rules)
 * 1:20927 <-> ENABLED <-> BOTNET-CNC Trojan.Spyeye-207 outbound connection (botnet-cnc.rules)
 * 1:4675 <-> DISABLED <-> WEB-CLIENT Adobe Flash DOACTION tag overflow attempt (web-client.rules)
 * 1:6502 <-> DISABLED <-> WEB-CLIENT Mozilla GIF single packet heap overflow - ANIMEXTS1.0 (web-client.rules)
 * 1:20295 <-> DISABLED <-> SPECIFIC-THREATS Public LibTiff Exploit (specific-threats.rules)
 * 1:2439 <-> DISABLED <-> WEB-CLIENT RealNetworks RealPlayer playlist http URL overflow attempt (web-client.rules)
 * 1:21059 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules)
 * 1:20553 <-> DISABLED <-> WEB-CLIENT Un4seen Developments XMPlay crafted ASX file buffer overflow attempt (web-client.rules)
 * 1:2707 <-> DISABLED <-> WEB-CLIENT JPEG parser multipacket heap overflow (web-client.rules)
 * 1:20559 <-> DISABLED <-> WEB-CLIENT Nullsoft Winamp MIDI file buffer overflow attempt (web-client.rules)
 * 1:3685 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer bitmap BitmapOffset multipacket integer overflow attempt (web-client.rules)
 * 1:20565 <-> DISABLED <-> WEB-CLIENT Nullsoft Winamp AMF file buffer overflow attempt (web-client.rules)
 * 1:20566 <-> DISABLED <-> WEB-CLIENT Nullsoft Winamp AMF file buffer overflow attempt (web-client.rules)
 * 1:20636 <-> DISABLED <-> SPECIFIC-THREATS Adobe Photoshop CS5 gif file heap corruption attempt (specific-threats.rules)
 * 1:2438 <-> DISABLED <-> WEB-CLIENT RealNetworks RealPlayer playlist file URL overflow attempt (web-client.rules)
 * 1:20904 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows OpenType font parsing stack overflow attempt (specific-threats.rules)
 * 1:20637 <-> DISABLED <-> SPECIFIC-THREATS Adobe Photoshop CS5 gif file heap corruption attempt (specific-threats.rules)
 * 1:21157 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Excel macro validation arbitrary code execution attempt (specific-threats.rules)
 * 1:4136 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer JPEG heap overflow multipacket attempt (web-client.rules)
 * 1:2418 <-> DISABLED <-> MISC Microsoft Windows Terminal Server no encryption session initiation attempt (misc.rules)
 * 1:20717 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows OLE versioned stream missing data stream (specific-threats.rules)
 * 1:20719 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Publisher Opltc memory corruption attempt (specific-threats.rules)
 * 1:21078 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows DirectShow GraphEdt closed captioning memory corruption (specific-threats.rules)
 * 1:20720 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Publisher 2003 EscherStm memory corruption attempt (specific-threats.rules)
 * 1:20284 <-> DISABLED <-> WEB-CLIENT VideoLAN VLC ModPlug ReadS3M overflow attempt (web-client.rules)
 * 1:21489 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows chm file malware related exploit (specific-threats.rules)
 * 1:20721 <-> DISABLED <-> WEB-CLIENT Microsoft Office Publisher PLC object memory corruption attempt (web-client.rules)
 * 1:21503 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Excel SXDB memory corruption (specific-threats.rules)
 * 1:21587 <-> DISABLED <-> WEB-CLIENT VisiWave VWR file parsing code execution attempt (web-client.rules)
 * 1:20734 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player digital video recording buffer overflow attempt (web-client.rules)
 * 1:21562 <-> ENABLED <-> BOTNET-CNC Trojan.Bredolab variant outbound connection (botnet-cnc.rules)
 * 1:20903 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows OpenType font parsing stack overflow attempt (specific-threats.rules)
 * 1:20735 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation of privileges attempt (specific-threats.rules)
 * 1:21156 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Excel macro validation arbitrary code execution attempt (specific-threats.rules)
 * 1:5711 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player zero length bitmap heap overflow attempt (web-client.rules)
 * 1:3689 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer tRNS overflow attempt (web-client.rules)
 * 1:20755 <-> ENABLED <-> BOTNET-CNC Win32.Krap outbound connection (botnet-cnc.rules)
 * 1:21387 <-> DISABLED <-> WEB-CLIENT Oracle Java runtime RMIConnectionImpl deserialization execution attempt (web-client.rules)
 * 1:20762 <-> ENABLED <-> BOTNET-CNC MacOS.Flashback.A outbound connection (botnet-cnc.rules)
 * 1:5741 <-> DISABLED <-> WEB-CLIENT Microsoft HTML help workshop buffer overflow attempt (web-client.rules)
 * 1:20842 <-> DISABLED <-> WEB-MISC Interactive Data eSignal stack buffer overflow attempt (web-misc.rules)
 * 1:20843 <-> DISABLED <-> WEB-MISC Interactive Data eSignal stack buffer overflow attempt (web-misc.rules)
 * 1:6689 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected cHRM overflow attempt (web-client.rules)
 * 1:16186 <-> ENABLED <-> WEB-CLIENT Microsoft Windows GDI+ interlaced PNG file parsing heap overflow attempt (web-client.rules)
 * 1:20882 <-> DISABLED <-> WEB-CLIENT Microsoft Windows embedded packager object identifier (web-client.rules)
 * 1:15866 <-> DISABLED <-> WEB-CLIENT libxml2 file processing long entity overflow attempt (web-client.rules)
 * 1:12983 <-> DISABLED <-> WEB-CLIENT Microsoft Windows DirectX SAMI file CRawParser buffer overflow attempt (web-client.rules)
 * 1:15871 <-> ENABLED <-> WEB-CLIENT FFmpeg 4xm processing memory corruption attempt (web-client.rules)
 * 1:13318 <-> DISABLED <-> WEB-CLIENT 3ivx MP4 file parsing cmt buffer overflow attempt (web-client.rules)
 * 1:16269 <-> ENABLED <-> BACKDOOR trojan.tdss.1.gen install-time detection - findzproportal1.com (backdoor.rules)
 * 1:14020 <-> DISABLED <-> WEB-CLIENT CyberLink PowerDVD playlist file handling stack overflow attempt (web-client.rules)
 * 1:16051 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Publisher 2007 conversion library code execution attempt (specific-threats.rules)
 * 1:15157 <-> ENABLED <-> WEB-CLIENT VideoLAN VLC Media Player XSPF memory corruption attempt (web-client.rules)
 * 1:6693 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected bKGD overflow attempt (web-client.rules)
 * 1:12746 <-> ENABLED <-> EXPLOIT Apple QuickTime STSD atom overflow attempt (exploit.rules)
 * 1:12707 <-> DISABLED <-> WEB-CLIENT RealNetworks RealPlayer lyrics heap overflow attempt (web-client.rules)
 * 1:15682 <-> ENABLED <-> WEB-CLIENT Microsoft Windows DirectShow QuickTime file stsc atom parsing heap corruption attempt (web-client.rules)
 * 1:13319 <-> DISABLED <-> WEB-CLIENT 3ivx MP4 file parsing des buffer overflow attempt (web-client.rules)
 * 1:13893 <-> DISABLED <-> WEB-CLIENT Microsoft malformed saved search heap corruption attempt (web-client.rules)
 * 1:13920 <-> ENABLED <-> WEB-CLIENT Apple Quicktime Obji Atom parsing stack buffer overflow attempt (web-client.rules)
 * 1:1448 <-> DISABLED <-> MISC Microsoft Windows Terminal server request attempt (misc.rules)
 * 1:13293 <-> DISABLED <-> WEB-CLIENT Apple QuickTime panorama atoms buffer overflow attempt (web-client.rules)
 * 1:13865 <-> ENABLED <-> WEB-CLIENT Adobe BMP image handler buffer overflow attempt (web-client.rules)
 * 1:6698 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected tIME overflow attempt (web-client.rules)
 * 1:6692 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected sRGB overflow attempt (web-client.rules)
 * 1:14019 <-> DISABLED <-> WEB-CLIENT CyberLink PowerDVD playlist file handling stack overflow attempt (web-client.rules)
 * 1:6699 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected iTXt overflow attempt (web-client.rules)
 * 1:12634 <-> DISABLED <-> EXPLOIT Microsoft Windows 2000 Kodak Imaging large offset malformed tiff 2 (exploit.rules)
 * 1:15104 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Visual Basic 6.0 malformed AVI buffer overflow attempt (web-client.rules)
 * 1:13320 <-> DISABLED <-> WEB-CLIENT 3ivx MP4 file parsing cpy buffer overflow attempt (web-client.rules)
 * 1:13890 <-> DISABLED <-> SQL Microsoft SQL Server Backup Database File integer overflow attempt (sql.rules)
 * 1:13317 <-> DISABLED <-> WEB-CLIENT 3ivx MP4 file parsing nam buffer overflow attempt (web-client.rules)
 * 1:13470 <-> ENABLED <-> EXPLOIT Microsoft Office Publisher memory corruption attempt (exploit.rules)
 * 1:13889 <-> DISABLED <-> SQL Microsoft SQL Server Backup Database File integer overflow attempt (sql.rules)
 * 1:15559 <-> ENABLED <-> WEB-CLIENT Apple QuickTime Movie File Clipping Region handling heap buffer overflow attempt (web-client.rules)
 * 1:6701 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected zTXt overflow attempt (web-client.rules)
 * 1:1447 <-> DISABLED <-> MISC Microsoft Windows Terminal server RDP attempt (misc.rules)
 * 1:14039 <-> ENABLED <-> EXPLOIT GNOME Project libxslt RC4 key string buffer overflow attempt (exploit.rules)
 * 1:15526 <-> ENABLED <-> EXPLOIT Microsoft Works 4.x converter font name buffer overflow attempt (exploit.rules)
 * 1:15106 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word .rtf file integer overflow attempt (web-client.rules)
 * 1:15487 <-> ENABLED <-> MULTIMEDIA Apple QuickTime SMIL qtnext redirect file execution attempt (multimedia.rules)
 * 1:12745 <-> DISABLED <-> WEB-CLIENT FLAC libFLAC picture metadata buffer overflow attempt (web-client.rules)
 * 1:16055 <-> DISABLED <-> WEB-CLIENT Apple iTunes AAC file handling integer overflow attempt (web-client.rules)
 * 1:12728 <-> ENABLED <-> WEB-CLIENT RealNetworks SMIL wallclock stack overflow attempt (web-client.rules)
 * 1:13466 <-> ENABLED <-> WEB-CLIENT Microsoft Works file converter file section length headers memory corruption attempt (web-client.rules)
 * 1:13316 <-> DISABLED <-> WEB-CLIENT 3ivx MP4 file parsing ART buffer overflow attempt (web-client.rules)
 * 1:15107 <-> DISABLED <-> WEB-CLIENT Microsoft Office Word .rtf file stylesheet buffer overflow attempt (web-client.rules)
 * 1:15854 <-> ENABLED <-> WEB-CLIENT Microsoft Windows AVIFile media file processing memory corruption attempt (web-client.rules)
 * 1:15241 <-> ENABLED <-> MULTIMEDIA VideoLAN VLC real.c ReadRealIndex real demuxer integer overflow attempt (multimedia.rules)
 * 1:12743 <-> DISABLED <-> WEB-CLIENT FLAC libFLAC picture description metadata buffer overflow attempt (web-client.rules)
 * 1:15080 <-> ENABLED <-> MULTIMEDIA VideoLAN VLC Media Player WAV processing integer overflow attempt (multimedia.rules)
 * 1:15995 <-> ENABLED <-> EXPLOIT Microsoft Windows DirectX malformed avi file mjpeg compression arbitrary code execution attempt (exploit.rules)
 * 1:15303 <-> ENABLED <-> WEB-CLIENT Microsoft Office Visio Malformed IconBitsComponent arbitrary code execution attempt (web-client.rules)
 * 1:13823 <-> ENABLED <-> WEB-CLIENT Microsoft Windows DirectX SAMI file parsing buffer overflow attempt (web-client.rules)
 * 1:15299 <-> ENABLED <-> WEB-CLIENT Microsoft Office Visio invalid ho tag attempt (web-client.rules)
 * 1:16062 <-> DISABLED <-> MISC ACD Systems ACDSee Products XPM values section buffer overflow attempt (misc.rules)
 * 1:15695 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Embedded Open Type Font malformed name table platform type 3 integer overflow attempt (web-client.rules)
 * 1:15901 <-> ENABLED <-> MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt (multimedia.rules)
 * 1:13888 <-> DISABLED <-> SQL Microsoft SQL Server Backup Database File integer overflow attempt (sql.rules)
 * 1:12744 <-> DISABLED <-> WEB-CLIENT FLAC libFLAC VORBIS string buffer overflow attempt (web-client.rules)
 * 1:15946 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Vista Feed Headlines Gagdet code execution attempt (web-client.rules)
 * 1:12593 <-> DISABLED <-> EXPLOIT Mozilla Firefox Apple Quicktime chrome exploit (exploit.rules)
 * 1:6694 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected hIST overflow attempt (web-client.rules)
 * 1:2673 <-> DISABLED <-> WEB-CLIENT libpng tRNS overflow attempt (web-client.rules)
 * 1:20883 <-> DISABLED <-> WEB-CLIENT Microsoft Windows embedded packager object with .application extension bypass attempt (web-client.rules)
 * 1:15428 <-> DISABLED <-> WEB-CLIENT Mozilla Firefox SVG data processing memory corruption attempt (web-client.rules)
 * 1:6695 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected tRNS overflow attempt (web-client.rules)
 * 1:6697 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected sPLT overflow attempt (web-client.rules)
 * 1:16183 <-> ENABLED <-> WEB-CLIENT Microsoft Windows .NET MSIL CombineImpl suspicious usage (web-client.rules)
 * 1:16225 <-> DISABLED <-> EXPLOIT Adobe Shockwave Flash arbitrary memory access attempt (exploit.rules)
 * 1:21158 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Excel macro validation arbitrary code execution attempt (specific-threats.rules)
 * 1:20902 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows OpenType font parsing stack overflow attempt (specific-threats.rules)
 * 1:3134 <-> DISABLED <-> WEB-CLIENT Microsoft PNG large colour depth download attempt (web-client.rules)
 * 1:16184 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (specific-threats.rules)
 * 1:12099 <-> DISABLED <-> MISC Microsoft Office Excel rtWindow1 record handling arbitrary code execution attempt (misc.rules)
 * 1:9844 <-> DISABLED <-> WEB-CLIENT VLC Media Player udp URI format string attempt (web-client.rules)