Sourcefire VRT Rules Update

Date: 2012-11-01

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.3.0.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:24580 <-> DISABLED <-> SCADA Broadwin WebAccess ActiveX function call access (scada.rules)
 * 1:24557 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (file-office.rules)
 * 1:24553 <-> ENABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules)
 * 1:24552 <-> ENABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules)
 * 1:24594 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.MiniFlame C&C command response attempt (malware-other.rules)
 * 1:24545 <-> DISABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client response (malware-backdoor.rules)
 * 1:24586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Barkiofork outbound connection (malware-cnc.rules)
 * 1:24589 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24593 <-> ENABLED <-> EXPLOIT-KIT Blackholev2 landing page received - specific structure (exploit-kit.rules)
 * 1:24591 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24551 <-> ENABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules)
 * 1:24576 <-> DISABLED <-> MALWARE-CNC Win.Spy.Barus variant outbound connection (malware-cnc.rules)
 * 1:24554 <-> DISABLED <-> FILE-IDENTIFY Apple QuickTime PICT Image header (file-identify.rules)
 * 1:24563 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Veli variant outbound connection (malware-cnc.rules)
 * 1:24587 <-> ENABLED <-> FILE-OFFICE Microsoft Works Word document use after free attempt (file-office.rules)
 * 1:24566 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules)
 * 1:24579 <-> DISABLED <-> BROWSER-PLUGINS Viscom Movie Player Pro DrawText ActiveX function call access (browser-plugins.rules)
 * 1:24556 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (file-office.rules)
 * 1:24564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helai variant outbound connection (malware-cnc.rules)
 * 1:24561 <-> DISABLED <-> SERVER-WEBAPP WordPress XSS fs-admin.php injection attempt (server-webapp.rules)
 * 1:24547 <-> ENABLED <-> EXPLOIT-KIT Blackhole landing page download attempt (exploit-kit.rules)
 * 1:24582 <-> DISABLED <-> SCADA Broadwin WebAccess ActiveX function call access (scada.rules)
 * 1:24573 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules)
 * 1:24590 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:24568 <-> DISABLED <-> BLACKLIST User-Agent known malicious user agent - Mozilla/00 (blacklist.rules)
 * 1:24567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Olmarik variant outbound connection (malware-cnc.rules)
 * 1:24550 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV Atom length buffer overflow attempt (file-multimedia.rules)
 * 1:24585 <-> DISABLED <-> SCADA Broadwin WebAccess ActiveX function call access (scada.rules)
 * 1:24549 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV Atom length buffer overflow attempt (file-multimedia.rules)
 * 1:24598 <-> DISABLED <-> POLICY-SPAM 1.usa.gov URL in email, possible spam redirect (policy-spam.rules)
 * 1:24592 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24559 <-> DISABLED <-> BROWSER-PLUGINS CYME Power Engineering ShowPropertiesDialog ActiveX clsid access (browser-plugins.rules)
 * 1:24578 <-> DISABLED <-> BROWSER-PLUGINS Viscom Movie Player Pro DrawText ActiveX clsid access (browser-plugins.rules)
 * 1:24558 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (file-office.rules)
 * 1:24583 <-> DISABLED <-> SCADA Broadwin WebAccess ActiveX function call access (scada.rules)
 * 1:24572 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules)
 * 1:24565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Msposer variant outbound connection (malware-cnc.rules)
 * 1:24575 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent - Opera/9.61 (blacklist.rules)
 * 1:24546 <-> ENABLED <-> EXPLOIT-KIT Blackholev2 landing page download attempt (exploit-kit.rules)
 * 1:24584 <-> DISABLED <-> SCADA Broadwin WebAccess ActiveX clsid access (scada.rules)
 * 1:24560 <-> DISABLED <-> BROWSER-PLUGINS CYME Power Engineering ShowPropertiesDialog ActiveX function call access (browser-plugins.rules)
 * 1:24548 <-> ENABLED <-> EXPLOIT-KIT Blackhole landing page download attempt (exploit-kit.rules)
 * 1:24574 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules)
 * 1:24555 <-> DISABLED <-> FILE-IDENTIFY Apple QuickTime PICT Image header (file-identify.rules)
 * 1:24577 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent - MyApp (blacklist.rules)
 * 1:24570 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules)
 * 1:24562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (malware-cnc.rules)
 * 1:24588 <-> ENABLED <-> FILE-OFFICE Microsoft Works Word document use after free attempt (file-office.rules)
 * 1:24581 <-> DISABLED <-> SCADA Broadwin WebAccess ActiveX clsid access (scada.rules)
 * 1:24571 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules)
 * 3:24597 <-> ENABLED <-> EXPLOIT Oracle Reports Servlet information disclosure attempt (exploit.rules)
 * 3:24596 <-> ENABLED <-> EXPLOIT Oracle Reports Servlet information disclosure attempt (exploit.rules)
 * 3:24595 <-> ENABLED <-> EXPLOIT Oracle Reports Server information disclosure attempt (exploit.rules)

Modified Rules:


 * 1:10441 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool statwin runtime detection (malware-tools.rules)
 * 1:7123 <-> DISABLED <-> PUA-ADWARE Other-Technologies alfacleaner outbound connection - update (pua-adware.rules)
 * 1:6244 <-> DISABLED <-> PUA-ADWARE Hijacker coolwebsearch cameup outbound connection - ie auto search hijack (pua-adware.rules)
 * 1:7055 <-> DISABLED <-> PUA-ADWARE Hijacker vip01 biz outbound connection - adv (pua-adware.rules)
 * 1:7051 <-> DISABLED <-> PUA-ADWARE Trickler generic downloader.g outbound connection - spyware injection (pua-adware.rules)
 * 1:7054 <-> DISABLED <-> PUA-ADWARE Trickler download arq variant outbound connection (pua-adware.rules)
 * 1:7052 <-> DISABLED <-> PUA-ADWARE Trickler generic downloader.g outbound connection - adv (pua-adware.rules)
 * 1:6205 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool freak 88 das runtime detection (malware-tools.rules)
 * 1:6495 <-> DISABLED <-> PUA-ADWARE Hijacker troj_spywad.x outbound connection (pua-adware.rules)
 * 1:7049 <-> DISABLED <-> PUA-ADWARE Hijacker extreme biz outbound connection - uniq1 (pua-adware.rules)
 * 1:10435 <-> DISABLED <-> MALWARE-OTHER Trackware admedia runtime detection (malware-other.rules)
 * 1:6243 <-> DISABLED <-> PUA-ADWARE Hijacker coolwebsearch cameup outbound connection - home page hijack (pua-adware.rules)
 * 1:6242 <-> DISABLED <-> PUA-ADWARE Hijacker coolwebsearch.cameup outbound connection (pua-adware.rules)
 * 1:6214 <-> DISABLED <-> PUA-ADWARE Hijacker 7fasst outbound connection - search (pua-adware.rules)
 * 1:9829 <-> DISABLED <-> MALWARE-OTHER Trackware relevantknowledge runtime detection (malware-other.rules)
 * 1:9652 <-> DISABLED <-> PUA-ADWARE Hijacker oemji bar outbound connection (pua-adware.rules)
 * 1:9651 <-> DISABLED <-> PUA-ADWARE Hijacker ricercadoppia outbound connection (pua-adware.rules)
 * 1:9645 <-> DISABLED <-> PUA-ADWARE Hijacker sogou outbound connection - keyword hijack (pua-adware.rules)
 * 1:8542 <-> DISABLED <-> MALWARE-OTHER Trackware deluxecommunications runtime detection - collect info (malware-other.rules)
 * 1:8543 <-> DISABLED <-> MALWARE-OTHER Trackware deluxecommunications runtime detection - display popup ads (malware-other.rules)
 * 1:8469 <-> DISABLED <-> PUA-ADWARE Hijacker accoona outbound connection - open sidebar search url (pua-adware.rules)
 * 1:8468 <-> DISABLED <-> PUA-ADWARE Hijacker accoona outbound connection - collect info (pua-adware.rules)
 * 1:8463 <-> DISABLED <-> MALWARE-OTHER Trackware duduaccelerator runtime detection - trace login info (malware-other.rules)
 * 1:8462 <-> DISABLED <-> MALWARE-OTHER Trackware duduaccelerator runtime detection - trace info downloaded (malware-other.rules)
 * 1:8461 <-> DISABLED <-> MALWARE-OTHER Trackware duduaccelerator runtime detection - send userinfo (malware-other.rules)
 * 1:8360 <-> DISABLED <-> PUA-ADWARE Hijacker yok supersearch outbound connection - search info collect (pua-adware.rules)
 * 1:8359 <-> ENABLED <-> PUA-ADWARE Hijacker yok supersearch outbound connection - target website display (pua-adware.rules)
 * 1:8358 <-> ENABLED <-> PUA-ADWARE Hijacker yok supersearch outbound connection - addressbar keyword search hijack (pua-adware.rules)
 * 1:8072 <-> DISABLED <-> PUA-ADWARE Hijacker findthewebsiteyouneed outbound connection - surf monitor (pua-adware.rules)
 * 1:8071 <-> DISABLED <-> PUA-ADWARE Hijacker findthewebsiteyouneed outbound connection - search hijack (pua-adware.rules)
 * 1:7856 <-> DISABLED <-> MALWARE-OTHER Trackware winsysba-a runtime detection - track surfing activity (malware-other.rules)
 * 1:7852 <-> DISABLED <-> PUA-ADWARE Trickler maxsearch outbound connection - advertisement (pua-adware.rules)
 * 1:7851 <-> DISABLED <-> PUA-ADWARE Trickler maxsearch outbound connection - ack (pua-adware.rules)
 * 1:7850 <-> DISABLED <-> PUA-ADWARE Trickler maxsearch outbound connection - retrieve command (pua-adware.rules)
 * 1:7844 <-> DISABLED <-> PUA-ADWARE Hijacker avenuemedia.dyfuca outbound connection - post data (pua-adware.rules)
 * 1:7843 <-> DISABLED <-> PUA-ADWARE Hijacker avenuemedia.dyfuca outbound connection - search engine hijack (pua-adware.rules)
 * 1:7842 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool davps runtime detection (malware-tools.rules)
 * 1:7841 <-> DISABLED <-> PUA-ADWARE Hijacker instafinder error redirect detection (pua-adware.rules)
 * 1:7835 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool nettracker runtime detection - report browsing (malware-tools.rules)
 * 1:7836 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool nettracker runtime detection - report send through email (malware-tools.rules)
 * 1:7834 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool nettracker runtime detection - report browsing (malware-tools.rules)
 * 1:7833 <-> DISABLED <-> PUA-ADWARE Hijacker navexcel helper outbound connection - search (pua-adware.rules)
 * 1:7830 <-> DISABLED <-> PUA-ADWARE Botnet dacryptic outbound connection (pua-adware.rules)
 * 1:7824 <-> DISABLED <-> PUA-ADWARE Trickler whenu.clocksync outbound connection (pua-adware.rules)
 * 1:7826 <-> DISABLED <-> PUA-ADWARE Trickler whenu.weathercast outbound connection - check (pua-adware.rules)
 * 1:7713 <-> DISABLED <-> MALWARE-BACKDOOR Amitis v1.3 runtime detection - email notification (malware-backdoor.rules)
 * 1:7712 <-> DISABLED <-> MALWARE-BACKDOOR Amitis runtime detection victim to attacker (malware-backdoor.rules)
 * 1:7711 <-> DISABLED <-> MALWARE-BACKDOOR Amitis runtime command detection attacker to victim (malware-backdoor.rules)
 * 1:7642 <-> DISABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client response (malware-backdoor.rules)
 * 1:7641 <-> ENABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client-to-server (malware-backdoor.rules)
 * 1:7603 <-> DISABLED <-> PUA-ADWARE Snoopware big brother v3.5.1 outbound connection - connect to receiver (pua-adware.rules)
 * 1:7602 <-> DISABLED <-> PUA-ADWARE Snoopware big brother v3.5.1 outbound connection - connect to receiver - flowbit set (pua-adware.rules)
 * 1:7601 <-> DISABLED <-> PUA-ADWARE Snoopware big brother v3.5.1 outbound connection - connect to keyserver (pua-adware.rules)
 * 1:7589 <-> DISABLED <-> PUA-ADWARE Trickler urlblaze outbound connection - irc notification (pua-adware.rules)
 * 1:7600 <-> DISABLED <-> PUA-ADWARE Hijacker adtraffic outbound connection - notfound website search hijack and redirection (pua-adware.rules)
 * 1:7588 <-> DISABLED <-> PUA-ADWARE Trickler urlblaze outbound connection - files search or download (pua-adware.rules)
 * 1:7586 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool clandestine runtime detection - image transferred (malware-tools.rules)
 * 1:7585 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool clandestine runtime detection - flowbit set image (malware-tools.rules)
 * 1:7584 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool clandestine runtime detection - flowbit set open (malware-tools.rules)
 * 1:7583 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool clandestine runtime detection - flowbit set big (malware-tools.rules)
 * 1:7573 <-> DISABLED <-> PUA-ADWARE Trickler album galaxy outbound connection - p2p gnutella (pua-adware.rules)
 * 1:7570 <-> DISABLED <-> PUA-ADWARE Hijacker linkspider search bar outbound connection - ads (pua-adware.rules)
 * 1:7568 <-> DISABLED <-> MALWARE-OTHER Trackware webhancer runtime detection (malware-other.rules)
 * 1:7565 <-> DISABLED <-> PUA-ADWARE Hijacker adshooter.searchforit outbound connection - search engine (pua-adware.rules)
 * 1:7566 <-> DISABLED <-> PUA-ADWARE Hijacker adshooter.searchforit outbound connection - redirector (pua-adware.rules)
 * 1:7564 <-> DISABLED <-> PUA-ADWARE Hijacker startnow outbound connection (pua-adware.rules)
 * 1:7561 <-> DISABLED <-> MALWARE-OTHER Trackware purityscan runtime detection - opt out of interstitial advertising (malware-other.rules)
 * 1:7560 <-> DISABLED <-> MALWARE-OTHER Trackware purityscan runtime detection - self update (malware-other.rules)
 * 1:7559 <-> DISABLED <-> MALWARE-OTHER Trackware purityscan runtime detection - track user activity and status (malware-other.rules)
 * 1:7558 <-> DISABLED <-> MALWARE-OTHER Trackware purityscan runtime detection - installation notify (malware-other.rules)
 * 1:7557 <-> DISABLED <-> MALWARE-OTHER Trackware purityscan runtime detection - start up (malware-other.rules)
 * 1:7556 <-> DISABLED <-> PUA-ADWARE Hijacker blazefind outbound connection - search bar (pua-adware.rules)
 * 1:7543 <-> DISABLED <-> PUA-ADWARE Hijacker 2020search outbound connection (pua-adware.rules)
 * 1:7538 <-> DISABLED <-> PUA-ADWARE Screen-Scraper hidden camera outbound connection (pua-adware.rules)
 * 1:7542 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool mini oblivion runtime detection - successful init connection (malware-tools.rules)
 * 1:7189 <-> DISABLED <-> MALWARE-OTHER Trackware shopathome runtime detection - setcookie request (malware-other.rules)
 * 1:7536 <-> DISABLED <-> PUA-ADWARE Hijacker clearsearch variant outbound connection - popup (pua-adware.rules)
 * 1:7535 <-> DISABLED <-> PUA-ADWARE Hijacker clearsearch variant outbound connection - pass information (pua-adware.rules)
 * 1:7531 <-> DISABLED <-> PUA-ADWARE Trickler mediaseek.pl client outbound connection - login (pua-adware.rules)
 * 1:7530 <-> DISABLED <-> PUA-ADWARE Trickler mediaseek.pl client outbound connection - trickler (pua-adware.rules)
 * 1:7529 <-> DISABLED <-> PUA-ADWARE Snoopware halflife jacker outbound connection (pua-adware.rules)
 * 1:7524 <-> DISABLED <-> PUA-ADWARE Hijacker moneybar outbound connection - cgispy counter (pua-adware.rules)
 * 1:7517 <-> DISABLED <-> PUA-ADWARE Hijacker chinese keywords outbound connection (pua-adware.rules)
 * 1:7510 <-> DISABLED <-> PUA-ADWARE Trickler edonkey2000 outbound connection - version verification (pua-adware.rules)
 * 1:7509 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool coma runtime detection - ping (malware-tools.rules)
 * 1:7508 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool coma runtime detection - ping - flowbit set (malware-tools.rules)
 * 1:7507 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool coma runtime detection - init connection (malware-tools.rules)
 * 1:7506 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool coma runtime detection - init connection - flowbit set (malware-tools.rules)
 * 1:7194 <-> DISABLED <-> PUA-ADWARE Hijacker shopprreports outbound connection - services requests (pua-adware.rules)
 * 1:6224 <-> DISABLED <-> PUA-ADWARE Hijacker ieplugin outbound connection - search (pua-adware.rules)
 * 1:6213 <-> DISABLED <-> PUA-ADWARE Hijacker 7fasst outbound connection - auto requests (pua-adware.rules)
 * 1:7188 <-> DISABLED <-> PUA-ADWARE Hijacker shop at home select - merchant redirect in progress (pua-adware.rules)
 * 1:6206 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool sin stealer 1.1 runtime detection (malware-tools.rules)
 * 1:10090 <-> DISABLED <-> PUA-ADWARE Trickler zango easymessenger outbound connection (pua-adware.rules)
 * 1:6215 <-> DISABLED <-> PUA-ADWARE Hijacker 7fasst outbound connection - track (pua-adware.rules)
 * 1:7155 <-> DISABLED <-> PUA-ADWARE Trickler jubster outbound connection (pua-adware.rules)
 * 1:6245 <-> DISABLED <-> PUA-ADWARE Hijacker coolwebsearch startpage outbound connection (pua-adware.rules)
 * 1:6246 <-> DISABLED <-> PUA-ADWARE Hijacker exact navisearch outbound connection - search hijack (pua-adware.rules)
 * 1:6263 <-> DISABLED <-> PUA-ADWARE Hijacker gigatech superbar outbound connection - collect information (pua-adware.rules)
 * 1:6264 <-> DISABLED <-> PUA-ADWARE Hijacker gigatech superbar outbound connection - self update - movie (pua-adware.rules)
 * 1:7153 <-> DISABLED <-> PUA-ADWARE Hijacker cnsmin 3721 outbound connection - hijacking (pua-adware.rules)
 * 1:6265 <-> DISABLED <-> PUA-ADWARE Hijacker gigatech superbar outbound connection - self update - engine (pua-adware.rules)
 * 1:6266 <-> DISABLED <-> PUA-ADWARE Hijacker gigatech superbar outbound connection - self update - check update (pua-adware.rules)
 * 1:6267 <-> DISABLED <-> PUA-ADWARE Hijacker gigatech superbar outbound connection - self update - get update (pua-adware.rules)
 * 1:6268 <-> DISABLED <-> PUA-ADWARE Hijacker gigatech superbar outbound connection - self update - download exe (pua-adware.rules)
 * 1:7152 <-> DISABLED <-> PUA-ADWARE Hijacker cnsmin 3721 outbound connection - installation (pua-adware.rules)
 * 1:6269 <-> DISABLED <-> PUA-ADWARE Hijacker gigatech superbar outbound connection - track event (pua-adware.rules)
 * 1:6271 <-> DISABLED <-> PUA-ADWARE Trickler bundleware runtime detection (pua-adware.rules)
 * 1:6274 <-> DISABLED <-> BLACKLIST User-Agent known malicious user agent - Stubby (blacklist.rules)
 * 1:6275 <-> DISABLED <-> PUA-ADWARE Hijacker incredifind outbound connection - cookie (pua-adware.rules)
 * 1:7148 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool sars notifier runtime detection - cgi notification (malware-tools.rules)
 * 1:6279 <-> DISABLED <-> PUA-ADWARE Hijacker sidefind outbound connection (pua-adware.rules)
 * 1:6280 <-> DISABLED <-> PUA-ADWARE Hijacker sidefind outbound connection - cookie (pua-adware.rules)
 * 1:6283 <-> DISABLED <-> PUA-ADWARE Hijacker websearch outbound connection - sitereview (pua-adware.rules)
 * 1:7146 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool sars notifier runtime detection - sin notification (malware-tools.rules)
 * 1:6284 <-> DISABLED <-> PUA-ADWARE Hijacker websearch outbound connection - webstat (pua-adware.rules)
 * 1:6342 <-> DISABLED <-> PUA-ADWARE Hijacker spediabar outbound connection - info check (pua-adware.rules)
 * 1:6348 <-> DISABLED <-> PUA-ADWARE Snoopware zenosearch outbound connection (pua-adware.rules)
 * 1:6349 <-> DISABLED <-> PUA-ADWARE Hijacker richfind update detection (pua-adware.rules)
 * 1:7144 <-> DISABLED <-> PUA-ADWARE Hijacker cool search outbound connection (pua-adware.rules)
 * 1:6350 <-> DISABLED <-> PUA-ADWARE Hijacker richfind auto search redirect detection (pua-adware.rules)
 * 1:6351 <-> DISABLED <-> PUA-ADWARE Hijacker adblock update detection (pua-adware.rules)
 * 1:6352 <-> DISABLED <-> PUA-ADWARE Hijacker adblock auto search redirect detection (pua-adware.rules)
 * 1:6353 <-> DISABLED <-> PUA-ADWARE Hijacker adblock ie search assistant redirect detection (pua-adware.rules)
 * 1:7139 <-> DISABLED <-> PUA-ADWARE Other-Technologies clicktrojan outbound connection - fake search query (pua-adware.rules)
 * 1:6355 <-> DISABLED <-> PUA-ADWARE Trickler wsearch outbound connection - mp3 search (pua-adware.rules)
 * 1:6356 <-> DISABLED <-> PUA-ADWARE Trickler wsearch outbound connection - desktop search (pua-adware.rules)
 * 1:6358 <-> DISABLED <-> PUA-ADWARE Hijacker need2find search query detection (pua-adware.rules)
 * 1:6362 <-> DISABLED <-> BLACKLIST User-Agent known malicious user agent - MGS-Internal-Web-Manager (blacklist.rules)
 * 1:7138 <-> DISABLED <-> PUA-ADWARE Other-Technologies clicktrojan outbound connection - version check (pua-adware.rules)
 * 1:6365 <-> DISABLED <-> MALWARE-OTHER Sony rootkit runtime detection (malware-other.rules)
 * 1:6367 <-> DISABLED <-> PUA-ADWARE Trickler eacceleration downloadreceiver outbound connection - stop-sign ads (pua-adware.rules)
 * 1:6372 <-> DISABLED <-> PUA-ADWARE Trickler spyblocs eblocs detection - get wsliveup.dat (pua-adware.rules)
 * 1:6373 <-> DISABLED <-> PUA-ADWARE Trickler spyblocs eblocs detection - stbarpat.dat (pua-adware.rules)
 * 1:6374 <-> DISABLED <-> PUA-ADWARE Trickler spyblocs eblocs detection - get spyblpat.dat/spyblini.ini (pua-adware.rules)
 * 1:7137 <-> DISABLED <-> PUA-ADWARE Hijacker dsrch outbound connection - side search redirect (pua-adware.rules)
 * 1:6375 <-> DISABLED <-> PUA-ADWARE Trickler spyblocs.eblocs detection - register request (pua-adware.rules)
 * 1:6378 <-> DISABLED <-> PUA-ADWARE Hijacker adbars outbound connection - homepage hijack (pua-adware.rules)
 * 1:7136 <-> DISABLED <-> PUA-ADWARE Hijacker dsrch outbound connection - search assistant redirect (pua-adware.rules)
 * 1:6387 <-> DISABLED <-> PUA-ADWARE Hijacker internet optimizer outbound connection - autosearch hijack (pua-adware.rules)
 * 1:6388 <-> DISABLED <-> PUA-ADWARE Hijacker internet optimizer outbound connection - error page hijack (pua-adware.rules)
 * 1:6392 <-> DISABLED <-> PUA-ADWARE Hijacker zeropopup outbound connection (pua-adware.rules)
 * 1:6477 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool beee runtime detection - smtp (malware-tools.rules)
 * 1:6479 <-> DISABLED <-> PUA-ADWARE Snoopware totalvelocity zsearch outbound connection (pua-adware.rules)
 * 1:7130 <-> DISABLED <-> PUA-ADWARE Hijacker wowok mp3 bar outbound connection - search assissant hijacking (pua-adware.rules)
 * 1:6480 <-> DISABLED <-> PUA-ADWARE Hijacker cws.cameup outbound connection - home page (pua-adware.rules)
 * 1:6481 <-> DISABLED <-> PUA-ADWARE Hijacker cws.cameup outbound connection - search (pua-adware.rules)
 * 1:6489 <-> DISABLED <-> PUA-ADWARE Hijacker analyze IE outbound connection - default page hijacker (pua-adware.rules)
 * 1:10092 <-> DISABLED <-> MALWARE-OTHER Trackware russian searchbar runtime detection (malware-other.rules)
 * 1:7129 <-> DISABLED <-> PUA-ADWARE Hijacker wowok mp3 bar outbound connection - advertising 2 (pua-adware.rules)
 * 1:7128 <-> DISABLED <-> PUA-ADWARE Hijacker wowok mp3 bar outbound connection - advertising 1 (pua-adware.rules)
 * 1:7127 <-> DISABLED <-> PUA-ADWARE Hijacker wowok mp3 bar outbound connection - tracking (pua-adware.rules)
 * 1:7126 <-> DISABLED <-> PUA-ADWARE Hijacker trojan proxy atiup outbound connection - notification (pua-adware.rules)
 * 1:7125 <-> DISABLED <-> PUA-ADWARE Hijacker traffbest biz outbound connection - adv (pua-adware.rules)
 * 1:7124 <-> DISABLED <-> PUA-ADWARE Other-Technologies alfacleaner outbound connection - buy (pua-adware.rules)
 * 1:10438 <-> DISABLED <-> PUA-ADWARE Hijacker bazookabar outbound connection (pua-adware.rules)
 * 1:10166 <-> DISABLED <-> MALWARE-OTHER Trackware baigoo runtime detection (malware-other.rules)
 * 1:10091 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool spylply.a runtime detection (malware-tools.rules)
 * 1:10095 <-> DISABLED <-> MALWARE-OTHER Trackware bydou runtime detection (malware-other.rules)
 * 1:10437 <-> DISABLED <-> PUA-ADWARE Hijacker bazookabar outbound connection (pua-adware.rules)
 * 1:1122 <-> DISABLED <-> SERVER-WEBAPP /etc/passwd file access attempt (server-webapp.rules)
 * 1:11305 <-> DISABLED <-> PUA-ADWARE Snoopware childwebguardian outbound connection - send log through smtp (pua-adware.rules)
 * 1:11306 <-> DISABLED <-> PUA-ADWARE Snoopware childwebguardian outbound connection - udp broadcast (pua-adware.rules)
 * 1:11310 <-> DISABLED <-> PUA-ADWARE Trickler iowa webdownloader - icq notification (pua-adware.rules)
 * 1:11312 <-> DISABLED <-> MALWARE-OTHER Trackware uplink runtime detection (malware-other.rules)
 * 1:12123 <-> DISABLED <-> PUA-ADWARE Hijacker lookquick outbound connection - hijack ie (pua-adware.rules)
 * 1:12124 <-> DISABLED <-> PUA-ADWARE Hijacker lookquick outbound connection - monitor and collect user info (pua-adware.rules)
 * 1:12139 <-> DISABLED <-> MALWARE-OTHER Trackware stealth website logger 3.4 runtime detection (malware-other.rules)
 * 1:12140 <-> DISABLED <-> PUA-ADWARE Hijacker cnnic update outbound connection (pua-adware.rules)
 * 1:12230 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool hippynotify 2.0 runtime detection (malware-tools.rules)
 * 1:12290 <-> DISABLED <-> PUA-ADWARE Hijacker newdotnet quick! search outbound connection (pua-adware.rules)
 * 1:12295 <-> DISABLED <-> PUA-ADWARE Hijacker 3search outbound connection - hijacking (pua-adware.rules)
 * 1:12361 <-> DISABLED <-> PUA-ADWARE Infostealer.Monstres outbound connection (pua-adware.rules)
 * 1:12363 <-> DISABLED <-> PUA-ADWARE Other-Technologies malware-stopper outbound connection (pua-adware.rules)
 * 1:12365 <-> DISABLED <-> PUA-ADWARE Hijacker proventactics 3.5 outbound connection - redirect searches (pua-adware.rules)
 * 1:12367 <-> DISABLED <-> PUA-ADWARE Hijacker imesh mediabar outbound connection - hijack ie searches (pua-adware.rules)
 * 1:12368 <-> DISABLED <-> PUA-ADWARE Hijacker imesh mediabar outbound connection - hijack ie side search (pua-adware.rules)
 * 1:12369 <-> DISABLED <-> PUA-ADWARE Hijacker imesh mediabar outbound connection - collect user information (pua-adware.rules)
 * 1:12483 <-> DISABLED <-> PUA-ADWARE Other-Technologies virusprotectpro 3.7 outbound connection (pua-adware.rules)
 * 1:12623 <-> DISABLED <-> PUA-ADWARE Hijacker onestepsearch 1.0.118 outbound connection (pua-adware.rules)
 * 1:12624 <-> DISABLED <-> PUA-ADWARE Hijacker onestepsearch 1.0.118 outbound connection - upgrade (pua-adware.rules)
 * 1:12652 <-> DISABLED <-> PUA-ADWARE Hijacker new.net domain 7.2.2 outbound connection - hijack browser (pua-adware.rules)
 * 1:12653 <-> DISABLED <-> PUA-ADWARE Hijacker new.net domain 7.2.2 outbound connection - download code (pua-adware.rules)
 * 1:12654 <-> DISABLED <-> PUA-ADWARE Hijacker rabio 4.2 outbound connection - hijack browser (pua-adware.rules)
 * 1:12655 <-> DISABLED <-> PUA-ADWARE Hijacker rabio 4.2 outbound connection - download updates (pua-adware.rules)
 * 1:12659 <-> DISABLED <-> PUA-ADWARE Trickler zlob media codec outbound connection - automatic updates (pua-adware.rules)
 * 1:12660 <-> DISABLED <-> PUA-ADWARE Trickler zlob media codec outbound connection - download redirect domains (pua-adware.rules)
 * 1:12676 <-> DISABLED <-> PUA-ADWARE Conspy Update Checking Detected (pua-adware.rules)
 * 1:12678 <-> DISABLED <-> PUA-ADWARE SpyTech Realtime Spy Detection (pua-adware.rules)
 * 1:12693 <-> DISABLED <-> PUA-ADWARE Hijacker personalweb outbound connection (pua-adware.rules)
 * 1:12697 <-> DISABLED <-> MALWARE-OTHER Trackware browser accelerator runtime detection - pass user information to server (malware-other.rules)
 * 1:12718 <-> DISABLED <-> PUA-ADWARE Hijacker side find 1.0 outbound connection - initial connection (pua-adware.rules)
 * 1:12719 <-> DISABLED <-> PUA-ADWARE Hijacker side find 1.0 outbound connection - hijacks search engine (pua-adware.rules)
 * 1:12722 <-> DISABLED <-> PUA-ADWARE Hijacker sexyvideoscreensaver outbound connection (pua-adware.rules)
 * 1:12790 <-> DISABLED <-> MALWARE-OTHER Trackware partypoker runtime detection (malware-other.rules)
 * 1:12794 <-> DISABLED <-> PUA-ADWARE Hijacker gralicwrap outbound connection - search frauddb process (pua-adware.rules)
 * 1:12795 <-> DISABLED <-> PUA-ADWARE Hijacker gralicwrap outbound connection - display frauddb information (pua-adware.rules)
 * 1:13269 <-> DISABLED <-> OS-WINDOWS Multiple product nntp uri handling code execution attempt (os-windows.rules)
 * 1:13270 <-> DISABLED <-> OS-WINDOWS Multiple product news uri handling code execution attempt (os-windows.rules)
 * 1:13271 <-> DISABLED <-> OS-WINDOWS Multiple product telnet uri handling code execution attempt (os-windows.rules)
 * 1:13272 <-> DISABLED <-> OS-WINDOWS Multiple product mailto uri handling code execution attempt (os-windows.rules)
 * 1:13283 <-> DISABLED <-> PUA-ADWARE Hijacker dreambar outbound connection (pua-adware.rules)
 * 1:13285 <-> DISABLED <-> PUA-ADWARE Hijacker phazebar outbound connection (pua-adware.rules)
 * 1:13340 <-> DISABLED <-> PUA-ADWARE Hijacker search4top outbound connection - hijack ie searches and error pages (pua-adware.rules)
 * 1:13341 <-> DISABLED <-> PUA-ADWARE Hijacker search4top outbound connection - popup ads (pua-adware.rules)
 * 1:13346 <-> DISABLED <-> PUA-ADWARE Snoopware remote desktop inspector outbound connection - init connection (pua-adware.rules)
 * 1:13498 <-> DISABLED <-> PUA-ADWARE Hijacker hbtbar outbound connection - search traffic 1 (pua-adware.rules)
 * 1:13499 <-> DISABLED <-> PUA-ADWARE Hijacker hbtbar outbound connection - search traffic 2 (pua-adware.rules)
 * 1:13500 <-> DISABLED <-> PUA-ADWARE Hijacker hbtbar outbound connection - log information (pua-adware.rules)
 * 1:13556 <-> DISABLED <-> PUA-ADWARE Hijacker kword interkey outbound connection - search traffic 1 (pua-adware.rules)
 * 1:13557 <-> DISABLED <-> PUA-ADWARE Hijacker kword interkey outbound connection - search traffic 2 (pua-adware.rules)
 * 1:13558 <-> DISABLED <-> PUA-ADWARE Hijacker kword interkey outbound connection - log user info (pua-adware.rules)
 * 1:13565 <-> DISABLED <-> PUA-ADWARE Trickler iecodec outbound connection - initial traffic (pua-adware.rules)
 * 1:13566 <-> DISABLED <-> PUA-ADWARE Trickler iecodec outbound connection - message dialog (pua-adware.rules)
 * 1:13635 <-> DISABLED <-> PUA-ADWARE Trickler downloader trojan.gen outbound connection - get malicious link (pua-adware.rules)
 * 1:13636 <-> DISABLED <-> PUA-ADWARE Trickler downloader trojan.gen outbound connection - download malicious link (pua-adware.rules)
 * 1:13764 <-> ENABLED <-> PUA-ADWARE Snoopware xpress remote outbound connection - init connection (pua-adware.rules)
 * 1:13774 <-> DISABLED <-> PUA-ADWARE Trickler trojan ecodec outbound connection - initial server connection #1 (pua-adware.rules)
 * 1:13775 <-> DISABLED <-> PUA-ADWARE Trickler trojan ecodec outbound connection - initial server connection #2 (pua-adware.rules)
 * 1:13776 <-> DISABLED <-> MALWARE-OTHER Trackware syscleaner runtime detection - presale traffic (malware-other.rules)
 * 1:13813 <-> DISABLED <-> PUA-ADWARE Trickler mm.exe outbound connection (pua-adware.rules)
 * 1:13849 <-> DISABLED <-> PUA-ADWARE Hijacker rcse 4.4 outbound connection - hijack ie browser (pua-adware.rules)
 * 1:13852 <-> DISABLED <-> PUA-ADWARE Hijacker bitroll 5.0 outbound connection (pua-adware.rules)
 * 1:13866 <-> DISABLED <-> MALWARE-OTHER Trackware adclicker-fc.gen.a runtime detection - popup ads (malware-other.rules)
 * 1:13867 <-> DISABLED <-> MALWARE-OTHER Trackware adclicker-fc.gen.a runtime detection (malware-other.rules)
 * 1:13872 <-> DISABLED <-> PUA-ADWARE Trickler fushion 1.2.4.17 outbound connection - notice (pua-adware.rules)
 * 1:13873 <-> DISABLED <-> PUA-ADWARE Trickler fushion 1.2.4.17 outbound connection - underground traffic (pua-adware.rules)
 * 1:13930 <-> DISABLED <-> PUA-ADWARE Trickler pc privacy cleaner outbound connection - order/register request (pua-adware.rules)
 * 1:13931 <-> DISABLED <-> BLACKLIST User-Agent known malicious user agent - PcPcUpdater (blacklist.rules)
 * 1:13933 <-> DISABLED <-> MALWARE-OTHER Trackware rightonadz.biz adrotator runtime detection - ads (malware-other.rules)
 * 1:13938 <-> DISABLED <-> PUA-ADWARE Hijacker adware.win32.ejik.ec variant outbound connection (pua-adware.rules)
 * 1:13940 <-> DISABLED <-> PUA-ADWARE Hijacker win32.bho.bgf outbound connection (pua-adware.rules)
 * 1:13943 <-> DISABLED <-> PUA-ADWARE Trickler dropper agent.rqg outbound connection (pua-adware.rules)
 * 1:14057 <-> DISABLED <-> BLACKLIST User-Agent known malicious user agent - DMFR (blacklist.rules)
 * 1:14058 <-> DISABLED <-> PUA-ADWARE Hijacker cpush 2 outbound connection - pass info to controlling server (pua-adware.rules)
 * 1:14059 <-> DISABLED <-> BLACKLIST User-Agent known malicious user agent - CPUSH_HOMEPAGE (blacklist.rules)
 * 1:14060 <-> DISABLED <-> BLACKLIST User-Agent known malicious user agent - CPUSH_UPDATER (blacklist.rules)
 * 1:14061 <-> DISABLED <-> PUA-ADWARE Trickler antimalware guard runtime detection - order/register request (pua-adware.rules)
 * 1:14062 <-> DISABLED <-> PUA-ADWARE Trickler antimalware guard runtime detection - auto update (pua-adware.rules)
 * 1:14063 <-> DISABLED <-> PUA-ADWARE Hijacker cashon outbound connection - hijack ie searches (pua-adware.rules)
 * 1:14064 <-> DISABLED <-> PUA-ADWARE Hijacker cashon outbound connection - auto update (pua-adware.rules)
 * 1:15476 <-> DISABLED <-> PUA-ADWARE Waledac spam bot HTTP POST request (pua-adware.rules)
 * 1:15566 <-> ENABLED <-> PUA-ADWARE Gumblar HTTP GET request attempt (pua-adware.rules)
 * 1:15567 <-> ENABLED <-> PUA-ADWARE Martuz HTTP GET request attempt (pua-adware.rules)
 * 1:15684 <-> DISABLED <-> OS-WINDOWS Multiple product snews uri handling code execution attempt (os-windows.rules)
 * 1:16116 <-> DISABLED <-> MALWARE-OTHER Trackware rightonadz.biz adrotator runtime detection - pass user info to remote server (malware-other.rules)
 * 1:16117 <-> DISABLED <-> MALWARE-OTHER Trackware rightonadz.biz adrotator runtime detection - ads (malware-other.rules)
 * 1:16121 <-> DISABLED <-> PUA-ADWARE Hijacker weatherstudio outbound connection (pua-adware.rules)
 * 1:16122 <-> DISABLED <-> PUA-ADWARE rogue antivirus xp 2008 runtime detection - buy (pua-adware.rules)
 * 1:16123 <-> DISABLED <-> PUA-ADWARE rogue antivirus xp 2008 runtime detection - update (pua-adware.rules)
 * 1:16126 <-> DISABLED <-> PUA-ADWARE Trickler virusremover 2008 outbound connection (pua-adware.rules)
 * 1:16131 <-> DISABLED <-> MALWARE-OTHER Trackware adclicker trojan zlob.dnz runtime detection - ads (malware-other.rules)
 * 1:16132 <-> DISABLED <-> MALWARE-OTHER Trackware owlforce runtime detection - remote server #1 (malware-other.rules)
 * 1:16133 <-> DISABLED <-> MALWARE-OTHER Trackware owlforce runtime detection - remote server #2 (malware-other.rules)
 * 1:16136 <-> DISABLED <-> PUA-ADWARE Hijacker xp antispyware 2009 runtime detection - pre-sale webpage (pua-adware.rules)
 * 1:16138 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool 0desa msn pass stealer 8.5 runtime detection (malware-tools.rules)
 * 1:16244 <-> DISABLED <-> PUA-ADWARE rogue software xp police antivirus runtime detection - purchase (pua-adware.rules)
 * 1:16245 <-> DISABLED <-> PUA-ADWARE rogue software xp police antivirus install-timedetection (pua-adware.rules)
 * 1:16246 <-> DISABLED <-> PUA-ADWARE rogue software spyware protect 2009 outbound connection - purchase request (pua-adware.rules)
 * 1:16247 <-> DISABLED <-> PUA-ADWARE rogue software spyware protect 2009 outbound connection - block (pua-adware.rules)
 * 1:16248 <-> DISABLED <-> PUA-ADWARE rogue software ms antispyware 2009 runtime detection - start (pua-adware.rules)
 * 1:16249 <-> DISABLED <-> PUA-ADWARE rogue software ms antispyware 2009 runtime detection - pay (pua-adware.rules)
 * 1:16250 <-> DISABLED <-> PUA-ADWARE rogue software win pc defender outbound connection (pua-adware.rules)
 * 1:16251 <-> DISABLED <-> PUA-ADWARE rogue software win pc defender outbound connection (pua-adware.rules)
 * 1:16252 <-> DISABLED <-> PUA-ADWARE rogue software pro antispyware 2009 runtime detection - purchase (pua-adware.rules)
 * 1:16253 <-> DISABLED <-> PUA-ADWARE rogue software system security 2009 outbound connection (pua-adware.rules)
 * 1:16254 <-> DISABLED <-> PUA-ADWARE rogue software system security 2009 outbound connection (pua-adware.rules)
 * 1:16255 <-> DISABLED <-> PUA-ADWARE rogue software system security 2009 outbound connection (pua-adware.rules)
 * 1:16256 <-> DISABLED <-> PUA-ADWARE rogue software coreguard antivirus 2009 runtime detection (pua-adware.rules)
 * 1:16257 <-> DISABLED <-> PUA-ADWARE rogue software perfect defender 2009 outbound connection - update (pua-adware.rules)
 * 1:16258 <-> DISABLED <-> PUA-ADWARE rogue software perfect defender 2009 outbound connection - purchase (pua-adware.rules)
 * 1:16259 <-> DISABLED <-> PUA-ADWARE rogue software antivirusdoktor2009 runtime detection (pua-adware.rules)
 * 1:16260 <-> DISABLED <-> PUA-ADWARE rogue software xp antivirus protection runtime detection - installation (pua-adware.rules)
 * 1:16261 <-> DISABLED <-> PUA-ADWARE rogue software xp antivirus protection runtime detection - runtime (pua-adware.rules)
 * 1:16262 <-> DISABLED <-> PUA-ADWARE rogue software xp-shield outbound connection (pua-adware.rules)
 * 1:16263 <-> DISABLED <-> PUA-ADWARE rogue software xp-shield outbound connection - installation (pua-adware.rules)
 * 1:16264 <-> DISABLED <-> PUA-ADWARE rogue software 007 anti-spyware runtime detection - update (pua-adware.rules)
 * 1:16265 <-> DISABLED <-> PUA-ADWARE rogue software 007 anti-spyware runtime detection - register (pua-adware.rules)
 * 1:16266 <-> DISABLED <-> PUA-ADWARE rogue software pc antispyware 2010 runtime detection - buy (pua-adware.rules)
 * 1:16267 <-> DISABLED <-> PUA-ADWARE rogue software pc antispyware 2010 runtime detection - files (pua-adware.rules)
 * 1:16276 <-> DISABLED <-> PUA-ADWARE Trickler win32-fakealert.kl outbound connection (pua-adware.rules)
 * 1:16277 <-> DISABLED <-> PUA-ADWARE Trickler win32-fakealert.kl outbound connection - downloads malicious files (pua-adware.rules)
 * 1:16278 <-> DISABLED <-> PUA-ADWARE Trickler win32-fakealert.kl installime detection - updates remote server (pua-adware.rules)
 * 1:16279 <-> DISABLED <-> PUA-ADWARE rogue-software windows antivirus 2008 runtime detection - pre-sale page (pua-adware.rules)
 * 1:16280 <-> DISABLED <-> PUA-ADWARE rogue-software windows antivirus 2008 runtime detection - registration and payment page (pua-adware.rules)
 * 1:16365 <-> ENABLED <-> PUA-ADWARE OnlineGames download atttempt (pua-adware.rules)
 * 1:16456 <-> DISABLED <-> PUA-ADWARE Rogue-Software ang antivirus 09 runtime detection (pua-adware.rules)
 * 1:16494 <-> ENABLED <-> PUA-ADWARE Cutwail spambot server communication attempt (pua-adware.rules)
 * 1:16498 <-> ENABLED <-> PUA-ADWARE PC Antispyware 2010 FakeAV download/update attempt (pua-adware.rules)
 * 1:16683 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp CAF file processing integer overflow attempt (file-multimedia.rules)
 * 1:18171 <-> DISABLED <-> OS-WINDOWS Multiple product mailto uri handling code execution attempt (os-windows.rules)
 * 1:18172 <-> DISABLED <-> OS-WINDOWS Multiple product mailto uri handling code execution attempt (os-windows.rules)
 * 1:18173 <-> DISABLED <-> OS-WINDOWS Multiple product mailto uri handling code execution attempt (os-windows.rules)
 * 1:18247 <-> ENABLED <-> BLACKLIST User-Agent known malicious User-Agent ErrCode - W32/Fujacks.htm (blacklist.rules)
 * 1:18336 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string gbot/2.3 (blacklist.rules)
 * 1:18337 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string iamx/3.11 (blacklist.rules)
 * 1:18338 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string NSISDL/1.2 (blacklist.rules)
 * 1:18340 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string ClickAdsByIE 0.7.5 (blacklist.rules)
 * 1:18341 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string UtilMind HTTPGet (blacklist.rules)
 * 1:18342 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string NSIS_DOWNLOAD (blacklist.rules)
 * 1:18343 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string WSEnrichment (blacklist.rules)
 * 1:18345 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Macrovision_DM_2.4.15 (blacklist.rules)
 * 1:18346 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string GPRecover (blacklist.rules)
 * 1:18347 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string AutoIt (blacklist.rules)
 * 1:18348 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Opera/9.80 Pesto/2.2.15 (blacklist.rules)
 * 1:18349 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Flipopia (blacklist.rules)
 * 1:18350 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string GabPath (blacklist.rules)
 * 1:18351 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string GPUpdater (blacklist.rules)
 * 1:18352 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string PinballCorp-BSAI/VER_STR_COMMA (blacklist.rules)
 * 1:18354 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string opera/8.11 (blacklist.rules)
 * 1:18355 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Se2011 (blacklist.rules)
 * 1:18356 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string random (blacklist.rules)
 * 1:18357 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Setup Factory (blacklist.rules)
 * 1:18358 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string NSIS_INETLOAD (blacklist.rules)
 * 1:18359 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Shareaza (blacklist.rules)
 * 1:18360 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Oncues (blacklist.rules)
 * 1:18361 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Downloader1.1 (blacklist.rules)
 * 1:18362 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Search Toolbar 1.1 (blacklist.rules)
 * 1:18363 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string GPRecover (blacklist.rules)
 * 1:18364 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string msndown (blacklist.rules)
 * 1:18365 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Agentcc (blacklist.rules)
 * 1:18366 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string OCInstaller (blacklist.rules)
 * 1:18367 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string FPRecover (blacklist.rules)
 * 1:18368 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Our_Agent (blacklist.rules)
 * 1:18369 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string iexp-get (blacklist.rules)
 * 1:18370 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Mozilla Windows MSIE (blacklist.rules)
 * 1:18371 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string QvodDown (blacklist.rules)
 * 1:18373 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Installer (blacklist.rules)
 * 1:18374 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string MSDN SurfBear (blacklist.rules)
 * 1:18375 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string HTTP Wininet (blacklist.rules)
 * 1:18376 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Trololo (blacklist.rules)
 * 1:18377 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string malware (blacklist.rules)
 * 1:18378 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string AutoHotkey (blacklist.rules)
 * 1:18379 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string AskInstallChecker (blacklist.rules)
 * 1:18380 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string FPUpdater (blacklist.rules)
 * 1:18381 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Travel Update (blacklist.rules)
 * 1:18382 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string WMUpdate (blacklist.rules)
 * 1:18383 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string GPInstaller (blacklist.rules)
 * 1:18385 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string HTTPCSDCENTER (blacklist.rules)
 * 1:18386 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string AHTTPConnection (blacklist.rules)
 * 1:18387 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string dwplayer (blacklist.rules)
 * 1:18388 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string RookIE/1.0 (blacklist.rules)
 * 1:18389 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string 3653Client (blacklist.rules)
 * 1:18390 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Delphi 5.x (blacklist.rules)
 * 1:18391 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string MyLove (blacklist.rules)
 * 1:18392 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string qixi (blacklist.rules)
 * 1:18393 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string vyre32 (blacklist.rules)
 * 1:18394 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string OCRecover (blacklist.rules)
 * 1:18395 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Duckling/1.0 (blacklist.rules)
 * 1:18756 <-> ENABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe banner Windows 7/Server 2008R2 (indicator-compromise.rules)
 * 1:19026 <-> DISABLED <-> PUA-ADWARE Smart Protector outbound connection (pua-adware.rules)
 * 1:19043 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.BestBoan outbound connection (pua-adware.rules)
 * 1:19044 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.ThinkPoint outbound connection (pua-adware.rules)
 * 1:19046 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.Winwebsec outbound connection (pua-adware.rules)
 * 1:19053 <-> ENABLED <-> MALWARE-CNC Worm.Win32.Nusump.A contact to server attempt (malware-cnc.rules)
 * 1:19058 <-> ENABLED <-> MALWARE-CNC Worm.Win32.Faketube update request attempt (malware-cnc.rules)
 * 1:19059 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.SystemDefragmenter outbound connection (pua-adware.rules)
 * 1:19165 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Microsoft Internet Explorer (blacklist.rules)
 * 1:19175 <-> ENABLED <-> BLACKLIST User-Agent known malicious User-Agent wget 3.0 (blacklist.rules)
 * 1:19309 <-> DISABLED <-> PUA-ADWARE hijacker starware videos outbound connection (pua-adware.rules)
 * 1:19326 <-> DISABLED <-> PUA-ADWARE Classroom Spy Professional outbound connection - initial connection (pua-adware.rules)
 * 1:19327 <-> DISABLED <-> PUA-ADWARE Classroom Spy Professional outbound connection - initial connection (pua-adware.rules)
 * 1:19391 <-> DISABLED <-> PUA-ADWARE Lost Door v3.0 (pua-adware.rules)
 * 1:19399 <-> DISABLED <-> MALWARE-CNC Email Worm Win32.Zhelatin.ch outbound connection (malware-cnc.rules)
 * 1:19434 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string ErrCode (blacklist.rules)
 * 1:19453 <-> DISABLED <-> PUA-ADWARE Sus.BancDI-B trojan outbound connection (pua-adware.rules)
 * 1:19455 <-> DISABLED <-> MALWARE-CNC Worm.Win32.AutoRun.aw runtime detection (malware-cnc.rules)
 * 1:19478 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Taterf.B contact to server attempt (malware-cnc.rules)
 * 1:19479 <-> DISABLED <-> MALWARE-CNC Net-Worm.Win32.Piloyd.m contact to server attempt - request html (malware-cnc.rules)
 * 1:19481 <-> DISABLED <-> MALWARE-CNC Email-Worm.Win32.Agent.bx contact to server attempt (malware-cnc.rules)
 * 1:19486 <-> DISABLED <-> PUA-ADWARE W32.Fiala.A outbound connection (pua-adware.rules)
 * 1:19488 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Failnum.A contact to server attempt (malware-cnc.rules)
 * 1:19566 <-> DISABLED <-> PUA-ADWARE W32.Ackantta.C.mm mass-mailer outbound connection (pua-adware.rules)
 * 1:19567 <-> DISABLED <-> PUA-ADWARE W32.Ackantta.C.mm mass-mailer outbound connection (pua-adware.rules)
 * 1:19571 <-> DISABLED <-> PUA-ADWARE Antivirus Agent Pro outbound connection (pua-adware.rules)
 * 1:19576 <-> DISABLED <-> PUA-ADWARE Antivirus Pro 2010 outbound connection (pua-adware.rules)
 * 1:19578 <-> DISABLED <-> PUA-ADWARE Personal Guard 2009 outbound connection (pua-adware.rules)
 * 1:19594 <-> DISABLED <-> PUA-ADWARE Win32.Fruspam outbound connection (pua-adware.rules)
 * 1:19598 <-> DISABLED <-> PUA-ADWARE Infostealer.Gampass outbound connection (pua-adware.rules)
 * 1:19611 <-> DISABLED <-> BLACKLIST User-Agent known malicious User-Agent string INet - Win32.Virus.Jusabli.A (blacklist.rules)
 * 1:19717 <-> DISABLED <-> PUA-ADWARE Virus.Win32.Virut.ce outbound connection (pua-adware.rules)
 * 1:19719 <-> DISABLED <-> MALWARE-CNC Email-Worm.Win32.Bagle.of Runtime Detection (malware-cnc.rules)
 * 1:19740 <-> DISABLED <-> MALWARE-CNC Worm.Win32.AutoRun.aczu runtime detection (malware-cnc.rules)
 * 1:19775 <-> DISABLED <-> PUA-ADWARE PWS.Win32.Ldpinch.gen outbound connection (pua-adware.rules)
 * 1:19777 <-> DISABLED <-> PUA-ADWARE Fast Antivirus 2009 outbound connection (pua-adware.rules)
 * 1:19784 <-> DISABLED <-> MALWARE-CNC Worm.Win32.AutoRun.sde runtime detection (malware-cnc.rules)
 * 1:19821 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Bagle.gen.C runtime detection (malware-cnc.rules)
 * 1:19823 <-> DISABLED <-> PUA-ADWARE Downloader.Banload.AKBB outbound connection (pua-adware.rules)
 * 1:19827 <-> DISABLED <-> PUA-ADWARE PWS-QQGame outbound connection (pua-adware.rules)
 * 1:19835 <-> DISABLED <-> PUA-ADWARE Delphi-Piette Windows (pua-adware.rules)
 * 1:19837 <-> DISABLED <-> PUA-ADWARE Spyware Guard 2008 outbound connection (pua-adware.rules)
 * 1:19838 <-> DISABLED <-> PUA-ADWARE Spyware Guard 2008 outbound connection (pua-adware.rules)
 * 1:19839 <-> DISABLED <-> PUA-ADWARE Antivirus XP 2008 runtime detection (pua-adware.rules)
 * 1:19840 <-> DISABLED <-> PUA-ADWARE XP Antispyware 2009 outbound connection (pua-adware.rules)
 * 1:19841 <-> DISABLED <-> PUA-ADWARE 0desa MSN password stealer (pua-adware.rules)
 * 1:19842 <-> DISABLED <-> PUA-ADWARE Windows Antivirus 2008 (pua-adware.rules)
 * 1:19843 <-> DISABLED <-> PUA-ADWARE Windows Antivirus 2008 (pua-adware.rules)
 * 1:19850 <-> DISABLED <-> MALWARE-CNC Worm.Win32.AutoRun.qgg runtime detection (malware-cnc.rules)
 * 1:19851 <-> DISABLED <-> MALWARE-CNC Worm.Win32.AutoRun.qgg runtime detection (malware-cnc.rules)
 * 1:19853 <-> DISABLED <-> PUA-ADWARE Wowpa KI outbound connection (pua-adware.rules)
 * 1:19859 <-> DISABLED <-> PUA-ADWARE XP Deluxe Protector outbound connection (pua-adware.rules)
 * 1:19860 <-> DISABLED <-> PUA-ADWARE Trust Warrior outbound connection (pua-adware.rules)
 * 1:19902 <-> DISABLED <-> PUA-ADWARE Targetedbanner.biz Adrotator outbound connection (pua-adware.rules)
 * 1:19903 <-> DISABLED <-> PUA-ADWARE Win32.Agent.vvm outbound connection (pua-adware.rules)
 * 1:19904 <-> DISABLED <-> PUA-ADWARE WinReanimator outbound connection (pua-adware.rules)
 * 1:19908 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules)
 * 1:19939 <-> DISABLED <-> PUA-ADWARE WeatherStudio outbound connection (pua-adware.rules)
 * 1:19984 <-> DISABLED <-> PUA-ADWARE Antivirus 2010 outbound connection (pua-adware.rules)
 * 1:19985 <-> DISABLED <-> PUA-ADWARE AntivirusPC2009 runtime traffic detected (pua-adware.rules)
 * 1:19986 <-> DISABLED <-> PUA-ADWARE AntivirusPC2009 install-time traffic detected (pua-adware.rules)
 * 1:19987 <-> DISABLED <-> PUA-ADWARE PCLiveGuard outbound connection (pua-adware.rules)
 * 1:19989 <-> DISABLED <-> PUA-ADWARE Total Protect 2009 outbound connection (pua-adware.rules)
 * 1:19990 <-> DISABLED <-> PUA-ADWARE Total Protect 2009 outbound connection (pua-adware.rules)
 * 1:19994 <-> DISABLED <-> PUA-ADWARE Antivirus 360 outbound connection (pua-adware.rules)
 * 1:19999 <-> DISABLED <-> PUA-ADWARE ThreatNuker outbound connection (pua-adware.rules)
 * 1:20007 <-> DISABLED <-> PUA-ADWARE Cinmus.asaq outbound connection (pua-adware.rules)
 * 1:20025 <-> DISABLED <-> PUA-ADWARE VirusBye outbound connection (pua-adware.rules)
 * 1:20063 <-> DISABLED <-> PUA-ADWARE SecurityTool outbound connection (pua-adware.rules)
 * 1:20104 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string InfoBot (blacklist.rules)
 * 1:20105 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string IPHONE (blacklist.rules)
 * 1:20230 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string 0pera 10 (blacklist.rules)
 * 1:20231 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string Mozilla//4.0 (blacklist.rules)
 * 1:20293 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string MBVDFRESCT (blacklist.rules)
 * 1:20433 <-> DISABLED <-> PUA-ADWARE XP Guardian 2010 anutayadokalug host outbound connection (pua-adware.rules)
 * 1:20434 <-> DISABLED <-> PUA-ADWARE XP Guardian 2010 proantivirus21 host runtime traffic detection (pua-adware.rules)
 * 1:20516 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules)
 * 1:20581 <-> DISABLED <-> SCADA Broadwin WebAccess ActiveX clsid access (scada.rules)
 * 1:20582 <-> DISABLED <-> SCADA Broadwin WebAccess ActiveX clsid access (scada.rules)
 * 1:20752 <-> DISABLED <-> PUA-ADWARE Win32.GameVance outbound connection (pua-adware.rules)
 * 1:20753 <-> DISABLED <-> PUA-ADWARE Win32.GamePlayLabs outbound connection (pua-adware.rules)
 * 1:20820 <-> DISABLED <-> FILE-OTHER Oracle Java JNLP parameter argument injection attempt (file-other.rules)
 * 1:20915 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules)
 * 1:20916 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules)
 * 1:20988 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string ZmEu - vulnerability scanner (blacklist.rules)
 * 1:21169 <-> DISABLED <-> PUA-ADWARE Apperhand SDK advertising data request - Counterclank (pua-adware.rules)
 * 1:21175 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string Win32 Amti (blacklist.rules)
 * 1:21176 <-> DISABLED <-> PUA-ADWARE Win32.WindowsOptimizationAndSecurity outbound connection (pua-adware.rules)
 * 1:21184 <-> DISABLED <-> PUA-ADWARE Internet Security 2010 outbound connection (pua-adware.rules)
 * 1:21225 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string Flag (blacklist.rules)
 * 1:21342 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 zero length atom cprt field attempt (file-multimedia.rules)
 * 1:21380 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string - QvodDown (blacklist.rules)
 * 1:21444 <-> DISABLED <-> MALWARE-CNC TDSS outbound connection (malware-cnc.rules)
 * 1:21469 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string 1234567890 (blacklist.rules)
 * 1:21934 <-> ENABLED <-> PUA-ADWARE 888Poker install outbound connection attempt (pua-adware.rules)
 * 1:22104 <-> ENABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules)
 * 1:22105 <-> ENABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules)
 * 1:22106 <-> ENABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules)
 * 1:22107 <-> ENABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules)
 * 1:22108 <-> ENABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules)
 * 1:22109 <-> ENABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules)
 * 1:23159 <-> ENABLED <-> EXPLOIT-KIT Blackhole landing page download attempt (exploit-kit.rules)
 * 1:23212 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules)
 * 1:23246 <-> ENABLED <-> PUA-ADWARE Wajam Monitizer url outbound connection - post infection (pua-adware.rules)
 * 1:23247 <-> ENABLED <-> PUA-ADWARE Wajam Monitizer outbound connection - post infection (pua-adware.rules)
 * 1:23354 <-> ENABLED <-> SERVER-WEBAPP Novell iManager buffer overflow attempt (server-webapp.rules)
 * 1:23384 <-> DISABLED <-> SERVER-WEBAPP Novell Groupwise Messenger parameter memory corruption attempt (server-webapp.rules)
 * 1:23385 <-> DISABLED <-> SERVER-WEBAPP Novell Groupwise Messenger parameter memory corruption attempt (server-webapp.rules)
 * 1:23472 <-> ENABLED <-> PUA-ADWARE FakeAV landing page request (pua-adware.rules)
 * 1:23530 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (file-office.rules)
 * 1:23615 <-> ENABLED <-> MALWARE-CNC ACAD.Medre.A runtime detection (malware-cnc.rules)
 * 1:23693 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules)
 * 1:23863 <-> ENABLED <-> PUA-ADWARE LiveSecurityPlatinum.A outbound connection - initial connection (pua-adware.rules)
 * 1:23935 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zakahic variant outbound connection (malware-cnc.rules)
 * 1:23936 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zakahic variant outbound connection (malware-cnc.rules)
 * 1:23954 <-> DISABLED <-> MALWARE-OTHER Android SMSZombie APK file download (malware-other.rules)
 * 1:23969 <-> DISABLED <-> MALWARE-OTHER Android SMSZombie APK file download (malware-other.rules)
 * 1:24128 <-> DISABLED <-> OS-WINDOWS Microsoft SCCM ReportChart xss attempt (os-windows.rules)
 * 1:24406 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MiniFlame variant outbound connection (malware-cnc.rules)
 * 1:24407 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MiniFlame variant outbound connection (malware-cnc.rules)
 * 1:24498 <-> DISABLED <-> FILE-OTHER Oracle Java JNLP parameter argument injection attempt (file-other.rules)
 * 1:24499 <-> DISABLED <-> FILE-OTHER Oracle Java JNLP parameter argument injection attempt (file-other.rules)
 * 1:24533 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:24534 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (malware-cnc.rules)
 * 1:24539 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Ransom variant outbound connection (malware-cnc.rules)
 * 1:24541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Unebot outbound connection (malware-cnc.rules)
 * 1:24542 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Beystreet variant outbound connection (malware-cnc.rules)
 * 1:283 <-> DISABLED <-> BROWSER-OTHER Netscape 4.7 client overflow (browser-other.rules)
 * 1:311 <-> DISABLED <-> BROWSER-OTHER Netscape 4.7 unsucessful overflow (browser-other.rules)
 * 1:5743 <-> DISABLED <-> PUA-ADWARE Hijacker actualnames outbound connection - plugin list (pua-adware.rules)
 * 1:5744 <-> DISABLED <-> PUA-ADWARE Hijacker actualnames outbound connection - online.php request (pua-adware.rules)
 * 1:5745 <-> DISABLED <-> PUA-ADWARE Hijacker adultlinks outbound connection - redirect (pua-adware.rules)
 * 1:5746 <-> DISABLED <-> PUA-ADWARE Hijacker adultlinks outbound connection - load url (pua-adware.rules)
 * 1:5747 <-> DISABLED <-> PUA-ADWARE Hijacker adultlinks outbound connection - log hits (pua-adware.rules)
 * 1:5748 <-> DISABLED <-> PUA-ADWARE Hijacker adultlinks outbound connection - ads (pua-adware.rules)
 * 1:5754 <-> DISABLED <-> PUA-ADWARE Hijacker ezcybersearch outbound connection - ie auto search hijack (pua-adware.rules)
 * 1:5755 <-> DISABLED <-> PUA-ADWARE Hijacker ezcybersearch outbound connection - check update (pua-adware.rules)
 * 1:5756 <-> DISABLED <-> PUA-ADWARE Hijacker ezcybersearch outbound connection - add coolsites to ie favorites (pua-adware.rules)
 * 1:5758 <-> DISABLED <-> PUA-ADWARE Hijacker ezcybersearch outbound connection - download fastclick pop-under code (pua-adware.rules)
 * 1:5761 <-> DISABLED <-> PUA-ADWARE Trickler bearshare outbound connection - ads popup (pua-adware.rules)
 * 1:5762 <-> DISABLED <-> PUA-ADWARE Trickler bearshare outbound connection - p2p information request (pua-adware.rules)
 * 1:5763 <-> DISABLED <-> PUA-ADWARE Trickler bearshare outbound connection - chat request (pua-adware.rules)
 * 1:5764 <-> DISABLED <-> PUA-ADWARE Hijacker begin2search outbound connection - fcgi query (pua-adware.rules)
 * 1:5766 <-> DISABLED <-> PUA-ADWARE Hijacker begin2search outbound connection - install spyware trafficsector (pua-adware.rules)
 * 1:5767 <-> DISABLED <-> PUA-ADWARE Hijacker begin2search outbound connection - download unauthorized code (pua-adware.rules)
 * 1:5768 <-> DISABLED <-> PUA-ADWARE Hijacker begin2search outbound connection - pass information (pua-adware.rules)
 * 1:5769 <-> DISABLED <-> PUA-ADWARE Hijacker begin2search outbound connection - play bingo ads (pua-adware.rules)
 * 1:5771 <-> DISABLED <-> PUA-ADWARE Screen-Scraper farsighter outbound connection - initial connection (pua-adware.rules)
 * 1:5772 <-> DISABLED <-> PUA-ADWARE Screen-Scraper farsighter outbound connection - initial connection (pua-adware.rules)
 * 1:5775 <-> DISABLED <-> PUA-ADWARE Hijacker freescratch outbound connection - scratch card (pua-adware.rules)
 * 1:5776 <-> DISABLED <-> PUA-ADWARE Trickler grokster outbound connection (pua-adware.rules)
 * 1:5789 <-> DISABLED <-> BLACKLIST User-Agent known malicious user agent - ActMon (blacklist.rules)
 * 1:5791 <-> DISABLED <-> PUA-ADWARE Dialer pluginaccess outbound connection - get pin (pua-adware.rules)
 * 1:5792 <-> DISABLED <-> PUA-ADWARE Dialer pluginaccess outbound connection - active proxy (pua-adware.rules)
 * 1:5793 <-> DISABLED <-> PUA-ADWARE Dialer pluginaccess outbound connection - redirect (pua-adware.rules)
 * 1:5794 <-> DISABLED <-> PUA-ADWARE Hijacker coolwebsearch.aboutblank variant outbound connection (pua-adware.rules)
 * 1:5799 <-> DISABLED <-> BROWSER-PLUGINS mydailyhoroscope update or installation in progress (browser-plugins.rules)
 * 1:5800 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent - MyWay (blacklist.rules)
 * 1:5805 <-> ENABLED <-> MALWARE-OTHER Trackware myway speedbar runtime detection - switch engines (malware-other.rules)
 * 1:5807 <-> ENABLED <-> PUA-ADWARE Hijacker shopathomeselect outbound connection (pua-adware.rules)
 * 1:5809 <-> ENABLED <-> PUA-ADWARE Hijacker shop at home select merchant redirect in progress (pua-adware.rules)
 * 1:5810 <-> DISABLED <-> PUA-ADWARE Hijacker shop at home select installation in progress (pua-adware.rules)
 * 1:5811 <-> DISABLED <-> PUA-ADWARE shop at home select installation in progress - clsid detected (pua-adware.rules)
 * 1:5812 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - email notification (malware-tools.rules)
 * 1:5813 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - create redirection (malware-tools.rules)
 * 1:5814 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - create redirection (malware-tools.rules)
 * 1:5815 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - destory redirection (malware-tools.rules)
 * 1:5816 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - destory redirection (malware-tools.rules)
 * 1:5817 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - check status (malware-tools.rules)
 * 1:5818 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - check status (malware-tools.rules)
 * 1:5819 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - check status (malware-tools.rules)
 * 1:5820 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - destory log (malware-tools.rules)
 * 1:5821 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - destory log (malware-tools.rules)
 * 1:5822 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - view netstat (malware-tools.rules)
 * 1:5823 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - view netstat (malware-tools.rules)
 * 1:5829 <-> DISABLED <-> PUA-ADWARE Trickler clipgenie outbound connection (pua-adware.rules)
 * 1:5836 <-> DISABLED <-> PUA-ADWARE Trickler nictech.bm2 outbound connection (pua-adware.rules)
 * 1:5839 <-> DISABLED <-> MALWARE-OTHER Trackware ucmore runtime detection - click sponsor/ad link (malware-other.rules)
 * 1:5840 <-> DISABLED <-> PUA-ADWARE Hijacker sep outbound connection (pua-adware.rules)
 * 1:5841 <-> DISABLED <-> PUA-ADWARE Trickler minibug outbound connection - retrieve weather information (pua-adware.rules)
 * 1:5842 <-> DISABLED <-> PUA-ADWARE Trickler minibug outbound connection - ads (pua-adware.rules)
 * 1:5843 <-> DISABLED <-> PUA-ADWARE Hijacker surfsidekick outbound connection - hijack ie auto search (pua-adware.rules)
 * 1:5844 <-> DISABLED <-> PUA-ADWARE Hijacker surfsidekick outbound connection - post request (pua-adware.rules)
 * 1:5845 <-> DISABLED <-> PUA-ADWARE Hijacker surfsidekick outbound connection - update request (pua-adware.rules)
 * 1:5846 <-> DISABLED <-> PUA-ADWARE Trickler VX2/DLmax/BestOffers/Aurora outbound connection (pua-adware.rules)
 * 1:5855 <-> DISABLED <-> PUA-ADWARE Hijacker funbuddyicons outbound connection - request config (pua-adware.rules)
 * 1:5859 <-> DISABLED <-> PUA-ADWARE Hijacker daosearch outbound connection - information request (pua-adware.rules)
 * 1:5860 <-> DISABLED <-> PUA-ADWARE Hijacker daosearch outbound connection - search hijack (pua-adware.rules)
 * 1:5862 <-> DISABLED <-> PUA-ADWARE Hijacker isearch outbound connection - search hijack 1 (pua-adware.rules)
 * 1:5863 <-> DISABLED <-> PUA-ADWARE Hijacker isearch outbound connection - search hijack 2 (pua-adware.rules)
 * 1:5868 <-> DISABLED <-> PUA-ADWARE Hijacker couponbar outbound connection - view coupon offers (pua-adware.rules)
 * 1:5871 <-> DISABLED <-> PUA-ADWARE Trickler VX2/ABetterInternet transponder thinstaller outbound connection - post information (pua-adware.rules)
 * 1:5872 <-> DISABLED <-> PUA-ADWARE Snoopware hyperlinker outbound connection (pua-adware.rules)
 * 1:5873 <-> DISABLED <-> PUA-ADWARE Snoopware pc acme pro outbound connection (pua-adware.rules)
 * 1:5874 <-> DISABLED <-> PUA-ADWARE Snoopware pc acme pro outbound connection (pua-adware.rules)
 * 1:5875 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool eraser runtime detection - detonate (malware-tools.rules)
 * 1:5876 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool eraser runtime detection - disinfect (malware-tools.rules)
 * 1:5883 <-> ENABLED <-> PUA-ADWARE Other-Technologies saria 1.0 outbound connection - send user information (pua-adware.rules)
 * 1:5887 <-> ENABLED <-> PUA-ADWARE Hijacker shopnav outbound connection - ie search assistant hijack (pua-adware.rules)
 * 1:5888 <-> ENABLED <-> PUA-ADWARE Hijacker shopnav outbound connection - ie auto search hijack (pua-adware.rules)
 * 1:5889 <-> ENABLED <-> PUA-ADWARE Hijacker shopnav outbound connection - collect information (pua-adware.rules)
 * 1:5890 <-> DISABLED <-> PUA-ADWARE Hijacker shopnav outbound connection - self-update request 1 (pua-adware.rules)
 * 1:5891 <-> DISABLED <-> PUA-ADWARE Hijacker shopnav outbound connection - self-update request 2 (pua-adware.rules)
 * 1:5894 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool timbuktu pro runtime detection - smb (malware-tools.rules)
 * 1:5895 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool timbuktu pro runtime detection - tcp port 407 (malware-tools.rules)
 * 1:5896 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool timbuktu pro runtime detection - tcp port 407 (malware-tools.rules)
 * 1:5897 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool timbuktu pro runtime detection - udp port 407 (malware-tools.rules)
 * 1:5907 <-> ENABLED <-> MALWARE-OTHER Trackware e2give runtime detection - check update (malware-other.rules)
 * 1:5908 <-> ENABLED <-> MALWARE-OTHER Trackware e2give runtime detection - redirect affiliate site request 1 (malware-other.rules)
 * 1:5909 <-> ENABLED <-> MALWARE-OTHER Trackware e2give runtime detection - redirect affiliate site request 2 (malware-other.rules)
 * 1:5918 <-> DISABLED <-> PUA-ADWARE Hijacker painter outbound connection - ping 'alive' signal (pua-adware.rules)
 * 1:5919 <-> DISABLED <-> PUA-ADWARE Hijacker painter outbound connection - redirect to klikvipsearch (pua-adware.rules)
 * 1:5920 <-> DISABLED <-> PUA-ADWARE Hijacker painter outbound connection - redirect yahoo search through online-casino-searcher (pua-adware.rules)
 * 1:5933 <-> ENABLED <-> PUA-ADWARE Hijacker dropspam outbound connection - search request 1 (pua-adware.rules)
 * 1:5934 <-> ENABLED <-> PUA-ADWARE Hijacker dropspam outbound connection - search request 2 (pua-adware.rules)
 * 1:5935 <-> ENABLED <-> PUA-ADWARE Hijacker dropspam outbound connection - search request 3 (pua-adware.rules)
 * 1:5936 <-> ENABLED <-> PUA-ADWARE Hijacker dropspam outbound connection - side search (pua-adware.rules)
 * 1:5937 <-> ENABLED <-> PUA-ADWARE Hijacker dropspam outbound connection - pass information to its controlling server (pua-adware.rules)
 * 1:5938 <-> ENABLED <-> PUA-ADWARE Hijacker dropspam outbound connection - third party information collection (pua-adware.rules)
 * 1:5952 <-> DISABLED <-> PUA-ADWARE Hijacker 123mania outbound connection - autosearch hijacking (pua-adware.rules)
 * 1:5953 <-> DISABLED <-> PUA-ADWARE Hijacker 123mania outbound connection - sidesearch hijacking (pua-adware.rules)
 * 1:5956 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool ghostvoice 1.02 icq notification of server installation (malware-tools.rules)
 * 1:5957 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool ghostvoice 1.02 runtime detection (malware-tools.rules)
 * 1:5958 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool ghostvoice 1.02 runtime detection - init connection with password requirement (malware-tools.rules)
 * 1:5959 <-> DISABLED <-> PUA-ADWARE Hijacker raxsearch detection - send search keywords to raxsearch (pua-adware.rules)
 * 1:5960 <-> DISABLED <-> PUA-ADWARE Hijacker raxsearch detection - pop-up raxsearch window (pua-adware.rules)
 * 1:5961 <-> DISABLED <-> PUA-ADWARE Hijacker searchfast detection - news ticker (pua-adware.rules)
 * 1:5962 <-> DISABLED <-> PUA-ADWARE Hijacker searchfast detection - catch search keyword (pua-adware.rules)
 * 1:5963 <-> DISABLED <-> PUA-ADWARE Hijacker searchfast detection - search request (pua-adware.rules)
 * 1:5966 <-> DISABLED <-> PUA-ADWARE trackware searchinweb detection - search request (pua-adware.rules)
 * 1:5967 <-> DISABLED <-> PUA-ADWARE trackware searchinweb detection - click result links (pua-adware.rules)
 * 1:5968 <-> DISABLED <-> PUA-ADWARE trackware searchinweb detection - redirect (pua-adware.rules)
 * 1:5969 <-> DISABLED <-> PUA-ADWARE trackware searchinweb detection - collect information (pua-adware.rules)
 * 1:5971 <-> DISABLED <-> PUA-ADWARE hijacker smart finder detection - track hits (pua-adware.rules)
 * 1:5972 <-> DISABLED <-> PUA-ADWARE hijacker smart finder detection - ie autosearch hijack 1 (pua-adware.rules)
 * 1:5973 <-> DISABLED <-> PUA-ADWARE hijacker smart finder detection - search engines hijack (pua-adware.rules)
 * 1:5974 <-> DISABLED <-> PUA-ADWARE hijacker smart finder detection - pop-up ads (pua-adware.rules)
 * 1:5975 <-> DISABLED <-> PUA-ADWARE hijacker topfive searchassistant detection - search request (pua-adware.rules)
 * 1:5976 <-> DISABLED <-> PUA-ADWARE hijacker topfive searchassistant detection - side search (pua-adware.rules)
 * 1:5986 <-> DISABLED <-> BLACKLIST User-Agent known malicious user agent - TeomaBar (blacklist.rules)
 * 1:5991 <-> DISABLED <-> PUA-ADWARE Hijacker getmirar outbound connection - search request (pua-adware.rules)
 * 1:5993 <-> DISABLED <-> PUA-ADWARE Hijacker getmirar outbound connection - track activity (pua-adware.rules)
 * 1:5994 <-> DISABLED <-> PUA-ADWARE Hijacker getmirar outbound connection - click related button (pua-adware.rules)
 * 1:6196 <-> DISABLED <-> PUA-ADWARE Hijacker smart shopper outbound connection - services requests (pua-adware.rules)
 * 1:6197 <-> DISABLED <-> BLACKLIST User-Agent known malicious user agent - smrtshpr-cs (blacklist.rules)
 * 1:6199 <-> DISABLED <-> PUA-ADWARE Hijacker smart search outbound connection - hijack/ads (pua-adware.rules)
 * 1:6200 <-> DISABLED <-> PUA-ADWARE Hijacker smart search outbound connection - get settings (pua-adware.rules)
 * 1:6203 <-> DISABLED <-> PUA-ADWARE Trickler farmmext outbound connection - drk.syn request (pua-adware.rules)
 * 1:6204 <-> DISABLED <-> PUA-ADWARE Trickler farmmext outbound connection - track activity (pua-adware.rules)