Sourcefire VRT Update
Date: 2006-04-25
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.
The format of the file is:
sid - Message (rule group)
New rules: 5742 - SPYWARE-PUT Keylogger activitylogger runtime detection (spyware-put.rules) 5743 - SPYWARE-PUT Hijacker actualnames runtime detection - plugin list (spyware-put.rules) 5744 - SPYWARE-PUT Hijacker actualnames runtime detection - online.php request (spyware-put.rules) 5745 - SPYWARE-PUT Hijacker adultlinks runtime detection - redirect (spyware-put.rules) 5746 - SPYWARE-PUT Hijacker adultlinks runtime detection - load url (spyware-put.rules) 5747 - SPYWARE-PUT Hijacker adultlinks runtime detection - log hits (spyware-put.rules) 5748 - SPYWARE-PUT Hijacker adultlinks runtime detection - ads (spyware-put.rules) 5749 - SPYWARE-PUT Trackware alexa runtime detection (spyware-put.rules) 5750 - SPYWARE-PUT Adware dogpile runtime detection (spyware-put.rules) 5751 - SPYWARE-PUT Adware exactsearch runtime detection - switch search engine 1 (spyware-put.rules) 5752 - SPYWARE-PUT Adware exactsearch runtime detection - switch search engine 2 (spyware-put.rules) 5753 - SPYWARE-PUT Adware exactsearch runtime detection - topsearches (spyware-put.rules) 5754 - SPYWARE-PUT Hijacker ezcybersearch runtime detection - ie auto search hijack (spyware-put.rules) 5755 - SPYWARE-PUT Hijacker ezcybersearch runtime detection - check update (spyware-put.rules) 5756 - SPYWARE-PUT Hijacker ezcybersearch runtime detection - add coolsites to ie favorites (spyware-put.rules) 5757 - SPYWARE-PUT Hijacker ezcybersearch runtime detection - check toolbar setting (spyware-put.rules) 5758 - SPYWARE-PUT Hijacker ezcybersearch runtime detection - download fastclick pop-under code (spyware-put.rules) 5759 - SPYWARE-PUT Keylogger fearlesskeyspy runtime detection (spyware-put.rules) 5760 - SPYWARE-PUT Hijacker marketscore runtime detection (spyware-put.rules) 5761 - SPYWARE-PUT Trickler bearshare runtime detection - ads popup (spyware-put.rules) 5762 - SPYWARE-PUT Trickler bearshare runtime detection - p2p information request (spyware-put.rules) 5763 - SPYWARE-PUT Trickler bearshare runtime detection - chat request (spyware-put.rules) 5764 - SPYWARE-PUT Hijacker begin2search runtime detection - fcgi query (spyware-put.rules) 5765 - SPYWARE-PUT Hijacker begin2search runtime detection - ico query (spyware-put.rules) 5766 - SPYWARE-PUT Hijacker begin2search runtime detection - install spyware trafficsector (spyware-put.rules) 5767 - SPYWARE-PUT Hijacker begin2search runtime detection - download unauthorized code (spyware-put.rules) 5768 - SPYWARE-PUT Hijacker begin2search runtime detection - pass information (spyware-put.rules) 5769 - SPYWARE-PUT Hijacker begin2search runtime detection - play bingo ads (spyware-put.rules) 5770 - SPYWARE-PUT Snoopware casinoonnet runtime detection (spyware-put.rules) 5771 - SPYWARE-PUT Screen-Scraper farsighter runtime detection - initial connection (spyware-put.rules) 5772 - SPYWARE-PUT Screen-Scraper farsighter runtime detection - initial connection (spyware-put.rules) 5773 - SPYWARE-PUT Adware forbes runtime detection (spyware-put.rules) 5774 - SPYWARE-PUT Hijacker freescratch runtime detection - get card (spyware-put.rules) 5775 - SPYWARE-PUT Hijacker freescratch runtime detection - scratch card (spyware-put.rules) 5776 - SPYWARE-PUT Trickler grokster runtime detection (spyware-put.rules) 5777 - SPYWARE-PUT Keylogger gurl watcher runtime detection (spyware-put.rules) 5778 - SPYWARE-PUT Keylogger runtime detection - hwpe windows activity logs (spyware-put.rules) 5779 - SPYWARE-PUT Keylogger runtime detection - hwpe shell file logs (spyware-put.rules) 5780 - SPYWARE-PUT Keylogger runtime detection - hwpe word filtered echelon log (spyware-put.rules) 5781 - SPYWARE-PUT Keylogger runtime detection - hwae windows activity logs (spyware-put.rules) 5782 - SPYWARE-PUT Keylogger runtime detection - hwae word filtered echelon log (spyware-put.rules) 5783 - SPYWARE-PUT Keylogger runtime detection - hwae keystrokes log (spyware-put.rules) 5784 - SPYWARE-PUT Keylogger runtime detection - hwae urls browsed log (spyware-put.rules) 5785 - SPYWARE-PUT Adware hithopper runtime detection - get xml setting (spyware-put.rules) 5786 - SPYWARE-PUT Adware hithopper runtime detection - redirect (spyware-put.rules) 5787 - SPYWARE-PUT Adware hithopper runtime detection - search (spyware-put.rules) 5788 - SPYWARE-PUT Adware hithopper runtime detection - click toolbar buttons (spyware-put.rules) 5789 - SPYWARE-PUT keylogger pc actmon pro runtime detection - http (spyware-put.rules) 5790 - SPYWARE-PUT Keylogger pc actmon pro runtime detection - smtp (spyware-put.rules) 5791 - SPYWARE-PUT Dialer pluginaccess runtime detection - get pin (spyware-put.rules) 5792 - SPYWARE-PUT Dialer pluginaccess runtime detection - active proxy (spyware-put.rules) 5793 - SPYWARE-PUT Dialer pluginaccess runtime detection - redirect (spyware-put.rules) 5794 - SPYWARE-PUT Hijacker coolwebsearch.aboutblank variant runtime detection (spyware-put.rules) 5795 - SPYWARE-PUT Adware ist powerscan runtime detection (spyware-put.rules) 5796 - SPYWARE-PUT Adware keenvalue runtime detection (spyware-put.rules) 5797 - SPYWARE-PUT Hacker-Tool kontiki runtime detection (spyware-put.rules) 5798 - SPYWARE-PUT Adware mydailyhoroscope runtime detection (spyware-put.rules) 5799 - SPYWARE-PUT mydailyhoroscope update or installation in progress (spyware-put.rules) 5800 - SPYWARE-PUT Trackware myway speedbar runtime detection - request config (spyware-put.rules) 5801 - SPYWARE-PUT Trackware myway speedbar / mywebsearch toolbar runtime detection - track activity 1 (spyware-put.rules) 5802 - SPYWARE-PUT Trackware myway speedbar / mywebsearch toolbar runtime detection - track activity 2 (spyware-put.rules) 5803 - SPYWARE-PUT Trackware myway speedbar / mywebsearch toolbar runtime detection - collect information (spyware-put.rules) 5804 - SPYWARE-PUT Trackware myway speedbar / mywebsearch toolbar runtime detection - ads (spyware-put.rules) 5805 - SPYWARE-PUT Trackware myway speedbar runtime detection - switch engines (spyware-put.rules) 5806 - SPYWARE-PUT Hijacker searchmiracle-elitebar runtime detection (spyware-put.rules) 5807 - SPYWARE-PUT Hijacker shopathomeselect runtime detection (spyware-put.rules) 5808 - SPYWARE-PUT Hijacker shop at home search merchant redirect check (spyware-put.rules) 5809 - SPYWARE-PUT Hijacker shop at home select merchant redirect in progress (spyware-put.rules) 5810 - SPYWARE-PUT Hijacker shop at home select installation in progress (spyware-put.rules) 5811 - SPYWARE-PUT shop at home select installation in progress - clsid detected (spyware-put.rules) 5812 - SPYWARE-PUT Hacker-Tool stealthredirector runtime detection - email notification (spyware-put.rules) 5813 - SPYWARE-PUT Hacker-Tool stealthredirector runtime detection - create redirection (spyware-put.rules) 5814 - SPYWARE-PUT Hacker-Tool stealthredirector runtime detection - create redirection (spyware-put.rules) 5815 - SPYWARE-PUT Hacker-Tool stealthredirector runtime detection - destory redirection (spyware-put.rules) 5816 - SPYWARE-PUT Hacker-Tool stealthredirector runtime detection - destory redirection (spyware-put.rules) 5817 - SPYWARE-PUT Hacker-Tool stealthredirector runtime detection - check status (spyware-put.rules) 5818 - SPYWARE-PUT Hacker-Tool stealthredirector runtime detection - check status (spyware-put.rules) 5819 - SPYWARE-PUT Hacker-Tool stealthredirector runtime detection - check status (spyware-put.rules) 5820 - SPYWARE-PUT Hacker-Tool stealthredirector runtime detection - destory log (spyware-put.rules) 5821 - SPYWARE-PUT Hacker-Tool stealthredirector runtime detection - destory log (spyware-put.rules) 5822 - SPYWARE-PUT Hacker-Tool stealthredirector runtime detection - view netstat (spyware-put.rules) 5823 - SPYWARE-PUT Hacker-Tool stealthredirector runtime detection - view netstat (spyware-put.rules) 5824 - SPYWARE-PUT Dialer stripplayer runtime detection (spyware-put.rules) 5825 - SPYWARE-PUT Adware broadcasturban tuner runtime detection - start tuner (spyware-put.rules) 5826 - SPYWARE-PUT Adware broadcasturban tuner runtime detection - pass user info to server (spyware-put.rules) 5827 - SPYWARE-PUT Adware broadcasturban tuner runtime detection - get gateway (spyware-put.rules) 5828 - SPYWARE-PUT Adware broadcasturban tuner runtime detection - connect to station (spyware-put.rules) 5829 - SPYWARE-PUT Trickler clipgenie runtime detection (spyware-put.rules) 5830 - SPYWARE-PUT Hijacker comet systems runtime detection - track activity (spyware-put.rules) 5831 - SPYWARE-PUT Hijacker comet systems runtime detection - update requests (spyware-put.rules) 5832 - SPYWARE-PUT Hijacker comet systems runtime search detection - search request 1 (spyware-put.rules) 5833 - SPYWARE-PUT Hijacker comet systems runtime search detection - search request 2 (spyware-put.rules) 5834 - SPYWARE-PUT Trickler conscorr runtime detection (spyware-put.rules) 5835 - SPYWARE-PUT Adware gamespy_arcade runtime detection (spyware-put.rules) 5836 - SPYWARE-PUT Trickler nictech.bm2 runtime detection (spyware-put.rules) 5837 - SPYWARE-PUT Trackware ucmore runtime detection - track activity (spyware-put.rules) 5838 - SPYWARE-PUT Trackware ucmore runtime detection - get sponsor/ad links (spyware-put.rules) 5839 - SPYWARE-PUT Trackware ucmore runtime detection - click sponsor/ad link (spyware-put.rules) 5840 - SPYWARE-PUT Hijacker sep runtime detection (spyware-put.rules) 5841 - SPYWARE-PUT Trickler minibug runtime detection - retrieve weather information (spyware-put.rules) 5842 - SPYWARE-PUT Trickler minibug runtime detection - ads (spyware-put.rules) 5843 - SPYWARE-PUT Hijacker surfsidekick runtime detection - hijack ie auto search (spyware-put.rules) 5844 - SPYWARE-PUT Hijacker surfsidekick runtime detection - post request (spyware-put.rules) 5845 - SPYWARE-PUT Hijacker surfsidekick runtime detection - update request (spyware-put.rules) 5846 - SPYWARE-PUT Trickler vx2 localnrd runtime detection (spyware-put.rules) 5847 - SPYWARE-PUT Adware warez_p2p runtime detection - p2p client home (spyware-put.rules) 5848 - SPYWARE-PUT Adware warez_p2p runtime detection - ip.php request (spyware-put.rules) 5849 - SPYWARE-PUT Adware warez_p2p runtime detection - update request (spyware-put.rules) 5850 - SPYWARE-PUT Adware warez_p2p runtime detection - check update (spyware-put.rules) 5851 - SPYWARE-PUT Adware warez_p2p runtime detection - .txt .dat and .lst requests (spyware-put.rules) 5852 - SPYWARE-PUT Adware warez_p2p runtime detection - cache.dat request (spyware-put.rules) 5853 - SPYWARE-PUT Adware warez_p2p runtime detection - download ads (spyware-put.rules) 5854 - SPYWARE-PUT Adware warez_p2p runtime detection - pass user information (spyware-put.rules) 5855 - SPYWARE-PUT Hijacker funbuddyicons runtime detection - request config (spyware-put.rules) 5856 - SPYWARE-PUT Hijacker funbuddyicons runtime detection - funwebproducts user-agent string (spyware-put.rules) 5857 - SPYWARE-PUT Hijacker funbuddyicons runtime detection - mysaconfg request (spyware-put.rules) 5858 - SPYWARE-PUT Adware praizetoolbar runtime detection (spyware-put.rules) 5859 - SPYWARE-PUT Hijacker daosearch runtime detection - information request (spyware-put.rules) 5860 - SPYWARE-PUT Hijacker daosearch runtime detection - search hijack (spyware-put.rules) 5861 - SPYWARE-PUT Hijacker isearch runtime detection - toolbar information request (spyware-put.rules) 5862 - SPYWARE-PUT Hijacker isearch runtime detection - search hijack 1 (spyware-put.rules) 5863 - SPYWARE-PUT Hijacker isearch runtime detection - search hijack 2 (spyware-put.rules) 5864 - SPYWARE-PUT Hijacker isearch runtime detection - search in toolbar (spyware-put.rules) 5865 - SPYWARE-PUT Adware zapspot runtime detection - pop up ads (spyware-put.rules) 5866 - SPYWARE-PUT Hijacker couponbar runtime detection - download new coupon offers and links (spyware-put.rules) 5867 - SPYWARE-PUT Hijacker couponbar runtime detection - get updates to toolbar buttons (spyware-put.rules) 5868 - SPYWARE-PUT Hijacker couponbar runtime detection - view coupon offers (spyware-put.rules) 5869 - SPYWARE-PUT Trickler VX2/ABetterInternet transponder thinstaller runtime detection - download request 1 (spyware-put.rules) 5870 - SPYWARE-PUT Trickler VX2/ABetterInternet transponder thinstaller runtime detection - download request 2 (spyware-put.rules) 5871 - SPYWARE-PUT Trickler VX2/ABetterInternet transponder thinstaller runtime detection - post information (spyware-put.rules) 5872 - SPYWARE-PUT Snoopware hyperlinker runtime detection (spyware-put.rules) 5873 - SPYWARE-PUT Snoopware pc acme pro runtime detection (spyware-put.rules) 5874 - SPYWARE-PUT Snoopware pc acme pro runtime detection (spyware-put.rules) 5875 - SPYWARE-PUT Hacker-Tool eraser runtime detection - detonate (spyware-put.rules) 5876 - SPYWARE-PUT Hacker-Tool eraser runtime detection - disinfect (spyware-put.rules) 5877 - SPYWARE-PUT Adware trustyfiles v2.4.0.4 runtime detection - startup access (spyware-put.rules) 5878 - SPYWARE-PUT Adware trustyfiles v2.4.0.4 runtime detection - configuration retrieval (spyware-put.rules) 5879 - SPYWARE-PUT Adware trustyfiles v2.4.0.4 runtime detection - update notification (spyware-put.rules) 5880 - SPYWARE-PUT Keylogger spyagent runtime detect - smtp delivery (spyware-put.rules) 5881 - SPYWARE-PUT Keylogger spyagent runtime detect - ftp delivery (spyware-put.rules) 5882 - SPYWARE-PUT Keylogger spyagent runtime detect - alert notification (spyware-put.rules) 5883 - SPYWARE-PUT Other-Technologies saria 1.0 runtime detection - send user information (spyware-put.rules) 5884 - SPYWARE-PUT Hijacker copernic meta toolbar runtime detection - check toolbar + category info (spyware-put.rules) 5885 - SPYWARE-PUT Hijacker copernic meta toolbar runtime detection - ie autosearch + search assistant hijack (spyware-put.rules) 5886 - SPYWARE-PUT Hijacker copernic meta toolbar runtime detection - pass info to server (spyware-put.rules) 5887 - SPYWARE-PUT Hijacker shopnav runtime detection - ie search assistant hijack (spyware-put.rules) 5888 - SPYWARE-PUT Hijacker shopnav runtime detection - ie auto search hijack (spyware-put.rules) 5889 - SPYWARE-PUT Hijacker shopnav runtime detection - collect information (spyware-put.rules) 5890 - SPYWARE-PUT Hijacker shopnav runtime detection - self-update request 1 (spyware-put.rules) 5891 - SPYWARE-PUT Hijacker shopnav runtime detection - self-update request 2 (spyware-put.rules) 5892 - SPYWARE-PUT Trackware wordiq toolbar runtime detection - get link info (spyware-put.rules) 5893 - SPYWARE-PUT Trackware wordiq toolbar runtime detection - search keyword (spyware-put.rules) 5894 - SPYWARE-PUT Hacker-Tool timbuktu pro runtime detection - smb (spyware-put.rules) 5895 - SPYWARE-PUT Hacker-Tool timbuktu pro runtime detection - tcp port 407 (spyware-put.rules) 5896 - SPYWARE-PUT Hacker-Tool timbuktu pro runtime detection - tcp port 407 (spyware-put.rules) 5897 - SPYWARE-PUT Hacker-Tool timbuktu pro runtime detection - udp port 407 (spyware-put.rules) 5898 - SPYWARE-PUT Trackware adtools runtime etection - track user activity (spyware-put.rules) 5899 - SPYWARE-PUT Trackware adtools-screenmate runtime etection - generate desktop alert (spyware-put.rules) 5900 - SPYWARE-PUT Trackware adtools-communicator runtime etection - collect information (spyware-put.rules) 5901 - SPYWARE-PUT Trackware adtools-communicator runtime etection - download self-update (spyware-put.rules) 5902 - SPYWARE-PUT Adware download accelerator plus runtime detection - startup (spyware-put.rules) 5903 - SPYWARE-PUT Adware download accelerator plus runtime detection - get ads (spyware-put.rules) 5904 - SPYWARE-PUT Adware download accelerator plus runtime detection - download files (spyware-put.rules) 5905 - SPYWARE-PUT Adware download accelerator plus runtime detection - games center request (spyware-put.rules) 5906 - SPYWARE-PUT Adware download accelerator plus runtime detection - update (spyware-put.rules) 5907 - SPYWARE-PUT Trackware e2give runtime detection - check update (spyware-put.rules) 5908 - SPYWARE-PUT Trackware e2give runtime detection - redirect affiliate site request 1 (spyware-put.rules) 5909 - SPYWARE-PUT Trackware e2give runtime detection - redirect affiliate site request 2 (spyware-put.rules) 5910 - SPYWARE-PUT Trackware casalemedia runtime detection (spyware-put.rules) 5911 - SPYWARE-PUT Adware smartpops runtime detection (spyware-put.rules) 5912 - SPYWARE-PUT Hijacker webcrawler runtime detection (spyware-put.rules) 5913 - SPYWARE-PUT Trickler smasoft webdownloader runtime detection (spyware-put.rules) 5914 - SPYWARE-PUT Hijacker locatorstoolbar runtime detection - configuration download (spyware-put.rules) 5915 - SPYWARE-PUT Hijacker locatorstoolbar runtime detection - autosearch hijack (spyware-put.rules) 5916 - SPYWARE-PUT Hijacker locatorstoolbar runtime detection - sidebar search (spyware-put.rules) 5917 - SPYWARE-PUT Hijacker locatorstoolbar runtime detection - toolbar search (spyware-put.rules) 5918 - SPYWARE-PUT Hijacker painter runtime detection - ping 'alive' signal (spyware-put.rules) 5919 - SPYWARE-PUT Hijacker painter runtime detection - redirect to klikvipsearch (spyware-put.rules) 5920 - SPYWARE-PUT Hijacker painter runtime detection - redirect yahoo search through online-casino-searcher (spyware-put.rules) 5921 - SPYWARE-PUT Trackware fftoolbar toolbar runtime detection - send user url request (spyware-put.rules) 5922 - SPYWARE-PUT Trackware fftoolbar toolbar runtime detection - display advertisement news (spyware-put.rules) 5923 - SPYWARE-PUT Adware active shopper runtime detection - side search request (spyware-put.rules) 5924 - SPYWARE-PUT Adware active shopper runtime detection - redirect (spyware-put.rules) 5925 - SPYWARE-PUT Adware active shopper runtime detection - check (spyware-put.rules) 5926 - SPYWARE-PUT Adware active shopper runtime detection - collect information (spyware-put.rules) 5927 - SPYWARE-PUT Adware cashbar runtime detection - .smx requests (spyware-put.rules) 5928 - SPYWARE-PUT Adware cashbar runtime detection - ads request (spyware-put.rules) 5929 - SPYWARE-PUT Adware cashbar runtime detection - pop-up ad 1 (spyware-put.rules) 5930 - SPYWARE-PUT Adware cashbar runtime detection - pop-up ad 2 (spyware-put.rules) 5931 - SPYWARE-PUT Adware cashbar runtime detection - stats track 1 (spyware-put.rules) 5932 - SPYWARE-PUT Adware cashbar runtime detection - stats track 2 (spyware-put.rules) 5933 - SPYWARE-PUT Hijacker dropspam runtime detection - search request 1 (spyware-put.rules) 5934 - SPYWARE-PUT Hijacker dropspam runtime detection - search request 2 (spyware-put.rules) 5935 - SPYWARE-PUT Hijacker dropspam runtime detection - search request 3 (spyware-put.rules) 5936 - SPYWARE-PUT Hijacker dropspam runtime detection - side search (spyware-put.rules) 5937 - SPYWARE-PUT Hijacker dropspam runtime detection - pass information to its controlling server (spyware-put.rules) 5938 - SPYWARE-PUT Hijacker dropspam runtime detection - third party information collection (spyware-put.rules) 5939 - SPYWARE-PUT Trackware supreme toolbar runtime detection - get cfg (spyware-put.rules) 5940 - SPYWARE-PUT Trackware supreme toolbar runtime detection - search request (spyware-put.rules) 5941 - SPYWARE-PUT Trackware supreme toolbar runtime detection - track (spyware-put.rules) 5942 - SPYWARE-PUT Trackware supreme toolbar runtime detection - pass information to its controlling server (spyware-put.rules) 5943 - SPYWARE-PUT Trackware supreme toolbar runtime detection - third party information collection (spyware-put.rules) 5944 - SPYWARE-PUT Adware free access bar runtime detection 1 (spyware-put.rules) 5945 - SPYWARE-PUT Adware weirdontheweb runtime detection - track.cgi request (spyware-put.rules) 5946 - SPYWARE-PUT Adware weirdontheweb runtime detection - monitor user web activity (spyware-put.rules) 5947 - SPYWARE-PUT Adware weirdontheweb runtime detection - log url (spyware-put.rules) 5948 - SPYWARE-PUT Adware weirdontheweb runtime detection - update notifier (spyware-put.rules) 5949 - SPYWARE-PUT Trackware iggsey toolbar detection - simpleticker.htm request (spyware-put.rules) 5950 - SPYWARE-PUT Trackware iggsey toolbar detection - pass information to server (spyware-put.rules) 5951 - SPYWARE-PUT Trackware iggsey toolbar detection - search request (spyware-put.rules) 5952 - SPYWARE-PUT Hijacker 123mania runtime detection - autosearch hijacking (spyware-put.rules) 5953 - SPYWARE-PUT Hijacker 123mania runtime detection - sidesearch hijacking (spyware-put.rules) 5954 - SPYWARE-PUT Trackware browserpal runtime detection - post user info to server (spyware-put.rules) 5955 - SPYWARE-PUT Trackware browserpal runtime detection - adblocker function (spyware-put.rules) 5956 - SPYWARE-PUT Hacker-Tool ghostvoice 1.02 icq notification of server installation (spyware-put.rules) 5957 - SPYWARE-PUT Hacker-Tool ghostvoice 1.02 runtime detection (spyware-put.rules) 5958 - SPYWARE-PUT Hacker-Tool ghostvoice 1.02 runtime detection - init connection with password requirement (spyware-put.rules) 5959 - SPYWARE-PUT Hijacker raxsearch detection - send search keywords to raxsearch (spyware-put.rules) 5960 - SPYWARE-PUT Hijacker raxsearch detection - pop-up raxsearch window (spyware-put.rules) 5961 - SPYWARE-PUT Hijacker searchfast detection - news ticker (spyware-put.rules) 5962 - SPYWARE-PUT Hijacker searchfast detection - catch search keyword (spyware-put.rules) 5963 - SPYWARE-PUT Hijacker searchfast detection - search request (spyware-put.rules) 5964 - SPYWARE-PUT Hijacker searchfast detection - track user activity + get 'relates links' of the toolbar (spyware-put.rules) 5965 - SPYWARE-PUT Hijacker searchfast detection - get toolbar cfg (spyware-put.rules) 5966 - SPYWARE-PUT trackware searchinweb detection - search request (spyware-put.rules) 5967 - SPYWARE-PUT trackware searchinweb detection - click result links (spyware-put.rules) 5968 - SPYWARE-PUT trackware searchinweb detection - redirect (spyware-put.rules) 5969 - SPYWARE-PUT trackware searchinweb detection - collect information (spyware-put.rules) 5970 - SPYWARE-PUT hijacker smart finder detection - keys update (spyware-put.rules) 5971 - SPYWARE-PUT hijacker smart finder detection - track hits (spyware-put.rules) 5972 - SPYWARE-PUT hijacker smart finder detection - ie autosearch hijack 1 (spyware-put.rules) 5973 - SPYWARE-PUT hijacker smart finder detection - search engines hijack (spyware-put.rules) 5974 - SPYWARE-PUT hijacker smart finder detection - pop-up ads (spyware-put.rules) 5975 - SPYWARE-PUT hijacker topfive searchassistant detection - search request (spyware-put.rules) 5976 - SPYWARE-PUT hijacker topfive searchassistant detection - side search (spyware-put.rules) 5977 - SPYWARE-PUT hijacker topfive searchassistant detection - post user information to server (spyware-put.rules) 5978 - SPYWARE-PUT hijacker topfive searchassistant detection - update (spyware-put.rules) 5979 - SPYWARE-PUT Trackware anwb toolbar runtime detection - track user ip address (spyware-put.rules) 5980 - SPYWARE-PUT Trackware anwb toolbar runtime detection - display advertisement (spyware-put.rules) 5981 - SPYWARE-PUT Hijacker seeqtoolbar runtime detection - autosearch hijack or search in toolbar (spyware-put.rules) 5982 - SPYWARE-PUT Hijacker seeqtoolbar runtime detection - email login page (spyware-put.rules) 5983 - SPYWARE-PUT Adware powerstrip runtime detection (spyware-put.rules) 5984 - SPYWARE-PUT Trackware push toolbar installtime detection - user information collect (spyware-put.rules) 5985 - SPYWARE-PUT Trackware push toolbar runtime detection - toolbar information request (spyware-put.rules) 5986 - SPYWARE-PUT Trickler teomasearchbar runtime detection (spyware-put.rules) 5987 - SPYWARE-PUT Hijacker wishbone runtime detection (spyware-put.rules) 5988 - SPYWARE-PUT Trackware windupdates-mediagateway runtime detection - post data (spyware-put.rules) 5989 - SPYWARE-PUT Adware broadcastpc runtime detection - get config (spyware-put.rules) 5990 - SPYWARE-PUT Adware broadcastpc runtime detection - get up-to-date movie/tv/ad information (spyware-put.rules) 5991 - SPYWARE-PUT Hijacker getmirar runtime detection - search request (spyware-put.rules) 5992 - SPYWARE-PUT Hijacker getmirar runtime detection - get keyword-related content (spyware-put.rules) 5993 - SPYWARE-PUT Hijacker getmirar runtime detection - track activity (spyware-put.rules) 5994 - SPYWARE-PUT Hijacker getmirar runtime detection - click related button (spyware-put.rules) 5995 - SPYWARE-PUT Adware offeragent runtime detection - information checking (spyware-put.rules) 5996 - SPYWARE-PUT Adware offeragent runtime detection - ads request (spyware-put.rules) 6012 - BACKDOOR coolcat runtime connection detection - tcp 1 (backdoor.rules) 6013 - BACKDOOR coolcat runtime connection detection - tcp 2 (backdoor.rules) 6014 - BACKDOOR coolcat runtime connection detection - tcp 3 (backdoor.rules) 6015 - BACKDOOR dsk lite 1.0 runtime detection - initial connection (backdoor.rules) 6016 - BACKDOOR dsk lite 1.0 runtime detection - initial connection (backdoor.rules) 6017 - BACKDOOR dsk lite 1.0 runtime detection - disconnect (backdoor.rules) 6018 - BACKDOOR dsk lite 1.0 runtime detection - icq notification (backdoor.rules) 6019 - BACKDOOR dsk lite 1.0 runtime detection - cgi notification (backdoor.rules) 6020 - BACKDOOR dsk lite 1.0 runtime detection - php notification (backdoor.rules) 6021 - BACKDOOR silent spy 2.10 runtime detection - init connection (backdoor.rules) 6022 - BACKDOOR silent spy 2.10 runtime detection - init connection (backdoor.rules) 6023 - BACKDOOR silent spy 2.10 runtime detection - icq notification (backdoor.rules) 6024 - BACKDOOR nuclear rat v6_21 runtime detection (backdoor.rules) 6025 - BACKDOOR tequila bandita 1.2 runtime detection - reverse connection (backdoor.rules) 6026 - BACKDOOR dimbus 1.0 runtime detection - get pc info (backdoor.rules) 6027 - BACKDOOR netshadow runtime detection (backdoor.rules) 6028 - BACKDOOR cyberpaky runtime detection (backdoor.rules) 6029 - BACKDOOR fkwp 2.0 runtime detection - icq notification (backdoor.rules) 6030 - BACKDOOR fkwp 2.0 runtime detection - connection attempt client-to-server (backdoor.rules) 6031 - BACKDOOR fkwp 2.0 runtime detection - connection attempt server-to-client (backdoor.rules) 6032 - DELETED BACKDOOR fkwp 2.0 runtime detection - conn success-cts (deleted.rules) 6033 - BACKDOOR fkwp 2.0 runtime detection - connection success (backdoor.rules) 6034 - BACKDOOR minicommand runtime detection - initial connection client-to-server (backdoor.rules) 6035 - BACKDOOR minicommand runtime detection - initial connection server-to-client (backdoor.rules) 6036 - BACKDOOR minicommand runtime detection - directory listing server-to-client (backdoor.rules) 6037 - BACKDOOR netbus 1.7 runtime detection - email notification (backdoor.rules) 6038 - DELETED BACKDOOR netbus 1.7 runtime detection - initial connection (deleted.rules) 6039 - BACKDOOR fade 1.0 runtime detection - notification (backdoor.rules) 6040 - BACKDOOR fade 1.0 runtime detection - enable keylogger (backdoor.rules) 6041 - BACKDOOR fade 1.0 runtime detection - enable keylogger (backdoor.rules) 6042 - BACKDOOR fear 0.2 runtime detection - php notification (backdoor.rules) 6043 - BACKDOOR fear 0.2 runtime detection - cgi notification (backdoor.rules) 6044 - BACKDOOR fear 0.2 runtime detection - initial connection (backdoor.rules) 6045 - BACKDOOR fear 0.2 runtime detection - initial connection (backdoor.rules) 6046 - BACKDOOR fear 0.2 runtime detection - initial connection (backdoor.rules) 6047 - BACKDOOR fun factory runtime detection - connect (backdoor.rules) 6048 - BACKDOOR fun factory runtime detection - connect (backdoor.rules) 6049 - BACKDOOR fun factory runtime detection - upload (backdoor.rules) 6050 - BACKDOOR fun factory runtime detection - upload (backdoor.rules) 6051 - BACKDOOR fun factory runtime detection - set volume (backdoor.rules) 6052 - BACKDOOR fun factory runtime detection - set volume (backdoor.rules) 6053 - BACKDOOR fun factory runtime detection - do script remotely (backdoor.rules) 6054 - BACKDOOR fun factory runtime detection - do script remotely (backdoor.rules) 6055 - BACKDOOR bifrose 1.1 runtime detection (backdoor.rules) 6056 - BACKDOOR bifrose 1.1 runtime detection (backdoor.rules) 6057 - BACKDOOR bifrose 1.1 runtime detection (backdoor.rules) 6058 - BACKDOOR neurotickat1.3 runtime detection - icq notification (backdoor.rules) 6059 - BACKDOOR neurotickat1.3 runtime detection - cgi notification (backdoor.rules) 6060 - BACKDOOR neurotickat1.3 runtime detection - initial connection (backdoor.rules) 6061 - BACKDOOR neurotickat1.3 runtime detection - initial connection (backdoor.rules) 6062 - BACKDOOR neurotickat1.3 runtime detection - initial connection (backdoor.rules) 6063 - BACKDOOR schwindler 1.82 runtime detection (backdoor.rules) 6064 - BACKDOOR schwindler 1.82 runtime detection (backdoor.rules) 6065 - BACKDOOR optixlite 1.0 runtime detection - connection success client-to-server (backdoor.rules) 6066 - BACKDOOR optixlite 1.0 runtime detection - connection success server-to-client (backdoor.rules) 6067 - DELETED BACKDOOR optixlite 1.0 runtime detection - conn failure-cts (deleted.rules) 6068 - BACKDOOR optixlite 1.0 runtime detection - connection failure server-to-client (backdoor.rules) 6069 - BACKDOOR optixlite 1.0 runtime detection - icq notification (backdoor.rules) 6070 - BACKDOOR freak 1.0 runtime detection - irc notification (backdoor.rules) 6071 - BACKDOOR freak 1.0 runtime detection - icq notification (backdoor.rules) 6072 - BACKDOOR freak 1.0 runtime detection - initial connection client-to-server (backdoor.rules) 6073 - BACKDOOR freak 1.0 runtime detection - initial connection server-to-client (backdoor.rules) 6074 - BACKDOOR xhx 1.6 runtime detection - initial connection client-to-server (backdoor.rules) 6075 - BACKDOOR xhx 1.6 runtime detection - initial connection server-to-client (backdoor.rules) 6076 - BACKDOOR amiboide uploader runtime detection - init connection (backdoor.rules) 6077 - BACKDOOR autospy runtime detection - get information (backdoor.rules) 6078 - BACKDOOR autospy runtime detection - get information (backdoor.rules) 6079 - BACKDOOR autospy runtime detection - show autospy (backdoor.rules) 6080 - BACKDOOR autospy runtime detection - show autospy (backdoor.rules) 6081 - BACKDOOR autospy runtime detection - show nude pic (backdoor.rules) 6082 - BACKDOOR autospy runtime detection - show nude pic (backdoor.rules) 6083 - BACKDOOR autospy runtime detection - hide taskbar (backdoor.rules) 6084 - BACKDOOR autospy runtime detection - hide taskbar (backdoor.rules) 6085 - BACKDOOR autospy runtime detection - make directory (backdoor.rules) 6086 - BACKDOOR autospy runtime detection - make directory (backdoor.rules) 6087 - BACKDOOR a trojan 2.0 runtime detection (backdoor.rules) 6088 - BACKDOOR a trojan 2.0 runtime detection - init connection (backdoor.rules) 6089 - BACKDOOR a trojan 2.0 runtime detection (backdoor.rules) 6090 - BACKDOOR a trojan 2.0 runtime detection - get memory info (backdoor.rules) 6091 - BACKDOOR a trojan 2.0 runtime detection (backdoor.rules) 6092 - BACKDOOR a trojan 2.0 runtime detection - get harddisk info (backdoor.rules) 6093 - BACKDOOR a trojan 2.0 runtime detection (backdoor.rules) 6094 - BACKDOOR a trojan 2.0 runtime detection - get drive info (backdoor.rules) 6095 - BACKDOOR a trojan 2.0 runtime detection (backdoor.rules) 6096 - BACKDOOR a trojan 2.0 runtime detection - get system info (backdoor.rules) 6097 - BACKDOOR alvgus 2000 runtime detection (backdoor.rules) 6098 - BACKDOOR alvgus 2000 runtime detection - check server (backdoor.rules) 6099 - BACKDOOR alvgus 2000 runtime detection (backdoor.rules) 6100 - BACKDOOR alvgus 2000 runtime detection - view content of directory (backdoor.rules) 6101 - BACKDOOR alvgus 2000 runtime detection (backdoor.rules) 6102 - BACKDOOR alvgus 2000 runtime detection - execute command (backdoor.rules) 6103 - BACKDOOR alvgus 2000 runtime detection (backdoor.rules) 6104 - BACKDOOR alvgus 2000 runtime detection - upload file (backdoor.rules) 6105 - BACKDOOR alvgus 2000 runtime detection (backdoor.rules) 6106 - BACKDOOR alvgus 2000 runtime detection - download file (backdoor.rules) 6107 - BACKDOOR backage 3.1 runtime detection (backdoor.rules) 6108 - BACKDOOR dagger v1.1.40 runtime detection (backdoor.rules) 6109 - BACKDOOR dagger v1.1.40 runtime detection (backdoor.rules) 6110 - BACKDOOR forced entry v1.1 beta runtime detection (backdoor.rules) 6111 - BACKDOOR optix 1.32 runtime detection - init conn (backdoor.rules) 6112 - BACKDOOR optix 1.32 runtime detection - init conn (backdoor.rules) 6113 - BACKDOOR optix 1.32 runtime detection - init conn (backdoor.rules) 6114 - BACKDOOR optix 1.32 runtime detection - email notification (backdoor.rules) 6115 - BACKDOOR optix 1.32 runtime detection - icq notification (backdoor.rules) 6116 - BACKDOOR fore v1.0 beta runtime detection - init conn (backdoor.rules) 6117 - BACKDOOR fore v1.0 beta runtime detection - init conn (backdoor.rules) 6118 - BACKDOOR net runner runtime detection - initial connection client-to-server (backdoor.rules) 6119 - BACKDOOR net runner runtime detection - initial connection server-to-client (backdoor.rules) 6120 - BACKDOOR net runner runtime detection - download file client-to-server (backdoor.rules) 6121 - BACKDOOR net runner runtime detection - download file server-to-client (backdoor.rules) 6122 - BACKDOOR millenium v1.0 runtime detection (backdoor.rules) 6123 - BACKDOOR ambush 1.0 runtime detection - ping client-to-server (backdoor.rules) 6124 - BACKDOOR ambush 1.0 runtime detection - ping server-to-client (backdoor.rules) 6125 - BACKDOOR dkangel runtime detection - smtp (backdoor.rules) 6126 - BACKDOOR dkangel runtime detection - smtp (backdoor.rules) 6127 - BACKDOOR dkangel runtime detection - udp client-to-server (backdoor.rules) 6128 - BACKDOOR dkangel runtime detection - icmp echo reply client-to-server (backdoor.rules) 6129 - BACKDOOR chupacabra 1.0 runtime detection (backdoor.rules) 6130 - BACKDOOR chupacabra 1.0 runtime detection - get computer name (backdoor.rules) 6131 - BACKDOOR chupacabra 1.0 runtime detection (backdoor.rules) 6132 - BACKDOOR chupacabra 1.0 runtime detection - get user name (backdoor.rules) 6133 - BACKDOOR chupacabra 1.0 runtime detection - send messages (backdoor.rules) 6134 - BACKDOOR chupacabra 1.0 runtime detection - delete file (backdoor.rules) 6135 - DELETED BACKDOOR clindestine 1.0 icq notification of server installation (deleted.rules) 6136 - BACKDOOR clindestine 1.0 runtime detection - capture big screen (backdoor.rules) 6137 - BACKDOOR clindestine 1.0 runtime detection - capture small screen (backdoor.rules) 6138 - BACKDOOR clindestine 1.0 runtime detection - get computer info (backdoor.rules) 6139 - BACKDOOR clindestine 1.0 runtime detection - get system directory (backdoor.rules) 6140 - BACKDOOR hellzaddiction v1.0e runtime detection - init conn (backdoor.rules) 6141 - BACKDOOR hellzaddiction v1.0e runtime detection - init conn (backdoor.rules) 6142 - BACKDOOR hellzaddiction v1.0e runtime detection - ftp open (backdoor.rules) 6143 - BACKDOOR dark connection inside v1.2 runtime detection (backdoor.rules) 6144 - BACKDOOR mantis runtime detection - sent notify option client-to-server 1 (backdoor.rules) 6145 - BACKDOOR mantis runtime detection - sent notify option server-to-client (backdoor.rules) 6146 - BACKDOOR mantis runtime detection - sent notify option client-to-server 2 (backdoor.rules) 6147 - BACKDOOR mantis runtime detection - go to address client-to-server (backdoor.rules) 6148 - BACKDOOR mantis runtime detection - go to address server-to-client (backdoor.rules) 6149 - BACKDOOR netcontrol v1.0.8 runtime detection (backdoor.rules) 6150 - BACKDOOR netcontrol v1.0.8 runtime detection (backdoor.rules) 6151 - BACKDOOR back attack v1.4 runtime detection (backdoor.rules) 6152 - BACKDOOR dirtxt runtime detection - chdir client-to-server (backdoor.rules) 6153 - BACKDOOR dirtxt runtime detection - chdir server-to-client (backdoor.rules) 6154 - BACKDOOR dirtxt runtime detection - info client-to-server (backdoor.rules) 6155 - BACKDOOR dirtxt runtime detection - info server-to-client (backdoor.rules) 6156 - BACKDOOR dirtxt runtime detection - view client-to-server (backdoor.rules) 6157 - BACKDOOR dirtxt runtime detection - view server-to-client (backdoor.rules) 6158 - DELETED BACKDOOR satanz Backdoor runtime detection (deleted.rules) 6159 - BACKDOOR delirium of disorder runtime detection - enable keylogger (backdoor.rules) 6160 - BACKDOOR delirium of disorder runtime detection - stop keylogger (backdoor.rules) 6161 - BACKDOOR furax 1.0 b2 runtime detection (backdoor.rules) 6162 - DELETED BACKDOOR netsphere v1.31.337 final runtime detection (deleted.rules) 6163 - DELETED BACKDOOR gate crahser v1.2 runtime detection (deleted.rules) 6164 - BACKDOOR psyrat 1.0 runtime detection (backdoor.rules) 6165 - BACKDOOR psyrat 1.0 runtime detection (backdoor.rules) 6166 - BACKDOOR unicorn runtime detection - initial connection (backdoor.rules) 6167 - BACKDOOR unicorn runtime detection - set wallpaper client-to-server (backdoor.rules) 6168 - BACKDOOR unicorn runtime detection - set wallpaper server-to-client (backdoor.rules) 6169 - BACKDOOR digital rootbeer runtime detection (backdoor.rules) 6170 - BACKDOOR digital rootbeer runtime detection (backdoor.rules) 6171 - BACKDOOR cookie monster 0.24 runtime detection (backdoor.rules) 6172 - BACKDOOR cookie monster 0.24 runtime detection - get version info (backdoor.rules) 6173 - BACKDOOR cookie monster 0.24 runtime detection (backdoor.rules) 6174 - BACKDOOR cookie monster 0.24 runtime detection - file explorer (backdoor.rules) 6175 - BACKDOOR cookie monster 0.24 runtime detection - kill kernel (backdoor.rules) 6176 - BACKDOOR guptachar 2.0 runtime detection (backdoor.rules) 6177 - BACKDOOR ultimate destruction runtime detection - kill process client-to-server (backdoor.rules) 6178 - BACKDOOR ultimate destruction runtime detection - kill windows client-to-server (backdoor.rules) 6179 - BACKDOOR bladerunner 0.80 runtime detection (backdoor.rules) 6180 - BACKDOOR netraider 0.0 runtime detection (backdoor.rules) 6181 - BACKDOOR netraider 0.0 runtime detection (backdoor.rules) 6182 - CHAT IRC channel notice (chat.rules) Updated rules: 104 - DELETED BACKDOOR - Dagger_1.4.0_client_connect (deleted.rules) 109 - BACKDOOR netbus active (backdoor.rules) 118 - BACKDOOR SatansBackdoor.2.0.Beta (backdoor.rules) 147 - BACKDOOR GateCrasher (backdoor.rules) 542 - CHAT IRC nick change (chat.rules) 631 - SMTP ehlo cybercop attempt (smtp.rules) 632 - SMTP expn cybercop attempt (smtp.rules) 648 - SHELLCODE x86 NOOP (shellcode.rules) 907 - WEB-COLDFUSION addcontent.cfm access (web-coldfusion.rules) 909 - WEB-COLDFUSION datasource username attempt (web-coldfusion.rules) 910 - WEB-COLDFUSION fileexists.cfm access (web-coldfusion.rules) 911 - WEB-COLDFUSION exprcalc access (web-coldfusion.rules) 912 - WEB-COLDFUSION parks access (web-coldfusion.rules) 913 - WEB-COLDFUSION cfappman access (web-coldfusion.rules) 914 - WEB-COLDFUSION beaninfo access (web-coldfusion.rules) 915 - WEB-COLDFUSION evaluate.cfm access (web-coldfusion.rules) 916 - WEB-COLDFUSION getodbcdsn access (web-coldfusion.rules) 917 - WEB-COLDFUSION db connections flush attempt (web-coldfusion.rules) 918 - WEB-COLDFUSION expeval access (web-coldfusion.rules) 919 - WEB-COLDFUSION datasource passwordattempt (web-coldfusion.rules) 920 - WEB-COLDFUSION datasource attempt (web-coldfusion.rules) 921 - WEB-COLDFUSION admin encrypt attempt (web-coldfusion.rules) 922 - WEB-COLDFUSION displayfile access (web-coldfusion.rules) 923 - WEB-COLDFUSION getodbcin attempt (web-coldfusion.rules) 924 - WEB-COLDFUSION admin decrypt attempt (web-coldfusion.rules) 925 - WEB-COLDFUSION mainframeset access (web-coldfusion.rules) 926 - WEB-COLDFUSION set odbc ini attempt (web-coldfusion.rules) 927 - WEB-COLDFUSION settings refresh attempt (web-coldfusion.rules) 928 - WEB-COLDFUSION exampleapp access (web-coldfusion.rules) 929 - WEB-COLDFUSION CFUSION_VERIFYMAIL access (web-coldfusion.rules) 930 - WEB-COLDFUSION snippets attempt (web-coldfusion.rules) 931 - WEB-COLDFUSION cfmlsyntaxcheck.cfm access (web-coldfusion.rules) 932 - WEB-COLDFUSION application.cfm access (web-coldfusion.rules) 933 - WEB-COLDFUSION onrequestend.cfm access (web-coldfusion.rules) 935 - WEB-COLDFUSION startstop DOS access (web-coldfusion.rules) 936 - WEB-COLDFUSION gettempdirectory.cfm access (web-coldfusion.rules) 1446 - SMTP vrfy root (smtp.rules) 1463 - CHAT IRC message (chat.rules) 1540 - WEB-COLDFUSION ?Mode=debug attempt (web-coldfusion.rules) 1639 - CHAT IRC DCC file transfer request (chat.rules) 1640 - CHAT IRC DCC chat request (chat.rules) 1659 - WEB-COLDFUSION sendmail.cfm access (web-coldfusion.rules) 1729 - CHAT IRC channel join (chat.rules) 1789 - CHAT IRC dns request (chat.rules) 2925 - INFO web bug 1x1 gif attempt (info.rules) 3083 - BACKDOOR Y3KRAT 1.5 Connection confirmation (backdoor.rules) 3653 - SMTP SAML overflow attempt (smtp.rules) 3654 - SMTP SOML overflow attempt (smtp.rules) 3655 - SMTP SEND overflow attempt (smtp.rules) 3656 - SMTP MAIL overflow attempt (smtp.rules) 3815 - SMTP eXchange POP3 mail server overflow attempt (smtp.rules) 3824 - SMTP AUTH user overflow attempt (smtp.rules) 5714 - SMTP x-unix-mode executable mail attachment (smtp.rules)
