Sourcefire VRT Update
Date: 2006-08-22
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.
The format of the file is:
sid - Message (rule group)
New rules: 7502 <-> Enabled <-> WEB-CLIENT tsuserex.ADsTSUserEx.1 ActiveX CLSID access (web-client.rules) 7503 <-> Enabled <-> WEB-CLIENT tsuserex.ADsTSUserEx.1 ActiveX CLSID unicode access (web-client.rules) 7504 <-> Disabled <-> SPYWARE-PUT Keylogger actualspy runtime detection - ftp-data (spyware-put.rules) 7505 <-> Disabled <-> SPYWARE-PUT Keylogger actualspy runtime detection - smtp (spyware-put.rules) 7506 <-> Disabled <-> SPYWARE-PUT Hacker-Tool coma runtime detection - init connection - flowbit set (spyware-put.rules) 7507 <-> Disabled <-> SPYWARE-PUT Hacker-Tool coma runtime detection - init connection (spyware-put.rules) 7508 <-> Disabled <-> SPYWARE-PUT Hacker-Tool coma runtime detection - ping - flowbit set (spyware-put.rules) 7509 <-> Disabled <-> SPYWARE-PUT Hacker-Tool coma runtime detection - ping (spyware-put.rules) 7510 <-> Disabled <-> SPYWARE-PUT Trickler edonkey2000 runtime detection - version verification (spyware-put.rules) 7511 <-> Disabled <-> SPYWARE-PUT Trickler edonkey2000 runtime detection - get ads page (spyware-put.rules) 7512 <-> Disabled <-> SPYWARE-PUT Keylogger watchdog runtime detection - init connection - flowbit set (spyware-put.rules) 7513 <-> Disabled <-> SPYWARE-PUT Keylogger watchdog runtime detection - init connection (spyware-put.rules) 7514 <-> Disabled <-> SPYWARE-PUT Keylogger watchdog runtime detection - send out info to server periodically (spyware-put.rules) 7515 <-> Disabled <-> SPYWARE-PUT Keylogger watchdog runtime detection - remote monitoring (spyware-put.rules) 7516 <-> Disabled <-> SPYWARE-PUT Trickler hmtoolbar runtime detection (spyware-put.rules) 7517 <-> Disabled <-> SPYWARE-PUT Hijacker chinese keywords runtime detection (spyware-put.rules) 7518 <-> Disabled <-> SPYWARE-PUT Trackware earthlink toolbar runtime detection - get up-to-date news info (spyware-put.rules) 7519 <-> Disabled <-> SPYWARE-PUT Trackware earthlink toolbar runtime detection - track activity (spyware-put.rules) 7520 <-> Disabled <-> SPYWARE-PUT Trackware earthlink toolbar runtime detection - ie autosearch hijack (spyware-put.rules) 7521 <-> Disabled <-> SPYWARE-PUT Trackware earthlink toolbar runtime detection - search toolbar request 1 (spyware-put.rules) 7522 <-> Disabled <-> SPYWARE-PUT Trackware earthlink toolbar runtime detection - search toolbar request 2 (spyware-put.rules) 7523 <-> Disabled <-> SPYWARE-PUT Trackware earthlink toolbar runtime detection - click news button links (spyware-put.rules) 7524 <-> Disabled <-> SPYWARE-PUT Hijacker moneybar runtime detection - cgispy counter (spyware-put.rules) 7525 <-> Disabled <-> SPYWARE-PUT Trackware hotblox toolbar runtime detection - barad.asp request (spyware-put.rules) 7526 <-> Disabled <-> SPYWARE-PUT Trackware hotblox toolbar runtime detection - stat counter (spyware-put.rules) 7527 <-> Disabled <-> SPYWARE-PUT Trackware hotblox toolbar runtime detection - toolbar find function (spyware-put.rules) 7528 <-> Disabled <-> SPYWARE-PUT Trackware hotblox toolbar runtime detection - ie autosearch hijack (spyware-put.rules) 7529 <-> Disabled <-> SPYWARE-PUT Snoopware halflife jacker runtime detection (spyware-put.rules) 7530 <-> Disabled <-> SPYWARE-PUT Trickler mediaseek.pl client runtime detection - trickler (spyware-put.rules) 7531 <-> Disabled <-> SPYWARE-PUT Trickler mediaseek.pl client runtime detection - login (spyware-put.rules) 7532 <-> Disabled <-> SPYWARE-PUT Adware piolet runtime detection - user-agent (spyware-put.rules) 7533 <-> Disabled <-> SPYWARE-PUT Adware piolet runtime detection - ads request (spyware-put.rules) 7534 <-> Disabled <-> SPYWARE-PUT Hijacker clearsearch variant runtime detection - ie hijacking (spyware-put.rules) 7535 <-> Disabled <-> SPYWARE-PUT Hijacker clearsearch variant runtime detection - pass information (spyware-put.rules) 7536 <-> Disabled <-> SPYWARE-PUT Hijacker clearsearch variant runtime detection - popup (spyware-put.rules) 7537 <-> Disabled <-> SPYWARE-PUT Trackware arrow search runtime detection (spyware-put.rules) 7538 <-> Disabled <-> SPYWARE-PUT Screen-Scraper hidden camera runtime detection (spyware-put.rules) 7539 <-> Disabled <-> SPYWARE-PUT Keylogger eye spy pro 1.0 runtime detection (spyware-put.rules) 7540 <-> Disabled <-> SPYWARE-PUT Hacker-Tool unify runtime detection - cgi notification (spyware-put.rules) 7541 <-> Disabled <-> SPYWARE-PUT Keylogger starlogger runtime detection (spyware-put.rules) 7542 <-> Disabled <-> SPYWARE-PUT Hacker-Tool mini oblivion runtime detection - successful init connection (spyware-put.rules) 7543 <-> Disabled <-> SPYWARE-PUT Hijacker 2020search runtime detection (spyware-put.rules) 7544 <-> Disabled <-> SPYWARE-PUT Keylogger PerfectKeylogger runtime detection - flowbit set 1 (spyware-put.rules) 7545 <-> Disabled <-> SPYWARE-PUT Keylogger PerfectKeylogger runtime detection - flowbit set 2 (spyware-put.rules) 7546 <-> Disabled <-> SPYWARE-PUT Keylogger PerfectKeylogger runtime detection (spyware-put.rules) 7547 <-> Disabled <-> SPYWARE-PUT Keylogger activity monitor 3.8 runtime detection - agent status monitoring (spyware-put.rules) 7548 <-> Disabled <-> SPYWARE-PUT Keylogger activity monitor 3.8 runtime detection - agent up notification (spyware-put.rules) 7549 <-> Disabled <-> SPYWARE-PUT Keylogger activity monitor 3.8 runtime detection (spyware-put.rules) 7550 <-> Disabled <-> SPYWARE-PUT Adware adroar runtime detection (spyware-put.rules) 7551 <-> Disabled <-> SPYWARE-PUT Keylogger ardamax keylogger runtime detection - smtp (spyware-put.rules) 7552 <-> Disabled <-> SPYWARE-PUT Keylogger ardamax keylogger runtime detection - ftp (spyware-put.rules) 7553 <-> Disabled <-> SPYWARE-PUT Adware hxdl runtime detection - hxlogonly user-agent (spyware-put.rules) 7554 <-> Disabled <-> SPYWARE-PUT Adware hxdl runtime detection - hxdownload user-agent (spyware-put.rules) 7555 <-> Disabled <-> SPYWARE-PUT Adware hxdl runtime detection - crypt user-agent (spyware-put.rules) 7556 <-> Disabled <-> SPYWARE-PUT Hijacker blazefind runtime detection - search bar (spyware-put.rules) 7557 <-> Disabled <-> SPYWARE-PUT Trackware purityscan runtime detection - start up (spyware-put.rules) 7558 <-> Disabled <-> SPYWARE-PUT Trackware purityscan runtime detection - installation notify (spyware-put.rules) 7559 <-> Disabled <-> SPYWARE-PUT Trackware purityscan runtime detection - track user activity and status (spyware-put.rules) 7560 <-> Disabled <-> SPYWARE-PUT Trackware purityscan runtime detection - self update (spyware-put.rules) 7561 <-> Disabled <-> SPYWARE-PUT Trackware purityscan runtime detection - opt out of interstitial advertising (spyware-put.rules) 7562 <-> Disabled <-> SPYWARE-PUT Adware morpheus runtime detection - ad 1 (spyware-put.rules) 7563 <-> Disabled <-> SPYWARE-PUT Adware morpheus runtime detection - ad 2 (spyware-put.rules) 7564 <-> Disabled <-> SPYWARE-PUT Hijacker startnow runtime detection (spyware-put.rules) 7565 <-> Disabled <-> SPYWARE-PUT Hijacker adshooter.searchforit runtime detection - search engine (spyware-put.rules) 7566 <-> Disabled <-> SPYWARE-PUT Hijacker adshooter.searchforit runtime detection - redirector (spyware-put.rules) 7567 <-> Disabled <-> SPYWARE-PUT Trackware funwebproducts mywebsearchtoolbar-funtools runtime detection (spyware-put.rules) 7568 <-> Disabled <-> SPYWARE-PUT Trackware webhancer runtime detection (spyware-put.rules) 7569 <-> Disabled <-> SPYWARE-PUT Adware lordofsearch runtime detection (spyware-put.rules) 7570 <-> Disabled <-> SPYWARE-PUT Hijacker linkspider search bar runtime detection - ads (spyware-put.rules) 7571 <-> Disabled <-> SPYWARE-PUT Hijacker linkspider search bar runtime detection - toolbar search (spyware-put.rules) 7572 <-> Disabled <-> SPYWARE-PUT Trickler album galaxy runtime detection - startup data (spyware-put.rules) 7573 <-> Disabled <-> SPYWARE-PUT Trickler album galaxy runtime detection - p2p gnutella (spyware-put.rules) 7574 <-> Disabled <-> SPYWARE-PUT Keylogger proagent 2.0 runtime detection (spyware-put.rules) 7575 <-> Disabled <-> SPYWARE-PUT Hijacker starware toolbar runtime detection - weather request (spyware-put.rules) 7576 <-> Disabled <-> SPYWARE-PUT Hijacker starware toolbar runtime detection - hijack ie browser (spyware-put.rules) 7577 <-> Disabled <-> SPYWARE-PUT Hijacker starware toolbar runtime detection - collect information (spyware-put.rules) 7578 <-> Disabled <-> SPYWARE-PUT Hijacker starware toolbar runtime detection - reference (spyware-put.rules) 7579 <-> Disabled <-> SPYWARE-PUT Hijacker starware toolbar runtime detection - smileys (spyware-put.rules) 7580 <-> Disabled <-> SPYWARE-PUT Hijacker starware toolbar runtime detection - update (spyware-put.rules) 7581 <-> Disabled <-> SPYWARE-PUT Hijacker flashbar runtime detection - user-agent (spyware-put.rules) 7582 <-> Disabled <-> SPYWARE-PUT Trickler pcast runtime detection - update checking (spyware-put.rules) 7583 <-> Disabled <-> SPYWARE-PUT Hacker-Tool clandestine runtime detection - flowbit set big (spyware-put.rules) 7584 <-> Disabled <-> SPYWARE-PUT Hacker-Tool clandestine runtime detection - flowbit set open (spyware-put.rules) 7585 <-> Disabled <-> SPYWARE-PUT Hacker-Tool clandestine runtime detection - flowbit set image (spyware-put.rules) 7586 <-> Disabled <-> SPYWARE-PUT Hacker-Tool clandestine runtime detection - image transferred (spyware-put.rules) 7587 <-> Disabled <-> SPYWARE-PUT Trickler urlblaze runtime detection - software information request (spyware-put.rules) 7588 <-> Disabled <-> SPYWARE-PUT Trickler urlblaze runtime detection - files search or download (spyware-put.rules) 7589 <-> Disabled <-> SPYWARE-PUT Trickler urlblaze runtime detection - irc notification (spyware-put.rules) 7590 <-> Disabled <-> SPYWARE-PUT Hijacker swbar runtime detection (spyware-put.rules) 7591 <-> Disabled <-> SPYWARE-PUT Keylogger keylogger pro runtime detection - flowbit set (spyware-put.rules) 7592 <-> Disabled <-> SPYWARE-PUT Keylogger keylogger pro runtime detection (spyware-put.rules) 7593 <-> Disabled <-> SPYWARE-PUT Trackware trellian toolbarbrowser runtime detection (spyware-put.rules) 7594 <-> Disabled <-> SPYWARE-PUT Adware comedy planet runtime detection - ads (spyware-put.rules) 7595 <-> Disabled <-> SPYWARE-PUT Adware comedy planet runtime detection - collect user information (spyware-put.rules) 7596 <-> Disabled <-> SPYWARE-PUT Keylogger spy lantern keylogger runtime detection - flowbit set (spyware-put.rules) 7597 <-> Disabled <-> SPYWARE-PUT Keylogger spy lantern keylogger runtime detection (spyware-put.rules) 7598 <-> Disabled <-> SPYWARE-PUT Snoopware 2-seek runtime detection - search in toolbar (spyware-put.rules) 7599 <-> Disabled <-> SPYWARE-PUT Snoopware 2-seek runtime detection - user info collection (spyware-put.rules) 7600 <-> Disabled <-> SPYWARE-PUT Hijacker adtraffic runtime detection - notfound website search hijack and redirection (spyware-put.rules) 7601 <-> Disabled <-> SPYWARE-PUT Snoopware big brother v3.5.1 runtime detection - connect to keyserver (spyware-put.rules) 7602 <-> Disabled <-> SPYWARE-PUT Snoopware big brother v3.5.1 runtime detection - connect to receiver - flowbit set (spyware-put.rules) 7603 <-> Disabled <-> SPYWARE-PUT Snoopware big brother v3.5.1 runtime detection - connect to receiver (spyware-put.rules) 7604 <-> Disabled <-> BACKDOOR katux 2.0 runtime detection - screen capture - flowbit set (backdoor.rules) 7605 <-> Disabled <-> BACKDOOR katux 2.0 runtime detection - screen capture (backdoor.rules) 7606 <-> Disabled <-> BACKDOOR katux 2.0 runtime detection - get system info - flowbit set (backdoor.rules) 7607 <-> Disabled <-> BACKDOOR katux 2.0 runtime detection - get system info (backdoor.rules) 7608 <-> Disabled <-> BACKDOOR katux 2.0 runtime detection - chat - flowbit set (backdoor.rules) 7609 <-> Disabled <-> BACKDOOR katux 2.0 runtime detection - chat (backdoor.rules) 7610 <-> Disabled <-> BACKDOOR flux 1.0 runtime detection - initial connection - flowbit 1 (backdoor.rules) 7611 <-> Disabled <-> BACKDOOR flux 1.0 runtime detection - initial connection - flowbit 2 (backdoor.rules) 7612 <-> Disabled <-> BACKDOOR flux 1.0 runtime detection - initial connection - flowbit 3 (backdoor.rules) 7613 <-> Disabled <-> BACKDOOR flux 1.0 runtime detection - successful initial connection (backdoor.rules) 7614 <-> Disabled <-> BACKDOOR flux 1.0 runtime detection - keep alive - flowbit set (backdoor.rules) 7615 <-> Disabled <-> BACKDOOR flux 1.0 runtime detection - keep alive (backdoor.rules) 7616 <-> Disabled <-> BACKDOOR theef 2.0 runtime detection - connection without password (backdoor.rules) 7617 <-> Disabled <-> BACKDOOR theef 2.0 runtime detection - connection request with password - flowbit 1 (backdoor.rules) 7618 <-> Disabled <-> BACKDOOR theef 2.0 runtime detection - connection request with password - flowbit 2 (backdoor.rules) 7619 <-> Disabled <-> BACKDOOR theef 2.0 runtime detection - connection request with password (backdoor.rules) 7620 <-> Disabled <-> BACKDOOR remote control 1.7 runtime detection - connection request flowbit 1 (backdoor.rules) 7621 <-> Disabled <-> BACKDOOR remote control 1.7 runtime detection - connection request - flowbit 2 (backdoor.rules) 7622 <-> Disabled <-> BACKDOOR remote control 1.7 runtime detection - connection request - flowbit 3 (backdoor.rules) 7623 <-> Disabled <-> BACKDOOR remote control 1.7 runtime detection - connection request (backdoor.rules) 7624 <-> Disabled <-> BACKDOOR remote control 1.7 runtime detection - data communication (backdoor.rules) 7625 <-> Disabled <-> BACKDOOR skyrat show runtime detection - initial connection - flowbit 1 (backdoor.rules) 7626 <-> Disabled <-> BACKDOOR skyrat show runtime detection - initial connection - flowbit 2 (backdoor.rules) 7627 <-> Disabled <-> BACKDOOR skyrat show runtime detection - initial connection - flowbit 3 (backdoor.rules) 7628 <-> Disabled <-> BACKDOOR skyrat show runtime detection - initial connection - flowbit 4 (backdoor.rules) 7629 <-> Disabled <-> BACKDOOR skyrat show runtime detection - initial connection (backdoor.rules) 7630 <-> Disabled <-> BACKDOOR helios 3.1 runtime detection - initial connection (backdoor.rules) 7631 <-> Disabled <-> BACKDOOR hornet 1.0 runtime detection - fetch system info - flowbit set (backdoor.rules) 7632 <-> Disabled <-> BACKDOOR hornet 1.0 runtime detection - fetch system info (backdoor.rules) 7633 <-> Disabled <-> BACKDOOR hornet 1.0 runtime detection - irc connection - flowbit set (backdoor.rules) 7634 <-> Disabled <-> BACKDOOR hornet 1.0 runtime detection - irc connection (backdoor.rules) 7635 <-> Disabled <-> BACKDOOR hornet 1.0 runtime detection - fetch process list - flowbit set (backdoor.rules) 7636 <-> Disabled <-> BACKDOOR hornet 1.0 runtime detection - fetch processes list (backdoor.rules) 7637 <-> Disabled <-> BACKDOOR hornet 1.0 runtime detection - icq notification (backdoor.rules) 7638 <-> Disabled <-> BACKDOOR ncph runtime detection - initial connection (backdoor.rules) 7639 <-> Disabled <-> BACKDOOR air runtime detection - php notification (backdoor.rules) 7640 <-> Disabled <-> BACKDOOR air runtime detection - webmail notification (backdoor.rules) 7641 <-> Disabled <-> BACKDOOR am remote client runtime detection - client-to-server (backdoor.rules) 7642 <-> Disabled <-> BACKDOOR am remote client runtime detection - server-to-client (backdoor.rules) 7643 <-> Disabled <-> BACKDOOR netcontrol takeover runtime detection (backdoor.rules) 7644 <-> Disabled <-> BACKDOOR ullysse runtime detection - client-to-server (backdoor.rules) 7645 <-> Disabled <-> BACKDOOR snipernet 2.1 runtime detection - flowbit set (backdoor.rules) 7646 <-> Disabled <-> BACKDOOR snipernet 2.1 runtime detection (backdoor.rules) 7647 <-> Disabled <-> BACKDOOR minicom lite runtime detection - udp (backdoor.rules) 7648 <-> Disabled <-> BACKDOOR minicom lite runtime detection - client-to-server (backdoor.rules) 7649 <-> Disabled <-> BACKDOOR minicom lite runtime detection - server-to-client (backdoor.rules) 7650 <-> Disabled <-> BACKDOOR small uploader 1.01 runtime detection - initial connection - flowbit set (backdoor.rules) 7651 <-> Disabled <-> BACKDOOR small uploader 1.01 runtime detection - initial connection (backdoor.rules) 7652 <-> Disabled <-> BACKDOOR small uploader 1.01 runtime detection - get server information - flowbit set (backdoor.rules) 7653 <-> Disabled <-> BACKDOOR small uploader 1.01 runtime detection - get server information (backdoor.rules) 7654 <-> Disabled <-> BACKDOOR small uploader 1.01 runtime detection - remote shell - flowbit set (backdoor.rules) 7655 <-> Disabled <-> BACKDOOR small uploader 1.01 runtime detection - remote shell (backdoor.rules) 7656 <-> Disabled <-> BACKDOOR diems mutter runtime detection - client-to-server (backdoor.rules) 7657 <-> Disabled <-> BACKDOOR diems mutter runtime detection - server-to-client (backdoor.rules) 7658 <-> Disabled <-> BACKDOOR jodeitor 1.1 runtime detection - initial connection (backdoor.rules) 7659 <-> Disabled <-> BACKDOOR lan filtrator 1.1 runtime detection - sin notification (backdoor.rules) 7660 <-> Disabled <-> BACKDOOR lan filtrator 1.1 runtime detection - initial connection request - flowbit set (backdoor.rules) 7661 <-> Disabled <-> BACKDOOR lan filtrator 1.1 runtime detection - initial connection request (backdoor.rules) 7662 <-> Disabled <-> BACKDOOR snid x2 v1.2 runtime detection - initial connection - flowbit set (backdoor.rules) 7663 <-> Disabled <-> BACKDOOR snid x2 v1.2 runtime detection - initial connection (backdoor.rules) 7664 <-> Disabled <-> BACKDOOR screen control 1.0 runtime detection - initial connection - flowbit set (backdoor.rules) 7665 <-> Disabled <-> BACKDOOR screen control 1.0 runtime detection - initial connection (backdoor.rules) 7666 <-> Disabled <-> BACKDOOR screen control 1.0 runtime detection - capture on port 2208 - flowbit set (backdoor.rules) 7667 <-> Disabled <-> BACKDOOR screen control 1.0 runtime detection - capture on port 2208 (backdoor.rules) 7668 <-> Disabled <-> BACKDOOR screen control 1.0 runtime detection - capture on port 2213 - flowbit set (backdoor.rules) 7669 <-> Disabled <-> BACKDOOR screen control 1.0 runtime detection - capture on port 2213 (backdoor.rules) 7670 <-> Disabled <-> BACKDOOR digital upload runtime detection - initial connection (backdoor.rules) 7671 <-> Disabled <-> BACKDOOR digital upload runtime detection - chat (backdoor.rules) 7672 <-> Disabled <-> BACKDOOR remoter runtime detection - initial connection (backdoor.rules) 7673 <-> Disabled <-> BACKDOOR remote havoc runtime detection - flowbit set 1 (backdoor.rules) 7674 <-> Disabled <-> BACKDOOR remote havoc runtime detection - flowbit set 2 (backdoor.rules) 7675 <-> Disabled <-> BACKDOOR remote havoc runtime detection (backdoor.rules) 7676 <-> Disabled <-> BACKDOOR cool remote control 1.12 runtime detection - initial connection - flowbit set (backdoor.rules) 7677 <-> Disabled <-> BACKDOOR cool remote control 1.12 runtime detection - initial connection (backdoor.rules) 7678 <-> Disabled <-> BACKDOOR cool remote control 1.12 runtime detection - upload file - flowbit set (backdoor.rules) 7679 <-> Disabled <-> BACKDOOR cool remote control 1.12 runtime detection - upload file (backdoor.rules) 7680 <-> Disabled <-> BACKDOOR cool remote control 1.12 runtime detection - download file - flowbit set (backdoor.rules) 7681 <-> Disabled <-> BACKDOOR cool remote control 1.12 runtime detection - download file (backdoor.rules) 7682 <-> Disabled <-> BACKDOOR acid head 1.00 runtime detection - flowbit set (backdoor.rules) 7683 <-> Disabled <-> BACKDOOR acid head 1.00 runtime detection (backdoor.rules) 7684 <-> Disabled <-> BACKDOOR hrat 1.0 runtime detection (backdoor.rules) 7685 <-> Disabled <-> BACKDOOR illusion runtime detection - get remote info client-to-server (backdoor.rules) 7686 <-> Disabled <-> BACKDOOR illusion runtime detection - get remote info server-to-client (backdoor.rules) 7687 <-> Disabled <-> BACKDOOR illusion runtime detection - file browser client-to-server (backdoor.rules) 7688 <-> Disabled <-> BACKDOOR illusion runtime detection - file browser server-to-client (backdoor.rules) 7689 <-> Disabled <-> BACKDOOR evade runtime detection - initial connection (backdoor.rules) 7690 <-> Disabled <-> BACKDOOR evade runtime detection - file manager - flowbit set (backdoor.rules) 7691 <-> Disabled <-> BACKDOOR evade runtime detection - file manager (backdoor.rules) 7692 <-> Disabled <-> BACKDOOR exception 1.0 runtime detection - notification (backdoor.rules) 7693 <-> Disabled <-> BACKDOOR exception 1.0 runtime detection - intial connection client-to-server (backdoor.rules) 7694 <-> Disabled <-> BACKDOOR exception 1.0 runtime detection - intial connection server-to-client (backdoor.rules) 7695 <-> Disabled <-> BACKDOOR hanky panky 1.1 runtime detection - initial connection - flowbit set 1 (backdoor.rules) 7696 <-> Disabled <-> BACKDOOR hanky panky 1.1 runtime detection - initial connection - flowbit set 2 (backdoor.rules) 7697 <-> Disabled <-> BACKDOOR hanky panky 1.1 runtime detection - initial connection (backdoor.rules) 7698 <-> Disabled <-> BACKDOOR brain wiper runtime detection - launch application - flowbit set (backdoor.rules) 7699 <-> Disabled <-> BACKDOOR brain wiper runtime detection - launch application (backdoor.rules) 7700 <-> Disabled <-> BACKDOOR brain wiper runtime detection - chat - flowbit set (backdoor.rules) 7701 <-> Disabled <-> BACKDOOR brain wiper runtime detection - chat (backdoor.rules) 7702 <-> Disabled <-> BACKDOOR roach 1.0 runtime detection - remote control actions - flowbit set (backdoor.rules) 7703 <-> Disabled <-> BACKDOOR roach 1.0 runtime detection - remote control actions (backdoor.rules) 7704 <-> Disabled <-> BACKDOOR roach 1.0 server installation notification - email (backdoor.rules) 7705 <-> Disabled <-> BACKDOOR omniquad instant remote control runtime detection - initial connection - flowbit set (backdoor.rules) 7706 <-> Disabled <-> BACKDOOR omniquad instant remote control runtime detection - initial connection (backdoor.rules) 7707 <-> Disabled <-> BACKDOOR omniquad instant remote control runtime detection - file transfer setup (backdoor.rules) 7708 <-> Disabled <-> BACKDOOR fear1.5/aciddrop1.0 runtime detection - initial connection - flowbit set (backdoor.rules) 7709 <-> Disabled <-> BACKDOOR fear1.5/aciddrop1.0 runtime detection - initial connection - flowbit set (backdoor.rules) 7710 <-> Disabled <-> BACKDOOR fear1.5/aciddrop1.0 runtime detection - initial connection (backdoor.rules) 7711 <-> Disabled <-> BACKDOOR amitis runtime command detection attacker to victim (backdoor.rules) 7712 <-> Disabled <-> BACKDOOR amitis runtime detection victim to attacker (backdoor.rules) 7713 <-> Disabled <-> BACKDOOR amitis v1.3 runtime detection - email notification (backdoor.rules) 7714 <-> Disabled <-> BACKDOOR netdevil runtime detection - flowbit set 1 (backdoor.rules) 7715 <-> Disabled <-> BACKDOOR netdevil runtime detection - flowbit set 2 (backdoor.rules) 7716 <-> Disabled <-> BACKDOOR netdevil runtime detection (backdoor.rules) 7717 <-> Disabled <-> BACKDOOR snake trojan runtime detection (backdoor.rules) 7718 <-> Disabled <-> BACKDOOR dameware mini remote control runtime detection - initial connection - flowbit set (backdoor.rules) 7719 <-> Disabled <-> BACKDOOR dameware mini remote control runtime detection - initial connection (backdoor.rules) 7720 <-> Disabled <-> BACKDOOR desktop scout runtime detection (backdoor.rules) 7721 <-> Disabled <-> BACKDOOR prorat 1.9 initial connection detection (backdoor.rules) 7722 <-> Disabled <-> BACKDOOR prorat 1.9 cgi notification detection (backdoor.rules) 7723 <-> Disabled <-> BACKDOOR wollf runtime detection (backdoor.rules) 7724 <-> Disabled <-> BACKDOOR reversable ver1.0 runtime detection - initial connection - flowbit set (backdoor.rules) 7725 <-> Disabled <-> BACKDOOR reversable ver1.0 runtime detection - initial connection (backdoor.rules) 7726 <-> Disabled <-> BACKDOOR reversable ver1.0 runtime detection - execute command - flowbit set (backdoor.rules) 7727 <-> Disabled <-> BACKDOOR reversable ver1.0 runtime detection - execute command (backdoor.rules) 7728 <-> Disabled <-> BACKDOOR radmin runtime detection - client-to-server (backdoor.rules) 7729 <-> Disabled <-> BACKDOOR radmin runtime detection - server-to-client (backdoor.rules) 7730 <-> Disabled <-> BACKDOOR outbreak_0.2.7 runtime detection - reverse connection (backdoor.rules) 7731 <-> Disabled <-> BACKDOOR outbreak_0.2.7 runtime detection - ring server-to-client (backdoor.rules) 7732 <-> Disabled <-> BACKDOOR outbreak_0.2.7 runtime detection - ring client-to-server (backdoor.rules) 7733 <-> Disabled <-> BACKDOOR outbreak_0.2.7 runtime detection - initial connection (backdoor.rules) 7734 <-> Disabled <-> BACKDOOR bionet 4.05 runtime detection - initial connection - flowbit set (backdoor.rules) 7735 <-> Disabled <-> BACKDOOR bionet 4.05 runtime detection - initial connection (backdoor.rules) 7736 <-> Disabled <-> BACKDOOR bionet 4.05 runtime detection - file manager - flowbit set (backdoor.rules) 7737 <-> Disabled <-> BACKDOOR bionet 4.05 runtime detection - file manager (backdoor.rules) 7738 <-> Disabled <-> BACKDOOR alexmessomalex runtime detection - initial connection (backdoor.rules) 7739 <-> Disabled <-> BACKDOOR alexmessomalex runtime detection - grab (backdoor.rules) 7740 <-> Disabled <-> BACKDOOR nova 1.0 runtime detection - initial connection with pwd set - flowbit set (backdoor.rules) 7741 <-> Disabled <-> BACKDOOR nova 1.0 runtime detection - initial connection with pwd set (backdoor.rules) 7742 <-> Disabled <-> BACKDOOR nova 1.0 runtime detection - cgi notification client-to-server (backdoor.rules) 7743 <-> Disabled <-> BACKDOOR nova 1.0 runtime detection - cgi notification server-to-client (backdoor.rules) 7744 <-> Disabled <-> BACKDOOR phoenix 2.1 runtime detection - flowbit set (backdoor.rules) 7745 <-> Disabled <-> BACKDOOR phoenix 2.1 runtime detection (backdoor.rules) 7746 <-> Disabled <-> BACKDOOR bobo 1.0 runtime detection - initial connection - flowbit set (backdoor.rules) 7747 <-> Disabled <-> BACKDOOR bobo 1.0 runtime detection - initial connection (backdoor.rules) 7748 <-> Disabled <-> BACKDOOR bobo 1.0 runtime detection - send message - flowbit set (backdoor.rules) 7749 <-> Disabled <-> BACKDOOR bobo 1.0 runtime detection - send message (backdoor.rules) 7750 <-> Disabled <-> BACKDOOR buschtrommel 1.22 runtime detection - initial connection - flowbit set 1 (backdoor.rules) 7751 <-> Disabled <-> BACKDOOR buschtrommel 1.22 runtime detection - initial connection - flowbit set 2 (backdoor.rules) 7752 <-> Disabled <-> BACKDOOR buschtrommel 1.22 runtime detection - initial connection (backdoor.rules) 7753 <-> Disabled <-> BACKDOOR buschtrommel 1.22 runtime detection - spy function - flowbit set 1 (backdoor.rules) 7754 <-> Disabled <-> BACKDOOR buschtrommel 1.22 runtime detection - spy function - flowbit set 2 (backdoor.rules) 7755 <-> Disabled <-> BACKDOOR buschtrommel 1.22 runtime detection - spy function (backdoor.rules) 7756 <-> Disabled <-> BACKDOOR beast 2.02 runtime detection - initial connection - flowbit set (backdoor.rules) 7757 <-> Disabled <-> BACKDOOR beast 2.02 runtime detection - initial connection (backdoor.rules) 7758 <-> Disabled <-> BACKDOOR glacier runtime detection - initial connection and directory browse (backdoor.rules) 7759 <-> Disabled <-> BACKDOOR glacier runtime detection - screen capture (backdoor.rules) 7760 <-> Disabled <-> BACKDOOR netthief runtime detection (backdoor.rules) 7761 <-> Disabled <-> BACKDOOR analftp 0.1 runtime detection - initial connection (backdoor.rules) 7762 <-> Disabled <-> BACKDOOR analftp 0.1 runtime detection - icq notification (backdoor.rules) 7763 <-> Disabled <-> BACKDOOR nt remote controller 2000 runtime detection - services client-to-server (backdoor.rules) 7764 <-> Disabled <-> BACKDOOR nt remote controller 2000 runtime detection - sysinfo client-to-server (backdoor.rules) 7765 <-> Disabled <-> BACKDOOR nt remote controller 2000 runtime detection - sysinfo server-to-client (backdoor.rules) 7766 <-> Disabled <-> BACKDOOR nt remote controller 2000 runtime detection - foldermonitor client-to-server (backdoor.rules) 7767 <-> Disabled <-> BACKDOOR nt remote controller 2000 runtime detection - foldermonitor server-to-client (backdoor.rules) 7768 <-> Disabled <-> BACKDOOR data rape runtime detection - execute program client-to-server (backdoor.rules) 7769 <-> Disabled <-> BACKDOOR data rape runtime detection - execute program server-to-client (backdoor.rules) 7770 <-> Disabled <-> BACKDOOR messiah 4.0 runtime detection - get server info - flowbit set (backdoor.rules) 7771 <-> Disabled <-> BACKDOOR messiah 4.0 runtime detection - get server info (backdoor.rules) 7772 <-> Disabled <-> BACKDOOR messiah 4.0 runtime detection - enable keylogger - flowbit set (backdoor.rules) 7773 <-> Disabled <-> BACKDOOR messiah 4.0 runtime detection - enable keylogger (backdoor.rules) 7774 <-> Disabled <-> BACKDOOR messiah 4.0 runtime detection - screen capture - flowbit set (backdoor.rules) 7775 <-> Disabled <-> BACKDOOR messiah 4.0 runtime detection - screen capture (backdoor.rules) 7776 <-> Disabled <-> BACKDOOR messiah 4.0 runtime detection - get drives - flowbit set (backdoor.rules) 7777 <-> Disabled <-> BACKDOOR messiah 4.0 runtime detection - get drives (backdoor.rules) 7778 <-> Disabled <-> BACKDOOR elfrat runtime detection - initial connection (backdoor.rules) 7779 <-> Disabled <-> BACKDOOR net devil 1.4 runtime detection - initial connection - flowbit set 1 (backdoor.rules) 7780 <-> Disabled <-> BACKDOOR net devil 1.4 runtime detection - initial connection - flowbit set 2 (backdoor.rules) 7781 <-> Disabled <-> BACKDOOR net devil 1.4 runtime detection - initial connection (backdoor.rules) 7782 <-> Disabled <-> BACKDOOR net devil 1.4 runtime detection - file manager - flowbit set (backdoor.rules) 7783 <-> Disabled <-> BACKDOOR net devil 1.4 runtime detection - file manager (backdoor.rules) 7784 <-> Disabled <-> BACKDOOR forced control uploader runtime detection - connection with password - flowbit set (backdoor.rules) 7785 <-> Disabled <-> BACKDOOR forced control uploader runtime detection - connection with password (backdoor.rules) 7786 <-> Disabled <-> BACKDOOR forced control uploader runtime detection directory listing - flowbit set 1 (backdoor.rules) 7787 <-> Disabled <-> BACKDOOR forced control uploader runtime detection directory listing - flowbit set 2 (backdoor.rules) 7788 <-> Disabled <-> BACKDOOR forced control uploader runtime detection directory listing - flowbit set 3 (backdoor.rules) 7789 <-> Disabled <-> BACKDOOR forced control uploader runtime detection directory listing - flowbit set 4 (backdoor.rules) 7790 <-> Disabled <-> BACKDOOR forced control uploader runtime detection directory listing (backdoor.rules) 7791 <-> Disabled <-> BACKDOOR remote anything 5.11.22 runtime detection - victim response (backdoor.rules) 7792 <-> Disabled <-> BACKDOOR remote anything 5.11.22 runtime detection - chat with victim (backdoor.rules) 7793 <-> Disabled <-> BACKDOOR remote anything 5.11.22 runtime detection - chat with attacker (backdoor.rules) Updated rules: 2382 <-> Disabled <-> NETBIOS SMB Session Setup NTMLSSP asn1 overflow attempt (netbios.rules) 2383 <-> Disabled <-> NETBIOS SMB-DS Session Setup NTMLSSP asn1 overflow attempt (netbios.rules) 3000 <-> Disabled <-> NETBIOS SMB Session Setup NTMLSSP unicode asn1 overflow attempt (netbios.rules) 3001 <-> Disabled <-> NETBIOS SMB Session Setup NTMLSSP andx asn1 overflow attempt (netbios.rules) 3002 <-> Disabled <-> NETBIOS SMB Session Setup NTMLSSP unicode andx asn1 overflow attempt (netbios.rules) 3003 <-> Disabled <-> NETBIOS SMB-DS Session Setup NTMLSSP unicode asn1 overflow attempt (netbios.rules) 3004 <-> Disabled <-> NETBIOS SMB-DS Session Setup NTMLSSP andx asn1 overflow attempt (netbios.rules) 3005 <-> Disabled <-> NETBIOS SMB-DS Session Setup NTMLSSP unicode andx asn1 overflow attempt (netbios.rules) 5318 <-> Disabled <-> WEB-CLIENT wmf file SetAbortProc arbitrary code execution attempt (web-client.rules) 5319 <-> Enabled <-> WEB-CLIENT Metasploit Windows picture and fax viewer wmf arbitrary code execution attempt (web-client.rules) 5710 <-> Enabled <-> WEB-CLIENT Windows Media Player Plugin for Non-IE browsers buffer overflow attempt (web-client.rules) 5846 <-> Disabled <-> SPYWARE-PUT Trickler vx2 or DLmax runtime detection (spyware-put.rules) 6009 <-> Enabled <-> WEB-CLIENT RDS.Dataspace ActiveX Object Access (web-client.rules) 6688 <-> Disabled <-> WEB-CLIENT PNG file transfer (web-client.rules) 6689 <-> Disabled <-> WEB-CLIENT Malformed PNG detected cHRM overflow attempt (web-client.rules) 6690 <-> Disabled <-> WEB-CLIENT Malformed PNG detected iCCP overflow attempt (web-client.rules) 6691 <-> Disabled <-> WEB-CLIENT Malformed PNG detected sBIT overflow attempt (web-client.rules) 6692 <-> Disabled <-> WEB-CLIENT Malformed PNG detected sRGB overflow attempt (web-client.rules) 6693 <-> Disabled <-> WEB-CLIENT Malformed PNG detected bKGD overflow attempt (web-client.rules) 6694 <-> Disabled <-> WEB-CLIENT Malformed PNG detected hIST overflow attempt (web-client.rules) 6695 <-> Disabled <-> WEB-CLIENT Malformed PNG detected tRNS overflow attempt (web-client.rules) 6696 <-> Disabled <-> WEB-CLIENT Malformed PNG detected pHYs overflow attempt (web-client.rules) 6697 <-> Disabled <-> WEB-CLIENT Malformed PNG detected sPLT overflow attempt (web-client.rules) 6698 <-> Disabled <-> WEB-CLIENT Malformed PNG detected tIME overflow attempt (web-client.rules) 6699 <-> Disabled <-> WEB-CLIENT Malformed PNG detected iTXt overflow attempt (web-client.rules) 6700 <-> Disabled <-> WEB-CLIENT Malformed PNG detected tEXt overflow attempt (web-client.rules) 6701 <-> Disabled <-> WEB-CLIENT Malformed PNG detected zTXt overflow attempt (web-client.rules) 7027 <-> Enabled <-> WEB-IIS frontpage server extensions 2002 cross site scripting attempt (web-iis.rules) 7028 <-> Enabled <-> WEB-IIS frontpage server extensions 2002 cross site scripting attempt (web-iis.rules) 7029 <-> Enabled <-> WEB-IIS frontpage server extensions 2002 cross site scripting attempt (web-iis.rules) 7422 <-> Enabled <-> EXPLOIT Microsoft MMC mmcndmgr.dll cross site scripting attempt (exploit.rules) 7423 <-> Enabled <-> EXPLOIT Microsoft MMC mmc.exe cross site scripting attempt (exploit.rules) 7424 <-> Enabled <-> EXPLOIT Microsoft MMC createcab.cmd cross site scripting attempt (exploit.rules) 7439 <-> Enabled <-> WEB-CLIENT HTML Help ActiveX CLSID access (web-client.rules) 7440 <-> Enabled <-> WEB-CLIENT HTML Help ActiveX CLSID unicode access (web-client.rules)
