Sourcefire VRT Update
Date: 2006-09-01
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.
The format of the file is:
sid - Message (rule group)
New rules: 7794 <-> Disabled <-> BACKDOOR fraggle rock 2.0 lite runtime detection - pc info - flowbit set (backdoor.rules) 7795 <-> Disabled <-> BACKDOOR incommand 1.7 runtime detection - init connection (backdoor.rules) 7796 <-> Disabled <-> BACKDOOR incommand 1.7 runtime detection - init connection (backdoor.rules) 7797 <-> Disabled <-> BACKDOOR incommand 1.7 runtime detection - file manage 1 (backdoor.rules) 7798 <-> Disabled <-> BACKDOOR incommand 1.7 runtime detection - file manage 1 (backdoor.rules) 7799 <-> Disabled <-> BACKDOOR incommand 1.7 runtime detection - file manage 2 (backdoor.rules) 7800 <-> Disabled <-> BACKDOOR incommand 1.7 runtime detection - file manage 2 (backdoor.rules) 7801 <-> Disabled <-> BACKDOOR portal of doom runtime detection - udp cts (backdoor.rules) 7802 <-> Disabled <-> BACKDOOR portal of doom runtime detection - udp stc (backdoor.rules) 7803 <-> Disabled <-> BACKDOOR war trojan ver1.0 runtime detection - send messages (backdoor.rules) 7804 <-> Disabled <-> BACKDOOR war trojan ver1.0 runtime detection - disable ctrl+alt+del (backdoor.rules) 7805 <-> Disabled <-> BACKDOOR war trojan ver1.0 runtime detection - ie hijacker (backdoor.rules) 7806 <-> Disabled <-> BACKDOOR fatal wound 1.0 runtime detection - initial connection (backdoor.rules) 7807 <-> Disabled <-> BACKDOOR fatal wound 1.0 runtime detection - execute file (backdoor.rules) 7808 <-> Disabled <-> BACKDOOR fatal wound 1.0 runtime detection - upload (backdoor.rules) 7809 <-> Disabled <-> BACKDOOR fatal wound 1.0 runtime detection - upload (backdoor.rules) 7810 <-> Disabled <-> BACKDOOR nuclear uploader 1.0 runtime detection (backdoor.rules) 7811 <-> Disabled <-> BACKDOOR abacab runtime detection - telnet initial (backdoor.rules) 7812 <-> Disabled <-> BACKDOOR abacab runtime detection - banner (backdoor.rules) 7813 <-> Disabled <-> BACKDOOR darkmoon initial connection detection - cts (backdoor.rules) 7814 <-> Disabled <-> BACKDOOR darkmoon initial connection detection - stc (backdoor.rules) 7815 <-> Disabled <-> BACKDOOR darkmoon reverse connection detection - stc (backdoor.rules) 7816 <-> Disabled <-> BACKDOOR darkmoon reverse connection detection - cts (backdoor.rules) 7817 <-> Disabled <-> BACKDOOR infector v1.0 runtime detection - init conn (backdoor.rules) 7818 <-> Disabled <-> BACKDOOR infector v1.0 runtime detection - init conn (backdoor.rules) 7819 <-> Disabled <-> BACKDOOR nightcreature beta 0.01 runtime detection (backdoor.rules) 7820 <-> Disabled <-> BACKDOOR nightcreature beta 0.01 runtime detection (backdoor.rules) 7821 <-> Disabled <-> BACKDOOR nightcreature beta 0.01 runtime detection (backdoor.rules) 7822 <-> Disabled <-> BACKDOOR xbkdr runtime detection (backdoor.rules) 7823 <-> Disabled <-> SPYWARE-PUT Adware whenu runtime detection - datachunksgz (spyware-put.rules) 7824 <-> Disabled <-> SPYWARE-PUT Trickler whenu.clocksync runtime detection (spyware-put.rules) 7825 <-> Disabled <-> SPYWARE-PUT Adware whenu.savenow runtime detection (spyware-put.rules) 7826 <-> Disabled <-> SPYWARE-PUT Trickler whenu.weathercast runtime detection - check (spyware-put.rules) 7827 <-> Disabled <-> SPYWARE-PUT Adware whenu runtime detection - search request 1 (spyware-put.rules) 7828 <-> Disabled <-> SPYWARE-PUT Adware whenu runtime detection - search request 2 (spyware-put.rules) 7829 <-> Disabled <-> SPYWARE-PUT Adware gator user-agent detected (spyware-put.rules) 7830 <-> Disabled <-> SPYWARE-PUT Botnet dacryptic runtime detection (spyware-put.rules) 7831 <-> Disabled <-> SPYWARE-PUT Adware downloadplus runtime detection (spyware-put.rules) 7832 <-> Disabled <-> SPYWARE-PUT Hijacker navexcel helper runtime detection - active/update (spyware-put.rules) 7833 <-> Disabled <-> SPYWARE-PUT Hijacker navexcel helper runtime detection - search (spyware-put.rules) 7834 <-> Disabled <-> SPYWARE-PUT Hacker-Tool nettracker runtime detection - report browsing (spyware-put.rules) 7835 <-> Disabled <-> SPYWARE-PUT Hacker-Tool nettracker runtime detection - report browsing (spyware-put.rules) 7836 <-> Disabled <-> SPYWARE-PUT Hacker-Tool nettracker runtime detection - report send through email (spyware-put.rules) 7837 <-> Disabled <-> SPYWARE-PUT Keylogger spyoutside runtime detection - email delivery (spyware-put.rules) 7838 <-> Disabled <-> SPYWARE-PUT Adware smiley central runtime detection (spyware-put.rules) 7839 <-> Disabled <-> SPYWARE-PUT Hijacker rx toolbar runtime detection (spyware-put.rules) 7840 <-> Disabled <-> SPYWARE-PUT Hijacker instafinder initial configuration detection (spyware-put.rules) 7841 <-> Disabled <-> SPYWARE-PUT Hijacker instafinder error redirect detection (spyware-put.rules) 7842 <-> Disabled <-> SPYWARE-PUT hacker tool davps runtime detection (spyware-put.rules) 7843 <-> Disabled <-> SPYWARE-PUT Hijacker avenuemedia.dyfuca runtime detection - search engine hijack (spyware-put.rules) 7844 <-> Disabled <-> SPYWARE-PUT Hijacker avenuemedia.dyfuca runtime detection - post data (spyware-put.rules) 7845 <-> Disabled <-> SPYWARE-PUT Keylogger clogger 1.0 runtime detection (spyware-put.rules) 7846 <-> Disabled <-> SPYWARE-PUT Keylogger clogger 1.0 runtime detection (spyware-put.rules) 7847 <-> Disabled <-> SPYWARE-PUT Keylogger clogger 1.0 runtime detection - send log through email (spyware-put.rules) 7848 <-> Disabled <-> SPYWARE-PUT Hijacker netguide runtime detection (spyware-put.rules) 7849 <-> Disabled <-> SPYWARE-PUT Trickler maxsearch runtime detection - toolbar download (spyware-put.rules) 7850 <-> Disabled <-> SPYWARE-PUT Trickler maxsearch runtime detection - retrieve command (spyware-put.rules) 7851 <-> Disabled <-> SPYWARE-PUT Trickler maxsearch runtime detection - ack (spyware-put.rules) 7852 <-> Disabled <-> SPYWARE-PUT Trickler maxsearch runtime detection - advertisement (spyware-put.rules) 7853 <-> Disabled <-> SPYWARE-PUT Adware web-nexus runtime detection - ad url 1 (spyware-put.rules) 7854 <-> Disabled <-> SPYWARE-PUT Adware web-nexus runtime detection - config retrieval (spyware-put.rules) 7855 <-> Disabled <-> SPYWARE-PUT Adware web-nexus runtime detection - ad url 2 (spyware-put.rules) 7856 <-> Disabled <-> SPYWARE-PUT Trackware winsysba-a runtime detection - track surfing activity (spyware-put.rules) 7857 <-> Disabled <-> SPYWARE-PUT Keylogger EliteKeylogger runtime detection (spyware-put.rules) 7858 <-> Disabled <-> POLICY Google Desktop initial install - firstuse request (policy.rules) 7859 <-> Disabled <-> POLICY Google Desktop initial install - installer request (policy.rules) 7860 <-> Disabled <-> POLICY Google Desktop search query (policy.rules) 7861 <-> Disabled <-> POLICY Google Desktop activity (policy.rules) 7862 <-> Enabled <-> WEB-CLIENT McSubMgr.IsAppExpired ActiveX function call access (web-client.rules) 7863 <-> Enabled <-> WEB-CLIENT McSubMgr.IsOldAppInstalled ActiveX function call access (web-client.rules) 7864 <-> Enabled <-> WEB-CLIENT McSubMgr ActiveX CLSID access (web-client.rules) 7865 <-> Enabled <-> WEB-CLIENT McSubMgr ActiveX CLSID unicode access (web-client.rules) 7866 <-> Enabled <-> WEB-CLIENT ADODB.Connection ActiveX CLSID access (web-client.rules) 7867 <-> Enabled <-> WEB-CLIENT ADODB.Connection ActiveX CLSID unicode access (web-client.rules) 7868 <-> Enabled <-> WEB-CLIENT ADODB.Recordset ActiveX CLSID access (web-client.rules) 7869 <-> Enabled <-> WEB-CLIENT ADODB.Recordset ActiveX CLSID unicode access (web-client.rules) 7870 <-> Enabled <-> WEB-CLIENT Microsoft Office Data Source Control 9.0 ActiveX CLSID access (web-client.rules) 7871 <-> Enabled <-> WEB-CLIENT Microsoft Office Data Source Control 9.0 ActiveX CLSID unicode access (web-client.rules) 7872 <-> Enabled <-> WEB-CLIENT Microsoft Office Spreadsheet 10.0 ActiveX CLSID access (web-client.rules) 7873 <-> Enabled <-> WEB-CLIENT Microsoft Office Spreadsheet 10.0 ActiveX CLSID unicode access (web-client.rules) 7874 <-> Enabled <-> WEB-CLIENT Microsoft Office PivotTable 10.0 ActiveX CLSID access (web-client.rules) 7875 <-> Enabled <-> WEB-CLIENT Microsoft Office PivotTable 10.0 ActiveX CLSID unicode access (web-client.rules) 7876 <-> Enabled <-> WEB-CLIENT Microsoft Office Data Source Control 10.0 ActiveX CLSID access (web-client.rules) 7877 <-> Enabled <-> WEB-CLIENT Microsoft Office Data Source Control 10.0 ActiveX CLSID unicode access (web-client.rules) 7878 <-> Enabled <-> WEB-CLIENT AxMetaStream.MetaStreamCtl ActiveX CLSID access (web-client.rules) 7879 <-> Enabled <-> WEB-CLIENT AxMetaStream.MetaStreamCtl ActiveX CLSID unicode access (web-client.rules) 7880 <-> Enabled <-> WEB-CLIENT AxMetaStream.MetaStreamCtlSecondary ActiveX CLSID access (web-client.rules) 7881 <-> Enabled <-> WEB-CLIENT AxMetaStream.MetaStreamCtlSecondary ActiveX CLSID unicode access (web-client.rules) 7882 <-> Enabled <-> WEB-CLIENT AccSync.AccSubNotHandler ActiveX CLSID access (web-client.rules) 7883 <-> Enabled <-> WEB-CLIENT AccSync.AccSubNotHandler ActiveX CLSID unicode access (web-client.rules) 7884 <-> Enabled <-> WEB-CLIENT AolCalSvr.ACCalendarListCtrl ActiveX CLSID access (web-client.rules) 7885 <-> Enabled <-> WEB-CLIENT AolCalSvr.ACCalendarListCtrl ActiveX CLSID unicode access (web-client.rules) 7886 <-> Enabled <-> WEB-CLIENT AolCalSvr.ACDictionary ActiveX CLSID access (web-client.rules) 7887 <-> Enabled <-> WEB-CLIENT AolCalSvr.ACDictionary ActiveX CLSID unicode access (web-client.rules) 7888 <-> Enabled <-> WEB-CLIENT AOLFlash.AOLFlash ActiveX CLSID access (web-client.rules) 7889 <-> Enabled <-> WEB-CLIENT AOLFlash.AOLFlash ActiveX CLSID unicode access (web-client.rules) 7890 <-> Enabled <-> WEB-CLIENT AOL.MemExpWz ActiveX CLSID access (web-client.rules) 7891 <-> Enabled <-> WEB-CLIENT AOL.MemExpWz ActiveX CLSID unicode access (web-client.rules) 7892 <-> Enabled <-> WEB-CLIENT AOL Phobos Class ActiveX CLSID access (web-client.rules) 7893 <-> Enabled <-> WEB-CLIENT AOL Phobos Class ActiveX CLSID unicode access (web-client.rules) 7894 <-> Enabled <-> WEB-CLIENT AOL.PicDownloadCtrl ActiveX CLSID access (web-client.rules) 7895 <-> Enabled <-> WEB-CLIENT AOL.PicDownloadCtrl ActiveX CLSID unicode access (web-client.rules) 7896 <-> Enabled <-> WEB-CLIENT AOL.PicEditCtrl ActiveX CLSID access (web-client.rules) 7897 <-> Enabled <-> WEB-CLIENT AOL.PicEditCtrl ActiveX CLSID unicode access (web-client.rules) 7898 <-> Enabled <-> WEB-CLIENT AOL.PicSsvrCtrl ActiveX CLSID access (web-client.rules) 7899 <-> Enabled <-> WEB-CLIENT AOL.PicSsvrCtrl ActiveX CLSID unicode access (web-client.rules) 7900 <-> Enabled <-> WEB-CLIENT AOL.UPFCtrl ActiveX CLSID access (web-client.rules) 7901 <-> Enabled <-> WEB-CLIENT AOL.UPFCtrl ActiveX CLSID unicode access (web-client.rules) 7902 <-> Enabled <-> WEB-CLIENT CDDBControlAOL.CDDBAOLControl ActiveX CLSID access (web-client.rules) 7903 <-> Enabled <-> WEB-CLIENT CDDBControlAOL.CDDBAOLControl ActiveX CLSID unicode access (web-client.rules) 7904 <-> Enabled <-> WEB-CLIENT CDL Asychronous Pluggable Protocol Handler ActiveX CLSID access (web-client.rules) 7905 <-> Enabled <-> WEB-CLIENT CDL Asychronous Pluggable Protocol Handler ActiveX CLSID unicode access (web-client.rules) 7906 <-> Enabled <-> WEB-CLIENT CDO.KnowledgeSearchFolder ActiveX CLSID access (web-client.rules) 7907 <-> Enabled <-> WEB-CLIENT CDO.KnowledgeSearchFolder ActiveX CLSID unicode access (web-client.rules) 7908 <-> Enabled <-> WEB-CLIENT DXImageTransform.Microsoft.Chroma ActiveX CLSID access (web-client.rules) 7909 <-> Enabled <-> WEB-CLIENT DXImageTransform.Microsoft.Chroma ActiveX CLSID unicode access (web-client.rules) 7910 <-> Enabled <-> WEB-CLIENT DXImageTransform.Microsoft.DropShadow ActiveX CLSID access (web-client.rules) 7911 <-> Enabled <-> WEB-CLIENT DXImageTransform.Microsoft.DropShadow ActiveX CLSID unicode access (web-client.rules) 7912 <-> Enabled <-> WEB-CLIENT DX3DTransform.Microsoft.Shapes ActiveX CLSID access (web-client.rules) 7913 <-> Enabled <-> WEB-CLIENT DX3DTransform.Microsoft.Shapes ActiveX CLSID unicode access (web-client.rules) 7914 <-> Enabled <-> WEB-CLIENT DXImageTransform.Microsoft.NDFXArtEffects ActiveX CLSID access (web-client.rules) 7915 <-> Enabled <-> WEB-CLIENT DXImageTransform.Microsoft.NDFXArtEffects ActiveX CLSID unicode access (web-client.rules) 7916 <-> Enabled <-> WEB-CLIENT CLSID_IMimeInternational ActiveX CLSID access (web-client.rules) 7917 <-> Enabled <-> WEB-CLIENT CLSID_IMimeInternational ActiveX CLSID unicode access (web-client.rules) 7918 <-> Enabled <-> WEB-CLIENT CoAxTrackVideo Class ActiveX CLSID access (web-client.rules) 7919 <-> Enabled <-> WEB-CLIENT CoAxTrackVideo Class ActiveX CLSID unicode access (web-client.rules) 7920 <-> Enabled <-> WEB-CLIENT DsPropertyPages.OU ActiveX CLSID access (web-client.rules) 7921 <-> Enabled <-> WEB-CLIENT DsPropertyPages.OU ActiveX CLSID unicode access (web-client.rules) 7922 <-> Enabled <-> WEB-CLIENT DXImageTransform.Microsoft.RevealTrans ActiveX CLSID access (web-client.rules) 7923 <-> Enabled <-> WEB-CLIENT DXImageTransform.Microsoft.RevealTrans ActiveX CLSID unicode access (web-client.rules) 7924 <-> Enabled <-> WEB-CLIENT DXImageTransform.Microsoft.Shadow ActiveX CLSID access (web-client.rules) 7925 <-> Enabled <-> WEB-CLIENT DXImageTransform.Microsoft.Shadow ActiveX CLSID unicode access (web-client.rules) 7926 <-> Enabled <-> WEB-CLIENT DXTFilter ActiveX CLSID access (web-client.rules) 7927 <-> Enabled <-> WEB-CLIENT DXTFilter ActiveX CLSID unicode access (web-client.rules) 7928 <-> Enabled <-> WEB-CLIENT file or local Asychronous Pluggable Protocol Handler ActiveX CLSID access (web-client.rules) 7929 <-> Enabled <-> WEB-CLIENT file or local Asychronous Pluggable Protocol Handler ActiveX CLSID unicode access (web-client.rules) 7930 <-> Enabled <-> WEB-CLIENT FolderItem2 ActiveX CLSID access (web-client.rules) 7931 <-> Enabled <-> WEB-CLIENT FolderItem2 ActiveX CLSID unicode access (web-client.rules) 7932 <-> Enabled <-> WEB-CLIENT FolderItems3 ActiveX CLSID access (web-client.rules) 7933 <-> Enabled <-> WEB-CLIENT FolderItems3 ActiveX CLSID unicode access (web-client.rules) 7934 <-> Enabled <-> WEB-CLIENT ftp Asychronous Pluggable Protocol Handler ActiveX CLSID access (web-client.rules) 7935 <-> Enabled <-> WEB-CLIENT ftp Asychronous Pluggable Protocol Handler ActiveX CLSID unicode access (web-client.rules) 7936 <-> Enabled <-> WEB-CLIENT DXImageTransform.Microsoft.Glow ActiveX CLSID access (web-client.rules) 7937 <-> Enabled <-> WEB-CLIENT DXImageTransform.Microsoft.Glow ActiveX CLSID unicode access (web-client.rules) 7938 <-> Enabled <-> WEB-CLIENT gopher Asychronous Pluggable Protocol Handler ActiveX CLSID access (web-client.rules) 7939 <-> Enabled <-> WEB-CLIENT gopher Asychronous Pluggable Protocol Handler ActiveX CLSID unicode access (web-client.rules) 7940 <-> Enabled <-> WEB-CLIENT DXImageTransform.Microsoft.Gradient ActiveX CLSID access (web-client.rules) 7941 <-> Enabled <-> WEB-CLIENT DXImageTransform.Microsoft.Gradient ActiveX CLSID unicode access (web-client.rules) 7942 <-> Enabled <-> WEB-CLIENT http Asychronous Pluggable Protocol Handler ActiveX CLSID access (web-client.rules) 7943 <-> Enabled <-> WEB-CLIENT http Asychronous Pluggable Protocol Handler ActiveX CLSID unicode access (web-client.rules) 7944 <-> Enabled <-> WEB-CLIENT https Asychronous Pluggable Protocol Handler ActiveX CLSID access (web-client.rules) 7945 <-> Enabled <-> WEB-CLIENT https Asychronous Pluggable Protocol Handler ActiveX CLSID unicode access (web-client.rules) 7946 <-> Enabled <-> WEB-CLIENT DXImageTransform.Microsoft.MaskFilter ActiveX CLSID access (web-client.rules) 7947 <-> Enabled <-> WEB-CLIENT DXImageTransform.Microsoft.MaskFilter ActiveX CLSID unicode access (web-client.rules) 7948 <-> Enabled <-> WEB-CLIENT Microsoft Common Browser Architecture ActiveX CLSID access (web-client.rules) 7949 <-> Enabled <-> WEB-CLIENT Microsoft Common Browser Architecture ActiveX CLSID unicode access (web-client.rules) 7950 <-> Enabled <-> WEB-CLIENT Microsoft DirectAnimation Control ActiveX CLSID access (web-client.rules) 7951 <-> Enabled <-> WEB-CLIENT Microsoft DirectAnimation Control ActiveX CLSID unicode access (web-client.rules) 7952 <-> Enabled <-> WEB-CLIENT Microsoft DirectAnimation Windowed Control ActiveX CLSID access (web-client.rules) 7953 <-> Enabled <-> WEB-CLIENT Microsoft DirectAnimation Windowed Control ActiveX CLSID unicode access (web-client.rules) 7954 <-> Enabled <-> WEB-CLIENT Microsoft Forms 2.0 ComboBox ActiveX CLSID access (web-client.rules) 7955 <-> Enabled <-> WEB-CLIENT Microsoft Forms 2.0 ComboBox ActiveX CLSID unicode access (web-client.rules) 7956 <-> Enabled <-> WEB-CLIENT Microsoft Forms 2.0 ListBox ActiveX CLSID access (web-client.rules) 7957 <-> Enabled <-> WEB-CLIENT Microsoft Forms 2.0 ListBox ActiveX CLSID unicode access (web-client.rules) 7958 <-> Enabled <-> WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID access (web-client.rules) 7959 <-> Enabled <-> WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID unicode access (web-client.rules) 7960 <-> Enabled <-> WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID access (web-client.rules) 7961 <-> Enabled <-> WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID unicode access (web-client.rules) 7962 <-> Enabled <-> WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID access (web-client.rules) 7963 <-> Enabled <-> WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID unicode access (web-client.rules) 7964 <-> Enabled <-> WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID access (web-client.rules) 7965 <-> Enabled <-> WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID unicode access (web-client.rules) 7966 <-> Enabled <-> WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID access (web-client.rules) 7967 <-> Enabled <-> WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID unicode access (web-client.rules) 7968 <-> Enabled <-> WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID access (web-client.rules) 7969 <-> Enabled <-> WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID unicode access (web-client.rules) 7970 <-> Enabled <-> WEB-CLIENT PostBootReminder object ActiveX CLSID access (web-client.rules) 7971 <-> Enabled <-> WEB-CLIENT PostBootReminder object ActiveX CLSID unicode access (web-client.rules) 7972 <-> Enabled <-> WEB-CLIENT RealPlayer G2 Control ActiveX CLSID access (web-client.rules) 7973 <-> Enabled <-> WEB-CLIENT RealPlayer G2 Control ActiveX CLSID unicode access (web-client.rules) 7974 <-> Enabled <-> WEB-CLIENT Rendezvous Class ActiveX CLSID access (web-client.rules) 7975 <-> Enabled <-> WEB-CLIENT Rendezvous Class ActiveX CLSID unicode access (web-client.rules) 7976 <-> Enabled <-> WEB-CLIENT ShellFolder for CD Burning ActiveX CLSID access (web-client.rules) 7977 <-> Enabled <-> WEB-CLIENT ShellFolder for CD Burning ActiveX CLSID unicode access (web-client.rules) 7978 <-> Enabled <-> WEB-CLIENT ShockwaveFlash.ShockwaveFlash ActiveX CLSID access (web-client.rules) 7979 <-> Enabled <-> WEB-CLIENT ShockwaveFlash.ShockwaveFlash ActiveX CLSID unicode access (web-client.rules) 7980 <-> Enabled <-> WEB-CLIENT ShockwaveFlash.ShockwaveFlash.9 ActiveX function call access (web-client.rules) 7981 <-> Enabled <-> WEB-CLIENT Snapshot Viewer General Property Page Object ActiveX CLSID access (web-client.rules) 7982 <-> Enabled <-> WEB-CLIENT Snapshot Viewer General Property Page Object ActiveX CLSID unicode access (web-client.rules) 7983 <-> Enabled <-> WEB-CLIENT SuperBuddy Class ActiveX CLSID access (web-client.rules) 7984 <-> Enabled <-> WEB-CLIENT SuperBuddy Class ActiveX CLSID unicode access (web-client.rules) 7985 <-> Enabled <-> WEB-CLIENT WebViewFolderIcon.WebViewFolderIcon.1 ActiveX CLSID access (web-client.rules) 7986 <-> Enabled <-> WEB-CLIENT WebViewFolderIcon.WebViewFolderIcon.1 ActiveX CLSID unicode access (web-client.rules) 7987 <-> Enabled <-> WEB-CLIENT WebViewFolderIcon.WebViewFolderIcon.2 ActiveX CLSID access (web-client.rules) 7988 <-> Enabled <-> WEB-CLIENT WebViewFolderIcon.WebViewFolderIcon.2 ActiveX CLSID unicode access (web-client.rules) 7989 <-> Enabled <-> WEB-CLIENT WIA FileSystem USD ActiveX CLSID access (web-client.rules) 7990 <-> Enabled <-> WEB-CLIENT WIA FileSystem USD ActiveX CLSID unicode access (web-client.rules) 7991 <-> Enabled <-> WEB-CLIENT ACM Class Manager ActiveX CLSID access (web-client.rules) 7992 <-> Enabled <-> WEB-CLIENT ACM Class Manager ActiveX CLSID unicode access (web-client.rules) 7993 <-> Enabled <-> WEB-CLIENT clbcatex.dll ActiveX CLSID access (web-client.rules) 7994 <-> Enabled <-> WEB-CLIENT clbcatex.dll ActiveX CLSID unicode access (web-client.rules) 7995 <-> Enabled <-> WEB-CLIENT clbcatq.dll ActiveX CLSID access (web-client.rules) 7996 <-> Enabled <-> WEB-CLIENT clbcatq.dll ActiveX CLSID unicode access (web-client.rules) 7997 <-> Enabled <-> WEB-CLIENT CLSID_ApprenticeICW ActiveX CLSID access (web-client.rules) 7998 <-> Enabled <-> WEB-CLIENT CLSID_ApprenticeICW ActiveX CLSID unicode access (web-client.rules) 7999 <-> Enabled <-> WEB-CLIENT CLSID_CDIDeviceActionConfigPage ActiveX CLSID access (web-client.rules) 8000 <-> Enabled <-> WEB-CLIENT CLSID_CDIDeviceActionConfigPage ActiveX CLSID unicode access (web-client.rules) 8001 <-> Enabled <-> WEB-CLIENT CommunicationManager ActiveX CLSID access (web-client.rules) 8002 <-> Enabled <-> WEB-CLIENT CommunicationManager ActiveX CLSID unicode access (web-client.rules) 8003 <-> Enabled <-> WEB-CLIENT Content.mbcontent.1 ActiveX CLSID access (web-client.rules) 8004 <-> Enabled <-> WEB-CLIENT Content.mbcontent.1 ActiveX CLSID unicode access (web-client.rules) 8005 <-> Enabled <-> WEB-CLIENT DiskManagement.Connection ActiveX CLSID access (web-client.rules) 8006 <-> Enabled <-> WEB-CLIENT DiskManagement.Connection ActiveX CLSID unicode access (web-client.rules) 8007 <-> Enabled <-> WEB-CLIENT Dutch_Dutch Stemmer ActiveX CLSID access (web-client.rules) 8008 <-> Enabled <-> WEB-CLIENT Dutch_Dutch Stemmer ActiveX CLSID unicode access (web-client.rules) 8009 <-> Enabled <-> WEB-CLIENT English_UK Stemmer ActiveX CLSID access (web-client.rules) 8010 <-> Enabled <-> WEB-CLIENT English_UK Stemmer ActiveX CLSID unicode access (web-client.rules) 8011 <-> Enabled <-> WEB-CLIENT English_US Stemmer ActiveX CLSID access (web-client.rules) 8012 <-> Enabled <-> WEB-CLIENT English_US Stemmer ActiveX CLSID unicode access (web-client.rules) 8013 <-> Enabled <-> WEB-CLIENT French_French Stemmer ActiveX CLSID access (web-client.rules) 8014 <-> Enabled <-> WEB-CLIENT French_French Stemmer ActiveX CLSID unicode access (web-client.rules) 8015 <-> Enabled <-> WEB-CLIENT German_German Stemmer ActiveX CLSID access (web-client.rules) 8016 <-> Enabled <-> WEB-CLIENT German_German Stemmer ActiveX CLSID unicode access (web-client.rules) 8017 <-> Enabled <-> WEB-CLIENT ICM Class Manager ActiveX CLSID access (web-client.rules) 8018 <-> Enabled <-> WEB-CLIENT ICM Class Manager ActiveX CLSID unicode access (web-client.rules) 8019 <-> Enabled <-> WEB-CLIENT Internet Explorer Address Bar ActiveX CLSID access (web-client.rules) 8020 <-> Enabled <-> WEB-CLIENT Internet Explorer Address Bar ActiveX CLSID unicode access (web-client.rules) 8021 <-> Enabled <-> WEB-CLIENT ISSimpleCommandCreator.1 ActiveX CLSID access (web-client.rules) 8022 <-> Enabled <-> WEB-CLIENT ISSimpleCommandCreator.1 ActiveX CLSID unicode access (web-client.rules) 8023 <-> Enabled <-> WEB-CLIENT Italian_Italian Stemmer ActiveX CLSID access (web-client.rules) 8024 <-> Enabled <-> WEB-CLIENT Italian_Italian Stemmer ActiveX CLSID unicode access (web-client.rules) 8025 <-> Enabled <-> WEB-CLIENT Microsoft HTML Window Security Proxy ActiveX CLSID access (web-client.rules) 8026 <-> Enabled <-> WEB-CLIENT Microsoft HTML Window Security Proxy ActiveX CLSID unicode access (web-client.rules) 8027 <-> Enabled <-> WEB-CLIENT Microsoft WBEM Event Subsystem ActiveX CLSID access (web-client.rules) 8028 <-> Enabled <-> WEB-CLIENT Microsoft WBEM Event Subsystem ActiveX CLSID unicode access (web-client.rules) 8029 <-> Enabled <-> WEB-CLIENT MidiOut Class Manager ActiveX CLSID access (web-client.rules) 8030 <-> Enabled <-> WEB-CLIENT MidiOut Class Manager ActiveX CLSID unicode access (web-client.rules) 8031 <-> Enabled <-> WEB-CLIENT Mslablti.MarshalableTI.1 ActiveX CLSID access (web-client.rules) 8032 <-> Enabled <-> WEB-CLIENT Mslablti.MarshalableTI.1 ActiveX CLSID unicode access (web-client.rules) 8033 <-> Enabled <-> WEB-CLIENT QC.MessageMover.1 ActiveX CLSID access (web-client.rules) 8034 <-> Enabled <-> WEB-CLIENT QC.MessageMover.1 ActiveX CLSID unicode access (web-client.rules) 8035 <-> Enabled <-> WEB-CLIENT Spanish_Modern Stemmer ActiveX CLSID access (web-client.rules) 8036 <-> Enabled <-> WEB-CLIENT Spanish_Modern Stemmer ActiveX CLSID unicode access (web-client.rules) 8037 <-> Enabled <-> WEB-CLIENT Swedish_Default Stemmer ActiveX CLSID access (web-client.rules) 8038 <-> Enabled <-> WEB-CLIENT Swedish_Default Stemmer ActiveX CLSID unicode access (web-client.rules) 8039 <-> Enabled <-> WEB-CLIENT syncui.dll ActiveX CLSID access (web-client.rules) 8040 <-> Enabled <-> WEB-CLIENT syncui.dll ActiveX CLSID unicode access (web-client.rules) 8041 <-> Enabled <-> WEB-CLIENT VFW Capture Class Manager ActiveX CLSID access (web-client.rules) 8042 <-> Enabled <-> WEB-CLIENT VFW Capture Class Manager ActiveX CLSID unicode access (web-client.rules) 8043 <-> Enabled <-> WEB-CLIENT Video Effect Class Manager 1 Input ActiveX CLSID access (web-client.rules) 8044 <-> Enabled <-> WEB-CLIENT Video Effect Class Manager 1 Input ActiveX CLSID unicode access (web-client.rules) 8045 <-> Enabled <-> WEB-CLIENT Video Effect Class Manager 2 Input ActiveX CLSID access (web-client.rules) 8046 <-> Enabled <-> WEB-CLIENT Video Effect Class Manager 2 Input ActiveX CLSID unicode access (web-client.rules) 8047 <-> Enabled <-> WEB-CLIENT WaveIn Class Manager ActiveX CLSID access (web-client.rules) 8048 <-> Enabled <-> WEB-CLIENT WaveIn Class Manager ActiveX CLSID unicode access (web-client.rules) 8049 <-> Enabled <-> WEB-CLIENT WaveOut and DSound Class Manager ActiveX CLSID access (web-client.rules) 8050 <-> Enabled <-> WEB-CLIENT WaveOut and DSound Class Manager ActiveX CLSID unicode access (web-client.rules) 8051 <-> Enabled <-> WEB-CLIENT WDM Instance Provider ActiveX CLSID access (web-client.rules) 8052 <-> Enabled <-> WEB-CLIENT WDM Instance Provider ActiveX CLSID unicode access (web-client.rules) 8053 <-> Enabled <-> WEB-CLIENT DirectAnimation.PathControl ActiveX CLSID access (web-client.rules) 8054 <-> Enabled <-> WEB-CLIENT DirectAnimation.PathControl ActiveX CLSID unicode access (web-client.rules) 8055 <-> Enabled <-> WEB-CLIENT DirectAnimation.PathControl ActiveX function call access (web-client.rules) 8056 <-> Disabled <-> DOS ISC DHCP server 2 client_id length denial of service attempt (dos.rules) 8057 <-> Enabled <-> MYSQL Date_Format denial of service attempt (mysql.rules) 8058 <-> Enabled <-> WEB-CLIENT Mozilla javascript navigator object access (web-client.rules) 8059 <-> Enabled <-> ORACLE SYS.KUPW-WORKER sql injection attempt (oracle.rules) 8060 <-> Enabled <-> EXPLOIT UltraVNC VNCLog Buffer Overflow (exploit.rules) Updated rules: 117 <-> Disabled <-> BACKDOOR Infector.1.x (backdoor.rules) 120 <-> Disabled <-> DELETED BACKDOOR Infector 1.6 Server to Client (deleted.rules) 146 <-> Disabled <-> BACKDOOR NetSphere access (backdoor.rules) 155 <-> Disabled <-> DELETED BACKDOOR NetSphere 1.31.337 access (deleted.rules) 553 <-> Disabled <-> POLICY FTP anonymous login attempt (policy.rules) 637 <-> Enabled <-> SCAN Webtrends Scanner UDP Probe (scan.rules) 1019 <-> Enabled <-> WEB-IIS Malformed Hit-Highlighting Argument File Access Attempt (web-iis.rules) 1022 <-> Enabled <-> WEB-IIS jet vba access (web-iis.rules) 1023 <-> Enabled <-> WEB-IIS msadcs.dll access (web-iis.rules) 1032 <-> Disabled <-> WEB-IIS showcode access (web-iis.rules) 1033 <-> Disabled <-> WEB-IIS viewcode access (web-iis.rules) 1034 <-> Disabled <-> WEB-IIS viewcode access (web-iis.rules) 1035 <-> Disabled <-> WEB-IIS viewcode access (web-iis.rules) 1036 <-> Disabled <-> WEB-IIS viewcode access (web-iis.rules) 2067 <-> Disabled <-> WEB-MISC Lotus Notes .exe script source download attempt (web-misc.rules) 2181 <-> Disabled <-> P2P BitTorrent transfer (p2p.rules) 2435 <-> Enabled <-> WEB-CLIENT Microsoft emf metafile access (web-client.rules) 3082 <-> Disabled <-> BACKDOOR Y3KRAT 1.5 Connect Client Response (backdoor.rules) 3083 <-> Disabled <-> BACKDOOR Y3KRAT 1.5 Connection confirmation (backdoor.rules) 3682 <-> Disabled <-> SMTP spoofed MIME-Type auto-execution attempt (smtp.rules) 4136 <-> Disabled <-> WEB-CLIENT IE JPEG heap overflow multipacket attempt (web-client.rules) 5846 <-> Disabled <-> SPYWARE-PUT Trickler VX2/DLmax/BestOffers/Aurora runtime detection (spyware-put.rules) 5871 <-> Disabled <-> SPYWARE-PUT Trickler VX2/ABetterInternet transponder thinstaller runtime detection - post information (spyware-put.rules) 6209 <-> Disabled <-> SPYWARE-PUT Adware deskwizz/zquest runtime detection - get config information / ad banner (spyware-put.rules) 7021 <-> Disabled <-> DOS linux kernel SCTP chunkless packet denial of service attempt (dos.rules) 7058 <-> Disabled <-> BACKDOOR charon runtime detection - download file flowbit 1 (backdoor.rules) 7059 <-> Disabled <-> BACKDOOR charon runtime detection - download file/log flowbit 2 (backdoor.rules) 7060 <-> Disabled <-> BACKDOOR charon runtime detection - download file/log (backdoor.rules) 7061 <-> Disabled <-> BACKDOOR charon runtime detection - download log flowbit 1 (backdoor.rules) 7062 <-> Disabled <-> DELETED BACKDOOR charon runtime detection - download log flowbit 2 (deleted.rules) 7063 <-> Disabled <-> DELETED BACKDOOR charon runtime detection - download log (deleted.rules) 7165 <-> Disabled <-> SPYWARE-PUT Keylogger ab system spy runtime detection - information exchange - flowbit set 1 (spyware-put.rules) 7166 <-> Disabled <-> SPYWARE-PUT Keylogger ab system spy runtime detection - information exchange - flowbit set 2 (spyware-put.rules) 7167 <-> Disabled <-> SPYWARE-PUT Keylogger ab system spy runtime detection - information exchange - flowbit set 3 (spyware-put.rules) 7168 <-> Disabled <-> SPYWARE-PUT Keylogger ab system spy runtime detection - information exchange - flowbit set 4 (spyware-put.rules) 7169 <-> Disabled <-> SPYWARE-PUT Keylogger ab system spy runtime detection - information exchange (spyware-put.rules) 7170 <-> Disabled <-> DELETED SPYWARE-PUT Keylogger ab system spy runtime detection - info update (deleted.rules) 7171 <-> Disabled <-> DELETED SPYWARE-PUT Keylogger ab system spy runtime detection - info update (deleted.rules) 7172 <-> Disabled <-> DELETED SPYWARE-PUT Keylogger ab system spy runtime detection - info update (deleted.rules) 7173 <-> Disabled <-> DELETED SPYWARE-PUT Keylogger ab system spy runtime detection - info update (deleted.rules) 7174 <-> Disabled <-> DELETED SPYWARE-PUT Keylogger ab system spy runtime detection - info update (deleted.rules) 7181 <-> Disabled <-> DELETED SPYWARE-PUT Keylogger desktop detective 2000 runtime detection - info request (deleted.rules) 7507 <-> Disabled <-> SPYWARE-PUT Hacker-Tool coma runtime detection - init connection (spyware-put.rules) 7509 <-> Disabled <-> SPYWARE-PUT Hacker-Tool coma runtime detection - ping (spyware-put.rules) 7544 <-> Disabled <-> SPYWARE-PUT Keylogger PerfectKeylogger runtime detection - flowbit set 1 (spyware-put.rules) 7605 <-> Disabled <-> BACKDOOR katux 2.0 runtime detection - screen capture (backdoor.rules) 7607 <-> Disabled <-> BACKDOOR katux 2.0 runtime detection - get system info (backdoor.rules) 7609 <-> Disabled <-> BACKDOOR katux 2.0 runtime detection - chat (backdoor.rules) 7611 <-> Disabled <-> BACKDOOR flux 1.0 runtime detection - initial connection - flowbit 2 (backdoor.rules) 7612 <-> Disabled <-> BACKDOOR flux 1.0 runtime detection - initial connection - flowbit 3 (backdoor.rules) 7613 <-> Disabled <-> BACKDOOR flux 1.0 runtime detection - successful initial connection (backdoor.rules) 7615 <-> Disabled <-> BACKDOOR flux 1.0 runtime detection - keep alive (backdoor.rules) 7618 <-> Disabled <-> BACKDOOR theef 2.0 runtime detection - connection request with password - flowbit 2 (backdoor.rules) 7619 <-> Disabled <-> BACKDOOR theef 2.0 runtime detection - connection request with password (backdoor.rules) 7621 <-> Disabled <-> BACKDOOR remote control 1.7 runtime detection - connection request - flowbit 2 (backdoor.rules) 7622 <-> Disabled <-> BACKDOOR remote control 1.7 runtime detection - connection request - flowbit 3 (backdoor.rules) 7623 <-> Disabled <-> BACKDOOR remote control 1.7 runtime detection - connection request (backdoor.rules) 7626 <-> Disabled <-> BACKDOOR skyrat show runtime detection - initial connection - flowbit 2 (backdoor.rules) 7627 <-> Disabled <-> BACKDOOR skyrat show runtime detection - initial connection - flowbit 3 (backdoor.rules) 7628 <-> Disabled <-> BACKDOOR skyrat show runtime detection - initial connection - flowbit 4 (backdoor.rules) 7629 <-> Disabled <-> BACKDOOR skyrat show runtime detection - initial connection (backdoor.rules) 7664 <-> Disabled <-> BACKDOOR screen control 1.0 runtime detection - flowbit set (backdoor.rules) 7666 <-> Disabled <-> DELETED BACKDOOR screen control 1.0 runtime detection - capture on port 2208 - flowbit set (deleted.rules) 7676 <-> Disabled <-> BACKDOOR cool remote control or crackdown runtime detection - initial connection - flowbit set (backdoor.rules) 7677 <-> Disabled <-> BACKDOOR cool remote control or crackdown runtime detection - initial connection (backdoor.rules) 7779 <-> Disabled <-> DELETED BACKDOOR net devil 1.4 runtime detection - initial connection - flowbit set 1 (deleted.rules) 7780 <-> Disabled <-> DELETED BACKDOOR net devil 1.4 runtime detection - initial connection - flowbit set 2 (deleted.rules) 7781 <-> Disabled <-> DELETED BACKDOOR net devil 1.4 runtime detection - initial connection (deleted.rules) 7782 <-> Disabled <-> BACKDOOR netdevil runtime detection - file manager - flowbit set (backdoor.rules) 7783 <-> Disabled <-> BACKDOOR netdevil runtime detection - file manager (backdoor.rules)
