Sourcefire VRT Update

Date: 2006-04-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.

The format of the file is:

sid - Message (rule group)

New rules:
5742 - SPYWARE-PUT Keylogger activitylogger runtime detection (spyware-put.rules)
5743 - SPYWARE-PUT Hijacker actualnames runtime detection - plugin list (spyware-put.rules)
5744 - SPYWARE-PUT Hijacker actualnames runtime detection - online.php request (spyware-put.rules)
5745 - SPYWARE-PUT Hijacker adultlinks runtime detection - redirect (spyware-put.rules)
5746 - SPYWARE-PUT Hijacker adultlinks runtime detection - load url (spyware-put.rules)
5747 - SPYWARE-PUT Hijacker adultlinks runtime detection - log hits (spyware-put.rules)
5748 - SPYWARE-PUT Hijacker adultlinks runtime detection - ads (spyware-put.rules)
5749 - SPYWARE-PUT Trackware alexa runtime detection (spyware-put.rules)
5750 - SPYWARE-PUT Adware dogpile runtime detection (spyware-put.rules)
5751 - SPYWARE-PUT Adware exactsearch runtime detection - switch search engine 1 (spyware-put.rules)
5752 - SPYWARE-PUT Adware exactsearch runtime detection - switch search engine 2 (spyware-put.rules)
5753 - SPYWARE-PUT Adware exactsearch runtime detection - topsearches (spyware-put.rules)
5754 - SPYWARE-PUT Hijacker ezcybersearch runtime detection - ie auto search hijack (spyware-put.rules)
5755 - SPYWARE-PUT Hijacker ezcybersearch runtime detection - check update (spyware-put.rules)
5756 - SPYWARE-PUT Hijacker ezcybersearch runtime detection - add coolsites to ie favorites (spyware-put.rules)
5757 - SPYWARE-PUT Hijacker ezcybersearch runtime detection - check toolbar setting (spyware-put.rules)
5758 - SPYWARE-PUT Hijacker ezcybersearch runtime detection - download fastclick pop-under code (spyware-put.rules)
5759 - SPYWARE-PUT Keylogger fearlesskeyspy runtime detection (spyware-put.rules)
5760 - SPYWARE-PUT Hijacker marketscore runtime detection (spyware-put.rules)
5761 - SPYWARE-PUT Trickler bearshare runtime detection - ads popup (spyware-put.rules)
5762 - SPYWARE-PUT Trickler bearshare runtime detection - p2p information request (spyware-put.rules)
5763 - SPYWARE-PUT Trickler bearshare runtime detection - chat request (spyware-put.rules)
5764 - SPYWARE-PUT Hijacker begin2search runtime detection - fcgi query (spyware-put.rules)
5765 - SPYWARE-PUT Hijacker begin2search runtime detection - ico query (spyware-put.rules)
5766 - SPYWARE-PUT Hijacker begin2search runtime detection - install spyware trafficsector (spyware-put.rules)
5767 - SPYWARE-PUT Hijacker begin2search runtime detection - download unauthorized code (spyware-put.rules)
5768 - SPYWARE-PUT Hijacker begin2search runtime detection - pass information (spyware-put.rules)
5769 - SPYWARE-PUT Hijacker begin2search runtime detection - play bingo ads (spyware-put.rules)
5770 - SPYWARE-PUT Snoopware casinoonnet runtime detection (spyware-put.rules)
5771 - SPYWARE-PUT Screen-Scraper farsighter runtime detection - initial connection (spyware-put.rules)
5772 - SPYWARE-PUT Screen-Scraper farsighter runtime detection - initial connection (spyware-put.rules)
5773 - SPYWARE-PUT Adware forbes runtime detection (spyware-put.rules)
5774 - SPYWARE-PUT Hijacker freescratch runtime detection - get card (spyware-put.rules)
5775 - SPYWARE-PUT Hijacker freescratch runtime detection - scratch card (spyware-put.rules)
5776 - SPYWARE-PUT Trickler grokster runtime detection (spyware-put.rules)
5777 - SPYWARE-PUT Keylogger gurl watcher runtime detection (spyware-put.rules)
5778 - SPYWARE-PUT Keylogger runtime detection - hwpe windows activity logs (spyware-put.rules)
5779 - SPYWARE-PUT Keylogger runtime detection - hwpe shell file logs (spyware-put.rules)
5780 - SPYWARE-PUT Keylogger runtime detection - hwpe word filtered echelon log (spyware-put.rules)
5781 - SPYWARE-PUT Keylogger runtime detection - hwae windows activity logs (spyware-put.rules)
5782 - SPYWARE-PUT Keylogger runtime detection - hwae word filtered echelon log (spyware-put.rules)
5783 - SPYWARE-PUT Keylogger runtime detection - hwae keystrokes log (spyware-put.rules)
5784 - SPYWARE-PUT Keylogger runtime detection - hwae urls browsed log (spyware-put.rules)
5785 - SPYWARE-PUT Adware hithopper runtime detection - get xml setting (spyware-put.rules)
5786 - SPYWARE-PUT Adware hithopper runtime detection - redirect (spyware-put.rules)
5787 - SPYWARE-PUT Adware hithopper runtime detection - search (spyware-put.rules)
5788 - SPYWARE-PUT Adware hithopper runtime detection - click toolbar buttons (spyware-put.rules)
5789 - SPYWARE-PUT keylogger pc actmon pro runtime detection - http (spyware-put.rules)
5790 - SPYWARE-PUT Keylogger pc actmon pro runtime detection - smtp (spyware-put.rules)
5791 - SPYWARE-PUT Dialer pluginaccess runtime detection - get pin (spyware-put.rules)
5792 - SPYWARE-PUT Dialer pluginaccess runtime detection - active proxy (spyware-put.rules)
5793 - SPYWARE-PUT Dialer pluginaccess runtime detection - redirect (spyware-put.rules)
5794 - SPYWARE-PUT Hijacker coolwebsearch.aboutblank variant runtime detection (spyware-put.rules)
5795 - SPYWARE-PUT Adware ist powerscan runtime detection (spyware-put.rules)
5796 - SPYWARE-PUT Adware keenvalue runtime detection (spyware-put.rules)
5797 - SPYWARE-PUT Hacker-Tool kontiki runtime detection (spyware-put.rules)
5798 - SPYWARE-PUT Adware mydailyhoroscope runtime detection (spyware-put.rules)
5799 - SPYWARE-PUT mydailyhoroscope update or installation in progress (spyware-put.rules)
5800 - SPYWARE-PUT Trackware myway speedbar runtime detection - request config (spyware-put.rules)
5801 - SPYWARE-PUT Trackware myway speedbar / mywebsearch toolbar runtime detection - track activity 1 (spyware-put.rules)
5802 - SPYWARE-PUT Trackware myway speedbar / mywebsearch toolbar runtime detection - track activity 2 (spyware-put.rules)
5803 - SPYWARE-PUT Trackware myway speedbar / mywebsearch toolbar runtime detection - collect information (spyware-put.rules)
5804 - SPYWARE-PUT Trackware myway speedbar / mywebsearch toolbar runtime detection - ads (spyware-put.rules)
5805 - SPYWARE-PUT Trackware myway speedbar runtime detection - switch engines (spyware-put.rules)
5806 - SPYWARE-PUT Hijacker searchmiracle-elitebar runtime detection (spyware-put.rules)
5807 - SPYWARE-PUT Hijacker shopathomeselect runtime detection (spyware-put.rules)
5808 - SPYWARE-PUT Hijacker shop at home search merchant redirect check (spyware-put.rules)
5809 - SPYWARE-PUT Hijacker shop at home select merchant redirect in progress (spyware-put.rules)
5810 - SPYWARE-PUT Hijacker shop at home select installation in progress (spyware-put.rules)
5811 - SPYWARE-PUT shop at home select installation in progress - clsid detected (spyware-put.rules)
5812 - SPYWARE-PUT Hacker-Tool stealthredirector runtime detection - email notification (spyware-put.rules)
5813 - SPYWARE-PUT Hacker-Tool stealthredirector runtime detection - create redirection (spyware-put.rules)
5814 - SPYWARE-PUT Hacker-Tool stealthredirector runtime detection - create redirection (spyware-put.rules)
5815 - SPYWARE-PUT Hacker-Tool stealthredirector runtime detection - destory redirection (spyware-put.rules)
5816 - SPYWARE-PUT Hacker-Tool stealthredirector runtime detection - destory redirection (spyware-put.rules)
5817 - SPYWARE-PUT Hacker-Tool stealthredirector runtime detection - check status (spyware-put.rules)
5818 - SPYWARE-PUT Hacker-Tool stealthredirector runtime detection - check status (spyware-put.rules)
5819 - SPYWARE-PUT Hacker-Tool stealthredirector runtime detection - check status (spyware-put.rules)
5820 - SPYWARE-PUT Hacker-Tool stealthredirector runtime detection - destory log (spyware-put.rules)
5821 - SPYWARE-PUT Hacker-Tool stealthredirector runtime detection - destory log (spyware-put.rules)
5822 - SPYWARE-PUT Hacker-Tool stealthredirector runtime detection - view netstat (spyware-put.rules)
5823 - SPYWARE-PUT Hacker-Tool stealthredirector runtime detection - view netstat (spyware-put.rules)
5824 - SPYWARE-PUT Dialer stripplayer runtime detection (spyware-put.rules)
5825 - SPYWARE-PUT Adware broadcasturban tuner runtime detection - start tuner (spyware-put.rules)
5826 - SPYWARE-PUT Adware broadcasturban tuner runtime detection - pass user info to server (spyware-put.rules)
5827 - SPYWARE-PUT Adware broadcasturban tuner runtime detection - get gateway (spyware-put.rules)
5828 - SPYWARE-PUT Adware broadcasturban tuner runtime detection - connect to station (spyware-put.rules)
5829 - SPYWARE-PUT Trickler clipgenie runtime detection (spyware-put.rules)
5830 - SPYWARE-PUT Hijacker comet systems runtime detection - track activity (spyware-put.rules)
5831 - SPYWARE-PUT Hijacker comet systems runtime detection - update requests (spyware-put.rules)
5832 - SPYWARE-PUT Hijacker comet systems runtime search detection - search request 1 (spyware-put.rules)
5833 - SPYWARE-PUT Hijacker comet systems runtime search detection - search request 2 (spyware-put.rules)
5834 - SPYWARE-PUT Trickler conscorr runtime detection (spyware-put.rules)
5835 - SPYWARE-PUT Adware gamespy_arcade runtime detection (spyware-put.rules)
5836 - SPYWARE-PUT Trickler nictech.bm2 runtime detection (spyware-put.rules)
5837 - SPYWARE-PUT Trackware ucmore runtime detection - track activity (spyware-put.rules)
5838 - SPYWARE-PUT Trackware ucmore runtime detection - get sponsor/ad links (spyware-put.rules)
5839 - SPYWARE-PUT Trackware ucmore runtime detection - click sponsor/ad link (spyware-put.rules)
5840 - SPYWARE-PUT Hijacker sep runtime detection (spyware-put.rules)
5841 - SPYWARE-PUT Trickler minibug runtime detection - retrieve weather information (spyware-put.rules)
5842 - SPYWARE-PUT Trickler minibug runtime detection - ads (spyware-put.rules)
5843 - SPYWARE-PUT Hijacker surfsidekick runtime detection - hijack ie auto search (spyware-put.rules)
5844 - SPYWARE-PUT Hijacker surfsidekick runtime detection - post request (spyware-put.rules)
5845 - SPYWARE-PUT Hijacker surfsidekick runtime detection - update request (spyware-put.rules)
5846 - SPYWARE-PUT Trickler vx2 localnrd runtime detection (spyware-put.rules)
5847 - SPYWARE-PUT Adware warez_p2p runtime detection - p2p client home (spyware-put.rules)
5848 - SPYWARE-PUT Adware warez_p2p runtime detection - ip.php request (spyware-put.rules)
5849 - SPYWARE-PUT Adware warez_p2p runtime detection - update request (spyware-put.rules)
5850 - SPYWARE-PUT Adware warez_p2p runtime detection - check update (spyware-put.rules)
5851 - SPYWARE-PUT Adware warez_p2p runtime detection - .txt .dat and .lst requests (spyware-put.rules)
5852 - SPYWARE-PUT Adware warez_p2p runtime detection - cache.dat request (spyware-put.rules)
5853 - SPYWARE-PUT Adware warez_p2p runtime detection - download ads (spyware-put.rules)
5854 - SPYWARE-PUT Adware warez_p2p runtime detection - pass user information (spyware-put.rules)
5855 - SPYWARE-PUT Hijacker funbuddyicons runtime detection - request config (spyware-put.rules)
5856 - SPYWARE-PUT Hijacker funbuddyicons runtime detection - funwebproducts user-agent string (spyware-put.rules)
5857 - SPYWARE-PUT Hijacker funbuddyicons runtime detection - mysaconfg request (spyware-put.rules)
5858 - SPYWARE-PUT Adware praizetoolbar runtime detection (spyware-put.rules)
5859 - SPYWARE-PUT Hijacker daosearch runtime detection - information request (spyware-put.rules)
5860 - SPYWARE-PUT Hijacker daosearch runtime detection - search hijack (spyware-put.rules)
5861 - SPYWARE-PUT Hijacker isearch runtime detection - toolbar information request (spyware-put.rules)
5862 - SPYWARE-PUT Hijacker isearch runtime detection - search hijack 1 (spyware-put.rules)
5863 - SPYWARE-PUT Hijacker isearch runtime detection - search hijack 2 (spyware-put.rules)
5864 - SPYWARE-PUT Hijacker isearch runtime detection - search in toolbar (spyware-put.rules)
5865 - SPYWARE-PUT Adware zapspot runtime detection - pop up ads (spyware-put.rules)
5866 - SPYWARE-PUT Hijacker couponbar runtime detection - download new coupon offers and links (spyware-put.rules)
5867 - SPYWARE-PUT Hijacker couponbar runtime detection - get updates to toolbar buttons (spyware-put.rules)
5868 - SPYWARE-PUT Hijacker couponbar runtime detection - view coupon offers (spyware-put.rules)
5869 - SPYWARE-PUT Trickler VX2/ABetterInternet transponder thinstaller runtime detection - download request 1 (spyware-put.rules)
5870 - SPYWARE-PUT Trickler VX2/ABetterInternet transponder thinstaller runtime detection - download request 2 (spyware-put.rules)
5871 - SPYWARE-PUT Trickler VX2/ABetterInternet transponder thinstaller runtime detection - post information (spyware-put.rules)
5872 - SPYWARE-PUT Snoopware hyperlinker runtime detection (spyware-put.rules)
5873 - SPYWARE-PUT Snoopware pc acme pro runtime detection (spyware-put.rules)
5874 - SPYWARE-PUT Snoopware pc acme pro runtime detection (spyware-put.rules)
5875 - SPYWARE-PUT Hacker-Tool eraser runtime detection - detonate (spyware-put.rules)
5876 - SPYWARE-PUT Hacker-Tool eraser runtime detection - disinfect (spyware-put.rules)
5877 - SPYWARE-PUT Adware trustyfiles v2.4.0.4 runtime detection - startup access (spyware-put.rules)
5878 - SPYWARE-PUT Adware trustyfiles v2.4.0.4 runtime detection - configuration retrieval (spyware-put.rules)
5879 - SPYWARE-PUT Adware trustyfiles v2.4.0.4 runtime detection - update notification (spyware-put.rules)
5880 - SPYWARE-PUT Keylogger spyagent runtime detect - smtp delivery (spyware-put.rules)
5881 - SPYWARE-PUT Keylogger spyagent runtime detect - ftp delivery (spyware-put.rules)
5882 - SPYWARE-PUT Keylogger spyagent runtime detect - alert notification (spyware-put.rules)
5883 - SPYWARE-PUT Other-Technologies saria 1.0 runtime detection - send user information (spyware-put.rules)
5884 - SPYWARE-PUT Hijacker copernic meta toolbar runtime detection - check toolbar + category info (spyware-put.rules)
5885 - SPYWARE-PUT Hijacker copernic meta toolbar runtime detection - ie autosearch + search assistant hijack (spyware-put.rules)
5886 - SPYWARE-PUT Hijacker copernic meta toolbar runtime detection - pass info to server (spyware-put.rules)
5887 - SPYWARE-PUT Hijacker shopnav runtime detection - ie search assistant hijack (spyware-put.rules)
5888 - SPYWARE-PUT Hijacker shopnav runtime detection - ie auto search hijack (spyware-put.rules)
5889 - SPYWARE-PUT Hijacker shopnav runtime detection - collect information (spyware-put.rules)
5890 - SPYWARE-PUT Hijacker shopnav runtime detection - self-update request 1 (spyware-put.rules)
5891 - SPYWARE-PUT Hijacker shopnav runtime detection - self-update request 2 (spyware-put.rules)
5892 - SPYWARE-PUT Trackware wordiq toolbar runtime detection - get link info (spyware-put.rules)
5893 - SPYWARE-PUT Trackware wordiq toolbar runtime detection - search keyword (spyware-put.rules)
5894 - SPYWARE-PUT Hacker-Tool timbuktu pro runtime detection - smb (spyware-put.rules)
5895 - SPYWARE-PUT Hacker-Tool timbuktu pro runtime detection - tcp port 407 (spyware-put.rules)
5896 - SPYWARE-PUT Hacker-Tool timbuktu pro runtime detection - tcp port 407 (spyware-put.rules)
5897 - SPYWARE-PUT Hacker-Tool timbuktu pro runtime detection - udp port 407 (spyware-put.rules)
5898 - SPYWARE-PUT Trackware adtools runtime etection - track user activity (spyware-put.rules)
5899 - SPYWARE-PUT Trackware adtools-screenmate runtime etection - generate desktop alert (spyware-put.rules)
5900 - SPYWARE-PUT Trackware adtools-communicator runtime etection - collect information (spyware-put.rules)
5901 - SPYWARE-PUT Trackware adtools-communicator runtime etection - download self-update (spyware-put.rules)
5902 - SPYWARE-PUT Adware download accelerator plus runtime detection - startup (spyware-put.rules)
5903 - SPYWARE-PUT Adware download accelerator plus runtime detection - get ads (spyware-put.rules)
5904 - SPYWARE-PUT Adware download accelerator plus runtime detection - download files (spyware-put.rules)
5905 - SPYWARE-PUT Adware download accelerator plus runtime detection - games center request (spyware-put.rules)
5906 - SPYWARE-PUT Adware download accelerator plus runtime detection - update (spyware-put.rules)
5907 - SPYWARE-PUT Trackware e2give runtime detection - check update (spyware-put.rules)
5908 - SPYWARE-PUT Trackware e2give runtime detection - redirect affiliate site request 1 (spyware-put.rules)
5909 - SPYWARE-PUT Trackware e2give runtime detection - redirect affiliate site request 2 (spyware-put.rules)
5910 - SPYWARE-PUT Trackware casalemedia runtime detection (spyware-put.rules)
5911 - SPYWARE-PUT Adware smartpops runtime detection (spyware-put.rules)
5912 - SPYWARE-PUT Hijacker webcrawler runtime detection (spyware-put.rules)
5913 - SPYWARE-PUT Trickler smasoft webdownloader runtime detection (spyware-put.rules)
5914 - SPYWARE-PUT Hijacker locatorstoolbar runtime detection - configuration download (spyware-put.rules)
5915 - SPYWARE-PUT Hijacker locatorstoolbar runtime detection - autosearch hijack (spyware-put.rules)
5916 - SPYWARE-PUT Hijacker locatorstoolbar runtime detection - sidebar search (spyware-put.rules)
5917 - SPYWARE-PUT Hijacker locatorstoolbar runtime detection - toolbar search (spyware-put.rules)
5918 - SPYWARE-PUT Hijacker painter runtime detection - ping 'alive' signal (spyware-put.rules)
5919 - SPYWARE-PUT Hijacker painter runtime detection - redirect to klikvipsearch (spyware-put.rules)
5920 - SPYWARE-PUT Hijacker painter runtime detection - redirect yahoo search through online-casino-searcher (spyware-put.rules)
5921 - SPYWARE-PUT Trackware fftoolbar toolbar runtime detection - send user url request (spyware-put.rules)
5922 - SPYWARE-PUT Trackware fftoolbar toolbar runtime detection - display advertisement news (spyware-put.rules)
5923 - SPYWARE-PUT Adware active shopper runtime detection - side search request (spyware-put.rules)
5924 - SPYWARE-PUT Adware active shopper runtime detection - redirect (spyware-put.rules)
5925 - SPYWARE-PUT Adware active shopper runtime detection - check (spyware-put.rules)
5926 - SPYWARE-PUT Adware active shopper runtime detection - collect information (spyware-put.rules)
5927 - SPYWARE-PUT Adware cashbar runtime detection - .smx requests (spyware-put.rules)
5928 - SPYWARE-PUT Adware cashbar runtime detection - ads request (spyware-put.rules)
5929 - SPYWARE-PUT Adware cashbar runtime detection - pop-up ad 1 (spyware-put.rules)
5930 - SPYWARE-PUT Adware cashbar runtime detection - pop-up ad 2 (spyware-put.rules)
5931 - SPYWARE-PUT Adware cashbar runtime detection - stats track 1 (spyware-put.rules)
5932 - SPYWARE-PUT Adware cashbar runtime detection - stats track 2 (spyware-put.rules)
5933 - SPYWARE-PUT Hijacker dropspam runtime detection - search request 1 (spyware-put.rules)
5934 - SPYWARE-PUT Hijacker dropspam runtime detection - search request 2 (spyware-put.rules)
5935 - SPYWARE-PUT Hijacker dropspam runtime detection - search request 3 (spyware-put.rules)
5936 - SPYWARE-PUT Hijacker dropspam runtime detection - side search (spyware-put.rules)
5937 - SPYWARE-PUT Hijacker dropspam runtime detection - pass information to its controlling server (spyware-put.rules)
5938 - SPYWARE-PUT Hijacker dropspam runtime detection - third party information collection (spyware-put.rules)
5939 - SPYWARE-PUT Trackware supreme toolbar runtime detection - get cfg (spyware-put.rules)
5940 - SPYWARE-PUT Trackware supreme toolbar runtime detection - search request (spyware-put.rules)
5941 - SPYWARE-PUT Trackware supreme toolbar runtime detection - track (spyware-put.rules)
5942 - SPYWARE-PUT Trackware supreme toolbar runtime detection - pass information to its controlling server (spyware-put.rules)
5943 - SPYWARE-PUT Trackware supreme toolbar runtime detection - third party information collection (spyware-put.rules)
5944 - SPYWARE-PUT Adware free access bar runtime detection 1 (spyware-put.rules)
5945 - SPYWARE-PUT Adware weirdontheweb runtime detection - track.cgi request (spyware-put.rules)
5946 - SPYWARE-PUT Adware weirdontheweb runtime detection - monitor user web activity (spyware-put.rules)
5947 - SPYWARE-PUT Adware weirdontheweb runtime detection - log url (spyware-put.rules)
5948 - SPYWARE-PUT Adware weirdontheweb runtime detection - update notifier (spyware-put.rules)
5949 - SPYWARE-PUT Trackware iggsey toolbar detection - simpleticker.htm request (spyware-put.rules)
5950 - SPYWARE-PUT Trackware iggsey toolbar detection - pass information to server (spyware-put.rules)
5951 - SPYWARE-PUT Trackware iggsey toolbar detection - search request (spyware-put.rules)
5952 - SPYWARE-PUT Hijacker 123mania runtime detection - autosearch hijacking (spyware-put.rules)
5953 - SPYWARE-PUT Hijacker 123mania runtime detection - sidesearch hijacking (spyware-put.rules)
5954 - SPYWARE-PUT Trackware browserpal runtime detection - post user info to server (spyware-put.rules)
5955 - SPYWARE-PUT Trackware browserpal runtime detection - adblocker function (spyware-put.rules)
5956 - SPYWARE-PUT Hacker-Tool ghostvoice 1.02 icq notification of server installation (spyware-put.rules)
5957 - SPYWARE-PUT Hacker-Tool ghostvoice 1.02 runtime detection (spyware-put.rules)
5958 - SPYWARE-PUT Hacker-Tool ghostvoice 1.02 runtime detection - init connection with password requirement (spyware-put.rules)
5959 - SPYWARE-PUT Hijacker raxsearch detection - send search keywords to raxsearch (spyware-put.rules)
5960 - SPYWARE-PUT Hijacker raxsearch detection - pop-up raxsearch window (spyware-put.rules)
5961 - SPYWARE-PUT Hijacker searchfast detection - news ticker (spyware-put.rules)
5962 - SPYWARE-PUT Hijacker searchfast detection - catch search keyword (spyware-put.rules)
5963 - SPYWARE-PUT Hijacker searchfast detection - search request (spyware-put.rules)
5964 - SPYWARE-PUT Hijacker searchfast detection - track user activity + get 'relates links' of the toolbar (spyware-put.rules)
5965 - SPYWARE-PUT Hijacker searchfast detection - get toolbar cfg (spyware-put.rules)
5966 - SPYWARE-PUT trackware searchinweb detection - search request (spyware-put.rules)
5967 - SPYWARE-PUT trackware searchinweb detection - click result links (spyware-put.rules)
5968 - SPYWARE-PUT trackware searchinweb detection - redirect (spyware-put.rules)
5969 - SPYWARE-PUT trackware searchinweb detection - collect information (spyware-put.rules)
5970 - SPYWARE-PUT hijacker smart finder detection - keys update (spyware-put.rules)
5971 - SPYWARE-PUT hijacker smart finder detection - track hits (spyware-put.rules)
5972 - SPYWARE-PUT hijacker smart finder detection - ie autosearch hijack 1 (spyware-put.rules)
5973 - SPYWARE-PUT hijacker smart finder detection - search engines hijack (spyware-put.rules)
5974 - SPYWARE-PUT hijacker smart finder detection - pop-up ads (spyware-put.rules)
5975 - SPYWARE-PUT hijacker topfive searchassistant detection - search request (spyware-put.rules)
5976 - SPYWARE-PUT hijacker topfive searchassistant detection - side search (spyware-put.rules)
5977 - SPYWARE-PUT hijacker topfive searchassistant detection - post user information to server (spyware-put.rules)
5978 - SPYWARE-PUT hijacker topfive searchassistant detection - update (spyware-put.rules)
5979 - SPYWARE-PUT Trackware anwb toolbar runtime detection - track user ip address (spyware-put.rules)
5980 - SPYWARE-PUT Trackware anwb toolbar runtime detection - display advertisement (spyware-put.rules)
5981 - SPYWARE-PUT Hijacker seeqtoolbar runtime detection - autosearch hijack or search in toolbar (spyware-put.rules)
5982 - SPYWARE-PUT Hijacker seeqtoolbar runtime detection - email login page (spyware-put.rules)
5983 - SPYWARE-PUT Adware powerstrip runtime detection (spyware-put.rules)
5984 - SPYWARE-PUT Trackware push toolbar installtime detection - user information collect (spyware-put.rules)
5985 - SPYWARE-PUT Trackware push toolbar runtime detection - toolbar information request (spyware-put.rules)
5986 - SPYWARE-PUT Trickler teomasearchbar runtime detection (spyware-put.rules)
5987 - SPYWARE-PUT Hijacker wishbone runtime detection (spyware-put.rules)
5988 - SPYWARE-PUT Trackware windupdates-mediagateway runtime detection - post data (spyware-put.rules)
5989 - SPYWARE-PUT Adware broadcastpc runtime detection - get config (spyware-put.rules)
5990 - SPYWARE-PUT Adware broadcastpc runtime detection - get up-to-date movie/tv/ad information (spyware-put.rules)
5991 - SPYWARE-PUT Hijacker getmirar runtime detection - search request (spyware-put.rules)
5992 - SPYWARE-PUT Hijacker getmirar runtime detection - get keyword-related content (spyware-put.rules)
5993 - SPYWARE-PUT Hijacker getmirar runtime detection - track activity (spyware-put.rules)
5994 - SPYWARE-PUT Hijacker getmirar runtime detection - click related button (spyware-put.rules)
5995 - SPYWARE-PUT Adware offeragent runtime detection - information checking (spyware-put.rules)
5996 - SPYWARE-PUT Adware offeragent runtime detection - ads request (spyware-put.rules)
6012 - BACKDOOR coolcat runtime connection detection - tcp 1 (backdoor.rules)
6013 - BACKDOOR coolcat runtime connection detection - tcp 2 (backdoor.rules)
6014 - BACKDOOR coolcat runtime connection detection - tcp 3 (backdoor.rules)
6015 - BACKDOOR dsk lite 1.0 runtime detection - initial connection (backdoor.rules)
6016 - BACKDOOR dsk lite 1.0 runtime detection - initial connection (backdoor.rules)
6017 - BACKDOOR dsk lite 1.0 runtime detection - disconnect (backdoor.rules)
6018 - BACKDOOR dsk lite 1.0 runtime detection - icq notification (backdoor.rules)
6019 - BACKDOOR dsk lite 1.0 runtime detection - cgi notification (backdoor.rules)
6020 - BACKDOOR dsk lite 1.0 runtime detection - php notification (backdoor.rules)
6021 - BACKDOOR silent spy 2.10 runtime detection - init connection (backdoor.rules)
6022 - BACKDOOR silent spy 2.10 runtime detection - init connection (backdoor.rules)
6023 - BACKDOOR silent spy 2.10 runtime detection - icq notification (backdoor.rules)
6024 - BACKDOOR nuclear rat v6_21 runtime detection (backdoor.rules)
6025 - BACKDOOR tequila bandita 1.2 runtime detection - reverse connection (backdoor.rules)
6026 - BACKDOOR dimbus 1.0 runtime detection - get pc info (backdoor.rules)
6027 - BACKDOOR netshadow runtime detection (backdoor.rules)
6028 - BACKDOOR cyberpaky runtime detection (backdoor.rules)
6029 - BACKDOOR fkwp 2.0 runtime detection - icq notification (backdoor.rules)
6030 - BACKDOOR fkwp 2.0 runtime detection - connection attempt client-to-server (backdoor.rules)
6031 - BACKDOOR fkwp 2.0 runtime detection - connection attempt server-to-client (backdoor.rules)
6032 - DELETED BACKDOOR fkwp 2.0 runtime detection - conn success-cts (deleted.rules)
6033 - BACKDOOR fkwp 2.0 runtime detection - connection success (backdoor.rules)
6034 - BACKDOOR minicommand runtime detection - initial connection client-to-server (backdoor.rules)
6035 - BACKDOOR minicommand runtime detection - initial connection server-to-client (backdoor.rules)
6036 - BACKDOOR minicommand runtime detection - directory listing server-to-client (backdoor.rules)
6037 - BACKDOOR netbus 1.7 runtime detection - email notification (backdoor.rules)
6038 - DELETED BACKDOOR netbus 1.7 runtime detection - initial connection (deleted.rules)
6039 - BACKDOOR fade 1.0 runtime detection - notification (backdoor.rules)
6040 - BACKDOOR fade 1.0 runtime detection - enable keylogger (backdoor.rules)
6041 - BACKDOOR fade 1.0 runtime detection - enable keylogger (backdoor.rules)
6042 - BACKDOOR fear 0.2 runtime detection - php notification (backdoor.rules)
6043 - BACKDOOR fear 0.2 runtime detection - cgi notification (backdoor.rules)
6044 - BACKDOOR fear 0.2 runtime detection - initial connection (backdoor.rules)
6045 - BACKDOOR fear 0.2 runtime detection - initial connection (backdoor.rules)
6046 - BACKDOOR fear 0.2 runtime detection - initial connection (backdoor.rules)
6047 - BACKDOOR fun factory runtime detection - connect (backdoor.rules)
6048 - BACKDOOR fun factory runtime detection - connect (backdoor.rules)
6049 - BACKDOOR fun factory runtime detection - upload (backdoor.rules)
6050 - BACKDOOR fun factory runtime detection - upload (backdoor.rules)
6051 - BACKDOOR fun factory runtime detection - set volume (backdoor.rules)
6052 - BACKDOOR fun factory runtime detection - set volume (backdoor.rules)
6053 - BACKDOOR fun factory runtime detection - do script remotely (backdoor.rules)
6054 - BACKDOOR fun factory runtime detection - do script remotely (backdoor.rules)
6055 - BACKDOOR bifrose 1.1 runtime detection (backdoor.rules)
6056 - BACKDOOR bifrose 1.1 runtime detection (backdoor.rules)
6057 - BACKDOOR bifrose 1.1 runtime detection (backdoor.rules)
6058 - BACKDOOR neurotickat1.3 runtime detection - icq notification (backdoor.rules)
6059 - BACKDOOR neurotickat1.3 runtime detection - cgi notification (backdoor.rules)
6060 - BACKDOOR neurotickat1.3 runtime detection - initial connection (backdoor.rules)
6061 - BACKDOOR neurotickat1.3 runtime detection - initial connection (backdoor.rules)
6062 - BACKDOOR neurotickat1.3 runtime detection - initial connection (backdoor.rules)
6063 - BACKDOOR schwindler 1.82 runtime detection (backdoor.rules)
6064 - BACKDOOR schwindler 1.82 runtime detection (backdoor.rules)
6065 - BACKDOOR optixlite 1.0 runtime detection - connection success client-to-server (backdoor.rules)
6066 - BACKDOOR optixlite 1.0 runtime detection - connection success server-to-client (backdoor.rules)
6067 - DELETED BACKDOOR optixlite 1.0 runtime detection - conn failure-cts (deleted.rules)
6068 - BACKDOOR optixlite 1.0 runtime detection - connection failure server-to-client (backdoor.rules)
6069 - BACKDOOR optixlite 1.0 runtime detection - icq notification (backdoor.rules)
6070 - BACKDOOR freak 1.0 runtime detection - irc notification (backdoor.rules)
6071 - BACKDOOR freak 1.0 runtime detection - icq notification (backdoor.rules)
6072 - BACKDOOR freak 1.0 runtime detection - initial connection client-to-server (backdoor.rules)
6073 - BACKDOOR freak 1.0 runtime detection - initial connection server-to-client (backdoor.rules)
6074 - BACKDOOR xhx 1.6 runtime detection - initial connection client-to-server (backdoor.rules)
6075 - BACKDOOR xhx 1.6 runtime detection - initial connection server-to-client (backdoor.rules)
6076 - BACKDOOR amiboide uploader runtime detection - init connection (backdoor.rules)
6077 - BACKDOOR autospy runtime detection - get information (backdoor.rules)
6078 - BACKDOOR autospy runtime detection - get information (backdoor.rules)
6079 - BACKDOOR autospy runtime detection - show autospy (backdoor.rules)
6080 - BACKDOOR autospy runtime detection - show autospy (backdoor.rules)
6081 - BACKDOOR autospy runtime detection - show nude pic (backdoor.rules)
6082 - BACKDOOR autospy runtime detection - show nude pic (backdoor.rules)
6083 - BACKDOOR autospy runtime detection - hide taskbar (backdoor.rules)
6084 - BACKDOOR autospy runtime detection - hide taskbar (backdoor.rules)
6085 - BACKDOOR autospy runtime detection - make directory (backdoor.rules)
6086 - BACKDOOR autospy runtime detection - make directory (backdoor.rules)
6087 - BACKDOOR a trojan 2.0 runtime detection (backdoor.rules)
6088 - BACKDOOR a trojan 2.0 runtime detection - init connection (backdoor.rules)
6089 - BACKDOOR a trojan 2.0 runtime detection (backdoor.rules)
6090 - BACKDOOR a trojan 2.0 runtime detection - get memory info (backdoor.rules)
6091 - BACKDOOR a trojan 2.0 runtime detection (backdoor.rules)
6092 - BACKDOOR a trojan 2.0 runtime detection - get harddisk info (backdoor.rules)
6093 - BACKDOOR a trojan 2.0 runtime detection (backdoor.rules)
6094 - BACKDOOR a trojan 2.0 runtime detection - get drive info (backdoor.rules)
6095 - BACKDOOR a trojan 2.0 runtime detection (backdoor.rules)
6096 - BACKDOOR a trojan 2.0 runtime detection - get system info (backdoor.rules)
6097 - BACKDOOR alvgus 2000 runtime detection (backdoor.rules)
6098 - BACKDOOR alvgus 2000 runtime detection - check server (backdoor.rules)
6099 - BACKDOOR alvgus 2000 runtime detection (backdoor.rules)
6100 - BACKDOOR alvgus 2000 runtime detection - view content of directory (backdoor.rules)
6101 - BACKDOOR alvgus 2000 runtime detection (backdoor.rules)
6102 - BACKDOOR alvgus 2000 runtime detection - execute command (backdoor.rules)
6103 - BACKDOOR alvgus 2000 runtime detection (backdoor.rules)
6104 - BACKDOOR alvgus 2000 runtime detection - upload file (backdoor.rules)
6105 - BACKDOOR alvgus 2000 runtime detection (backdoor.rules)
6106 - BACKDOOR alvgus 2000 runtime detection - download file (backdoor.rules)
6107 - BACKDOOR backage 3.1 runtime detection (backdoor.rules)
6108 - BACKDOOR dagger v1.1.40 runtime detection (backdoor.rules)
6109 - BACKDOOR dagger v1.1.40 runtime detection (backdoor.rules)
6110 - BACKDOOR forced entry v1.1 beta runtime detection (backdoor.rules)
6111 - BACKDOOR optix 1.32 runtime detection - init conn (backdoor.rules)
6112 - BACKDOOR optix 1.32 runtime detection - init conn (backdoor.rules)
6113 - BACKDOOR optix 1.32 runtime detection - init conn (backdoor.rules)
6114 - BACKDOOR optix 1.32 runtime detection - email notification (backdoor.rules)
6115 - BACKDOOR optix 1.32 runtime detection - icq notification (backdoor.rules)
6116 - BACKDOOR fore v1.0 beta runtime detection - init conn (backdoor.rules)
6117 - BACKDOOR fore v1.0 beta runtime detection - init conn (backdoor.rules)
6118 - BACKDOOR net runner runtime detection - initial connection client-to-server (backdoor.rules)
6119 - BACKDOOR net runner runtime detection - initial connection server-to-client (backdoor.rules)
6120 - BACKDOOR net runner runtime detection - download file client-to-server (backdoor.rules)
6121 - BACKDOOR net runner runtime detection - download file server-to-client (backdoor.rules)
6122 - BACKDOOR millenium v1.0 runtime detection (backdoor.rules)
6123 - BACKDOOR ambush 1.0 runtime detection - ping client-to-server (backdoor.rules)
6124 - BACKDOOR ambush 1.0 runtime detection - ping server-to-client (backdoor.rules)
6125 - BACKDOOR dkangel runtime detection - smtp (backdoor.rules)
6126 - BACKDOOR dkangel runtime detection - smtp (backdoor.rules)
6127 - BACKDOOR dkangel runtime detection - udp client-to-server (backdoor.rules)
6128 - BACKDOOR dkangel runtime detection - icmp echo reply client-to-server (backdoor.rules)
6129 - BACKDOOR chupacabra 1.0 runtime detection (backdoor.rules)
6130 - BACKDOOR chupacabra 1.0 runtime detection - get computer name (backdoor.rules)
6131 - BACKDOOR chupacabra 1.0 runtime detection (backdoor.rules)
6132 - BACKDOOR chupacabra 1.0 runtime detection - get user name (backdoor.rules)
6133 - BACKDOOR chupacabra 1.0 runtime detection - send messages (backdoor.rules)
6134 - BACKDOOR chupacabra 1.0 runtime detection - delete file (backdoor.rules)
6135 - DELETED BACKDOOR clindestine 1.0 icq notification of server installation (deleted.rules)
6136 - BACKDOOR clindestine 1.0 runtime detection - capture big screen (backdoor.rules)
6137 - BACKDOOR clindestine 1.0 runtime detection - capture small screen (backdoor.rules)
6138 - BACKDOOR clindestine 1.0 runtime detection - get computer info (backdoor.rules)
6139 - BACKDOOR clindestine 1.0 runtime detection - get system directory (backdoor.rules)
6140 - BACKDOOR hellzaddiction v1.0e runtime detection - init conn (backdoor.rules)
6141 - BACKDOOR hellzaddiction v1.0e runtime detection - init conn (backdoor.rules)
6142 - BACKDOOR hellzaddiction v1.0e runtime detection - ftp open (backdoor.rules)
6143 - BACKDOOR dark connection inside v1.2 runtime detection (backdoor.rules)
6144 - BACKDOOR mantis runtime detection - sent notify option client-to-server 1 (backdoor.rules)
6145 - BACKDOOR mantis runtime detection - sent notify option server-to-client (backdoor.rules)
6146 - BACKDOOR mantis runtime detection - sent notify option client-to-server 2 (backdoor.rules)
6147 - BACKDOOR mantis runtime detection - go to address client-to-server (backdoor.rules)
6148 - BACKDOOR mantis runtime detection - go to address server-to-client (backdoor.rules)
6149 - BACKDOOR netcontrol v1.0.8 runtime detection (backdoor.rules)
6150 - BACKDOOR netcontrol v1.0.8 runtime detection (backdoor.rules)
6151 - BACKDOOR back attack v1.4 runtime detection (backdoor.rules)
6152 - BACKDOOR dirtxt runtime detection - chdir client-to-server (backdoor.rules)
6153 - BACKDOOR dirtxt runtime detection - chdir server-to-client (backdoor.rules)
6154 - BACKDOOR dirtxt runtime detection - info client-to-server (backdoor.rules)
6155 - BACKDOOR dirtxt runtime detection - info server-to-client (backdoor.rules)
6156 - BACKDOOR dirtxt runtime detection - view client-to-server (backdoor.rules)
6157 - BACKDOOR dirtxt runtime detection - view server-to-client (backdoor.rules)
6158 - DELETED BACKDOOR satanz Backdoor runtime detection (deleted.rules)
6159 - BACKDOOR delirium of disorder runtime detection - enable keylogger (backdoor.rules)
6160 - BACKDOOR delirium of disorder runtime detection - stop keylogger (backdoor.rules)
6161 - BACKDOOR furax 1.0 b2 runtime detection (backdoor.rules)
6162 - DELETED BACKDOOR netsphere v1.31.337 final runtime detection (deleted.rules)
6163 - DELETED BACKDOOR gate crahser v1.2 runtime detection (deleted.rules)
6164 - BACKDOOR psyrat 1.0 runtime detection (backdoor.rules)
6165 - BACKDOOR psyrat 1.0 runtime detection (backdoor.rules)
6166 - BACKDOOR unicorn runtime detection - initial connection (backdoor.rules)
6167 - BACKDOOR unicorn runtime detection - set wallpaper client-to-server (backdoor.rules)
6168 - BACKDOOR unicorn runtime detection - set wallpaper server-to-client (backdoor.rules)
6169 - BACKDOOR digital rootbeer runtime detection (backdoor.rules)
6170 - BACKDOOR digital rootbeer runtime detection (backdoor.rules)
6171 - BACKDOOR cookie monster 0.24 runtime detection (backdoor.rules)
6172 - BACKDOOR cookie monster 0.24 runtime detection - get version info (backdoor.rules)
6173 - BACKDOOR cookie monster 0.24 runtime detection (backdoor.rules)
6174 - BACKDOOR cookie monster 0.24 runtime detection - file explorer (backdoor.rules)
6175 - BACKDOOR cookie monster 0.24 runtime detection - kill kernel (backdoor.rules)
6176 - BACKDOOR guptachar 2.0 runtime detection (backdoor.rules)
6177 - BACKDOOR ultimate destruction runtime detection - kill process client-to-server (backdoor.rules)
6178 - BACKDOOR ultimate destruction runtime detection - kill windows client-to-server (backdoor.rules)
6179 - BACKDOOR bladerunner 0.80 runtime detection (backdoor.rules)
6180 - BACKDOOR netraider 0.0 runtime detection (backdoor.rules)
6181 - BACKDOOR netraider 0.0 runtime detection (backdoor.rules)
6182 - CHAT IRC channel notice (chat.rules)

Updated rules:
 104 - DELETED BACKDOOR - Dagger_1.4.0_client_connect (deleted.rules)
 109 - BACKDOOR netbus active (backdoor.rules)
 118 - BACKDOOR SatansBackdoor.2.0.Beta (backdoor.rules)
 147 - BACKDOOR GateCrasher (backdoor.rules)
 542 - CHAT IRC nick change (chat.rules)
 631 - SMTP ehlo cybercop attempt (smtp.rules)
 632 - SMTP expn cybercop attempt (smtp.rules)
 648 - SHELLCODE x86 NOOP (shellcode.rules)
 907 - WEB-COLDFUSION addcontent.cfm access (web-coldfusion.rules)
 909 - WEB-COLDFUSION datasource username attempt (web-coldfusion.rules)
 910 - WEB-COLDFUSION fileexists.cfm access (web-coldfusion.rules)
 911 - WEB-COLDFUSION exprcalc access (web-coldfusion.rules)
 912 - WEB-COLDFUSION parks access (web-coldfusion.rules)
 913 - WEB-COLDFUSION cfappman access (web-coldfusion.rules)
 914 - WEB-COLDFUSION beaninfo access (web-coldfusion.rules)
 915 - WEB-COLDFUSION evaluate.cfm access (web-coldfusion.rules)
 916 - WEB-COLDFUSION getodbcdsn access (web-coldfusion.rules)
 917 - WEB-COLDFUSION db connections flush attempt (web-coldfusion.rules)
 918 - WEB-COLDFUSION expeval access (web-coldfusion.rules)
 919 - WEB-COLDFUSION datasource passwordattempt (web-coldfusion.rules)
 920 - WEB-COLDFUSION datasource attempt (web-coldfusion.rules)
 921 - WEB-COLDFUSION admin encrypt attempt (web-coldfusion.rules)
 922 - WEB-COLDFUSION displayfile access (web-coldfusion.rules)
 923 - WEB-COLDFUSION getodbcin attempt (web-coldfusion.rules)
 924 - WEB-COLDFUSION admin decrypt attempt (web-coldfusion.rules)
 925 - WEB-COLDFUSION mainframeset access (web-coldfusion.rules)
 926 - WEB-COLDFUSION set odbc ini attempt (web-coldfusion.rules)
 927 - WEB-COLDFUSION settings refresh attempt (web-coldfusion.rules)
 928 - WEB-COLDFUSION exampleapp access (web-coldfusion.rules)
 929 - WEB-COLDFUSION CFUSION_VERIFYMAIL access (web-coldfusion.rules)
 930 - WEB-COLDFUSION snippets attempt (web-coldfusion.rules)
 931 - WEB-COLDFUSION cfmlsyntaxcheck.cfm access (web-coldfusion.rules)
 932 - WEB-COLDFUSION application.cfm access (web-coldfusion.rules)
 933 - WEB-COLDFUSION onrequestend.cfm access (web-coldfusion.rules)
 935 - WEB-COLDFUSION startstop DOS access (web-coldfusion.rules)
 936 - WEB-COLDFUSION gettempdirectory.cfm access  (web-coldfusion.rules)
1446 - SMTP vrfy root (smtp.rules)
1463 - CHAT IRC message (chat.rules)
1540 - WEB-COLDFUSION ?Mode=debug attempt (web-coldfusion.rules)
1639 - CHAT IRC DCC file transfer request (chat.rules)
1640 - CHAT IRC DCC chat request (chat.rules)
1659 - WEB-COLDFUSION sendmail.cfm access (web-coldfusion.rules)
1729 - CHAT IRC channel join (chat.rules)
1789 - CHAT IRC dns request (chat.rules)
2925 - INFO web bug 1x1 gif attempt (info.rules)
3083 - BACKDOOR Y3KRAT 1.5 Connection confirmation (backdoor.rules)
3653 - SMTP SAML overflow attempt (smtp.rules)
3654 - SMTP SOML overflow attempt (smtp.rules)
3655 - SMTP SEND overflow attempt (smtp.rules)
3656 - SMTP MAIL overflow attempt (smtp.rules)
3815 - SMTP eXchange POP3 mail server overflow attempt (smtp.rules)
3824 - SMTP AUTH user overflow attempt (smtp.rules)
5714 - SMTP x-unix-mode executable mail attachment (smtp.rules)