Sourcefire VRT Update

Date: 2006-05-05

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.

The format of the file is:

sid - Message (rule group)

New rules:
6183 - SPYWARE-PUT Adware 180Search assistant runtime detection - tracked event URL (spyware-put.rules)
6184 - SPYWARE-PUT Adware 180Search assistant runtime detection - config upload (spyware-put.rules)
6185 - SPYWARE-PUT Adware 180Search assistant runtime detection - reporting keyword (spyware-put.rules)
6186 - SPYWARE-PUT Other-Technologies SpywareStrike Runtime Detection (spyware-put.rules)
6187 - SPYWARE-PUT Adware ISTBar runtime detection - scripts (spyware-put.rules)
6188 - SPYWARE-PUT Adware ISTBar runtime detection - bar (spyware-put.rules)
6189 - SPYWARE-PUT Trackware try2find detection (spyware-put.rules)
6190 - SPYWARE-PUT Keylogger eblaster 5.0 runtime detection (spyware-put.rules)
6191 - SPYWARE-PUT Trackware onetoolbar runtime detection (spyware-put.rules)
6192 - SPYWARE-PUT Adware seekmo runtime detection - reporting keyword (spyware-put.rules)
6193 - SPYWARE-PUT Adware seekmo runtime detection - pop up ads (spyware-put.rules)
6194 - SPYWARE-PUT Adware seekmo runtime detection - config upload (spyware-put.rules)
6195 - SPYWARE-PUT Adware seekmo runtime detection - download .cab (spyware-put.rules)
6196 - SPYWARE-PUT Hijacker smart shopper runtime detection - services requests (spyware-put.rules)
6197 - SPYWARE-PUT Hijacker smart shopper runtime detection - track/upgrade/report activities (spyware-put.rules)
6198 - SPYWARE-PUT Trackware squaretrade side bar runtime detection - collect user information (spyware-put.rules)
6199 - SPYWARE-PUT Hijacker smart search runtime detection - hijack/ads (spyware-put.rules)
6200 - SPYWARE-PUT Hijacker smart search runtime detection - get settings (spyware-put.rules)
6201 - SPYWARE-PUT Adware twaintec runtime detection (spyware-put.rules)
6202 - SPYWARE-PUT Trickler farmmext installtime/update request (spyware-put.rules)
6203 - SPYWARE-PUT Trickler farmmext runtime detection - drk.syn request (spyware-put.rules)
6204 - SPYWARE-PUT Trickler farmmext runtime detection - track activity (spyware-put.rules)
6205 - SPYWARE-PUT Hacker-Tool freak 88 das runtime detection (spyware-put.rules)
6206 - SPYWARE-PUT Hacker-Tool sin stealer 1.1 runtime detection (spyware-put.rules)
6207 - SPYWARE-PUT Keylogger winsession runtime detection - smtp (spyware-put.rules)
6208 - SPYWARE-PUT Keylogger winsession runtime detection - ftp (spyware-put.rules)
6209 - SPYWARE-PUT Adware deskwizz runtime detection - get config information / ad banner (spyware-put.rules)
6210 - DELETED SPYWARE-PUT Adware deskwizz runtime detection - ad banner (deleted.rules)
6211 - SPYWARE-PUT Adware deskwizz runtime detection - pop-up ad request (spyware-put.rules)
6212 - SPYWARE-PUT Adware commonname runtime detection (spyware-put.rules)
6213 - SPYWARE-PUT Hijacker 7fasst runtime detection - auto requests (spyware-put.rules)
6214 - SPYWARE-PUT Hijacker 7fasst runtime detection - search (spyware-put.rules)
6215 - SPYWARE-PUT Hijacker 7fasst runtime detection - track (spyware-put.rules)
6216 - SPYWARE-PUT Adware aornum/iwon copilot runtime detection - config (spyware-put.rules)
6217 - SPYWARE-PUT Adware aornum/iwon copilot runtime detection - ads 1 (spyware-put.rules)
6218 - SPYWARE-PUT Adware aornum/iwon copilot runtime detection - ads 2 (spyware-put.rules)
6219 - SPYWARE-PUT Adware bonzibuddy runtime detection (spyware-put.rules)
6220 - SPYWARE-PUT Keylogger boss everyware runtime detection (spyware-put.rules)
6221 - SPYWARE-PUT Keylogger computerspy runtime detection (spyware-put.rules)
6222 - SPYWARE-PUT Adware delfin media viewer runtime detection - contact server (spyware-put.rules)
6223 - SPYWARE-PUT Adware delfin media viewer runtime detection - retrieve schedule (spyware-put.rules)
6224 - SPYWARE-PUT Hijacker ieplugin runtime detection - search (spyware-put.rules)
6225 - SPYWARE-PUT Adware exact.bargainbuddy runtime detection - ads - getsize request (spyware-put.rules)
6226 - SPYWARE-PUT Adware exact.bargainbuddy runtime detection - ads - request (spyware-put.rules)
6227 - SPYWARE-PUT Adware exact.bargainbuddy runtime detection - bullseye network side search frame (spyware-put.rules)
6228 - SPYWARE-PUT Adware exact.bargainbuddy runtime detection - disclaimer text (spyware-put.rules)
6229 - DELETED SPYWARE-PUT Adware exact.bargainbuddy runtime detection - adp ads (deleted.rules)
6230 - SPYWARE-PUT Hijacker i-lookup runtime detection (spyware-put.rules)
6231 - DELETED SPYWARE-PUT Adware mirar runtime detection - search (deleted.rules)
6232 - SPYWARE-PUT Adware mirar runtime detection - thumbnail (spyware-put.rules)
6233 - SPYWARE-PUT Adware mirar runtime detection - delayed (spyware-put.rules)
6234 - SPYWARE-PUT Adware mirar runtime detection - ads (spyware-put.rules)
6235 - DELETED SPYWARE-PUT Adware spoton runtime detection (deleted.rules)
6236 - SPYWARE-PUT Adware lop runtime detection - pass info to server (spyware-put.rules)
6237 - SPYWARE-PUT Adware lop runtime detection - check update request (spyware-put.rules)
6238 - SPYWARE-PUT Adware lop runtime detection - collect info request 1 (spyware-put.rules)
6239 - SPYWARE-PUT Adware lop runtime detection - collect info request 2 (spyware-put.rules)
6240 - SPYWARE-PUT Adware lop runtime detection - pop up ads (spyware-put.rules)
6241 - SPYWARE-PUT Adware lop runtime detection - ie autosearch hijack (spyware-put.rules)
6242 - SPYWARE-PUT Hijacker coolwebsearch.cameup runtime detection (spyware-put.rules)
6243 - SPYWARE-PUT Hijacker coolwebsearch cameup runtime detection - home page hijack (spyware-put.rules)
6244 - SPYWARE-PUT Hijacker coolwebsearch cameup runtime detection - ie auto search hijack (spyware-put.rules)
6245 - SPYWARE-PUT Hijacker coolwebsearch startpage runtime detection (spyware-put.rules)
6246 - SPYWARE-PUT Hijacker exact navisearch runtime detection - search hijack (spyware-put.rules)
6247 - SPYWARE-PUT Adware ezula toptext runtime detection - help redirect (spyware-put.rules)
6248 - SPYWARE-PUT Adware ezula toptext runtime detection - popup (spyware-put.rules)
6249 - SPYWARE-PUT Adware ezula toptext runtime detection - redirect (spyware-put.rules)
6250 - SPYWARE-PUT Adware hotbar runtime detection - hotbar user-agent (spyware-put.rules)
6251 - SPYWARE-PUT Adware hotbar runtime detection - hostie user-agent (spyware-put.rules)
6252 - SPYWARE-PUT Trackware quicksearch toolbar runtime detection - search request (spyware-put.rules)
6253 - SPYWARE-PUT Trackware quicksearch toolbar runtime detection - log user ativity (spyware-put.rules)
6254 - SPYWARE-PUT Trackware quicksearch toolbar runtime detection - redirect (spyware-put.rules)
6255 - SPYWARE-PUT Trackware quicksearch toolbar runtime detection - update (spyware-put.rules)
6256 - SPYWARE-PUT Adware searchsquire installtime/auto-update (spyware-put.rules)
6257 - SPYWARE-PUT Adware searchsquire runtime detection - testgeonew query (spyware-put.rules)
6258 - SPYWARE-PUT Adware searchsquire runtime detection - get engine file (spyware-put.rules)
6259 - SPYWARE-PUT Adware searchsquire runtime detection - search forward (spyware-put.rules)
6260 - SPYWARE-PUT Adware overpro runtime detection (spyware-put.rules)
6261 - SPYWARE-PUT Trickler slinkyslate toolbar runtime detection (spyware-put.rules)
6262 - DELETED SPYWARE-PUT Hijacker gigatech superbar runtime detection - hijack ie auto search (deleted.rules)
6263 - SPYWARE-PUT Hijacker gigatech superbar runtime detection - collect information (spyware-put.rules)
6264 - SPYWARE-PUT Hijacker gigatech superbar runtime detection - self update - movie (spyware-put.rules)
6265 - SPYWARE-PUT Hijacker gigatech superbar runtime detection - self update - engine (spyware-put.rules)
6266 - SPYWARE-PUT Hijacker gigatech superbar runtime detection - self update - check update (spyware-put.rules)
6267 - SPYWARE-PUT Hijacker gigatech superbar runtime detection - self update - get update (spyware-put.rules)
6268 - SPYWARE-PUT Hijacker gigatech superbar runtime detection - self update - download exe (spyware-put.rules)
6269 - SPYWARE-PUT Hijacker gigatech superbar runtime detection - track event (spyware-put.rules)
6270 - SPYWARE-PUT Hijacker topicks runtime detection (spyware-put.rules)
6271 - SPYWARE-PUT Trickler bundleware runtime detection (spyware-put.rules)
6272 - DELETED SPYWARE-PUT Adware bundleware ds3 runtime detection - initial connection (deleted.rules)
6273 - DELETED SPYWARE-PUT Adware bundleware ds3 runtime detection - pop-up retreival (deleted.rules)
6274 - SPYWARE-PUT Trickler clickalchemy runtime detection (spyware-put.rules)
6275 - SPYWARE-PUT Hijacker incredifind runtime detection - cookie (spyware-put.rules)
6276 - SPYWARE-PUT Hijacker incredifind runtime detection - autosearch (spyware-put.rules)
6277 - DELETED SPYWARE-PUT Hijacker navexcel runtime detection (deleted.rules)
6278 - SPYWARE-PUT Trickler navexcel search toolbar runtime detection - activate/update (spyware-put.rules)
6279 - SPYWARE-PUT Hijacker sidefind runtime detection (spyware-put.rules)
6280 - SPYWARE-PUT Hijacker sidefind runtime detection - cookie (spyware-put.rules)
6281 - SPYWARE-PUT Hijacker yoursitebar runtime detection (spyware-put.rules)
6282 - SPYWARE-PUT Hijacker customtoolbar runtime detection (spyware-put.rules)
6283 - SPYWARE-PUT Hijacker websearch runtime detection - sitereview (spyware-put.rules)
6284 - SPYWARE-PUT Hijacker websearch runtime detection - webstat (spyware-put.rules)
6285 - BACKDOOR antilamer 1.1 runtime detection - set flowbit (backdoor.rules)
6286 - BACKDOOR antilamer 1.1 runtime detection (backdoor.rules)
6287 - BACKDOOR fictional daemon 4.4 runtime detection - telent (backdoor.rules)
6288 - BACKDOOR fictional daemon 4.4 runtime detection - ftp (backdoor.rules)
6289 - BACKDOOR netspy runtime detection - command pattern client-to-server (backdoor.rules)
6290 - BACKDOOR netspy runtime detection - command pattern server-to-client (backdoor.rules)
6291 - BACKDOOR justjoke v2.6 runtime detection (backdoor.rules)
6292 - BACKDOOR joker ddos v1.0.1 runtime detection - initial connection (backdoor.rules)
6293 - BACKDOOR joker ddos v1.0.1 runtime detection - bomb - initial flowbit (backdoor.rules)
6294 - BACKDOOR joker ddos v1.0.1 runtime detection - bomb - second flowbit (backdoor.rules)
6295 - BACKDOOR joker ddos v1.0.1 runtime detection - bomb (backdoor.rules)
6296 - BACKDOOR insurrection 1.1.0 runtime detection - icq notification 1 (backdoor.rules)
6297 - BACKDOOR insurrection 1.1.0 runtime detection - icq notification 2 (backdoor.rules)
6298 - BACKDOOR insurrection 1.1.0 runtime detection - reverse connection (backdoor.rules)
6299 - BACKDOOR insurrection 1.1.0 runtime detection - initial connection (backdoor.rules)
6300 - BACKDOOR cia 1.3 runtime detection - icq notification (backdoor.rules)
6301 - BACKDOOR cia 1.3 runtime detection - smtp notification (backdoor.rules)
6302 - BACKDOOR cia runtime detection - initial connection - set flowbit (backdoor.rules)
6303 - BACKDOOR cia runtime detection - initial connection (backdoor.rules)
6304 - BACKDOOR softwar shadowthief runtime detection - initial connection - set flowbit (backdoor.rules)
6305 - BACKDOOR softwar shadowthief runtime detection - initial connection (backdoor.rules)
6306 - BACKDOOR shit heep runtime detection (backdoor.rules)
6307 - BACKDOOR lamespy runtime detection - initial connection - set flowbit (backdoor.rules)
6308 - BACKDOOR lamespy runtime detection - initial connection (backdoor.rules)
6309 - BACKDOOR net demon runtime detection - initial connection - password request (backdoor.rules)
6310 - BACKDOOR net demon runtime detection - initial connection - password send (backdoor.rules)
6311 - BACKDOOR net demon runtime detection - initial connection - password accepted (backdoor.rules)
6312 - BACKDOOR net demon runtime detection - message send (backdoor.rules)
6313 - BACKDOOR net demon runtime detection - message response (backdoor.rules)
6314 - BACKDOOR net demon runtime detection - open browser request (backdoor.rules)
6315 - BACKDOOR net demon runtime detection - open browser response (backdoor.rules)
6316 - BACKDOOR net demon runtime detection - file manager request (backdoor.rules)
6317 - BACKDOOR net demon runtime detection - file manager response (backdoor.rules)
6318 - BACKDOOR rtb666 runtime detection (backdoor.rules)
6319 - BACKDOOR evilftp runtime detection - init connection (backdoor.rules)
6320 - BACKDOOR ptakks2.1 runtime detection - keepalive (backdoor.rules)
6321 - BACKDOOR ptakks2.1 runtime detection - keepalive acknowledgement (backdoor.rules)
6322 - BACKDOOR ptakks2.1 runtime detection - command pattern (backdoor.rules)
6323 - BACKDOOR 3xBackdoor runtime detection - set flowbit (backdoor.rules)
6324 - BACKDOOR 3xBackdoor runtime detection (backdoor.rules)
6325 - BACKDOOR fucktrojan 1.2 runtime detection - initial connection (backdoor.rules)
6326 - BACKDOOR fucktrojan 1.2 runtime detection - flood (backdoor.rules)
6327 - BACKDOOR fucktrojan 1.2 runtime detection - flood (backdoor.rules)
6328 - BACKDOOR commando runtime detection - initial connection (backdoor.rules)
6329 - BACKDOOR commando runtime detection - chat client-to-server (backdoor.rules)
6330 - BACKDOOR commando runtime detection - chat server-to-client (backdoor.rules)
6331 - BACKDOOR globalkiller1.0 runtime detection - notification (backdoor.rules)
6332 - BACKDOOR globalkiller1.0 runtime detection - initial connection (backdoor.rules)
6333 - BACKDOOR wincrash 2.0 runtime detection (backdoor.rules)
6334 - BACKDOOR backlash runtime detection (backdoor.rules)
6335 - BACKDOOR buttman v0.9p runtime detection - remote control - set flowbit (backdoor.rules)
6336 - BACKDOOR buttman v0.9p runtime detection - remote control (backdoor.rules)
6337 - BACKDOOR hatredfriend file manage command - set flowbit (backdoor.rules)
6338 - BACKDOOR hatredfriend file manage command (backdoor.rules)
6339 - BACKDOOR hatredfriend email notification detection (backdoor.rules)
6340 - SPYWARE-PUT Keylogger handy keylogger runtime detection (spyware-put.rules)
6341 - SPYWARE-PUT Hijacker spediabar user-agent string detected (spyware-put.rules)
6342 - SPYWARE-PUT Hijacker spediabar runtime detection - info check (spyware-put.rules)
6343 - SPYWARE-PUT Adware targetsaver runtime detection (spyware-put.rules)
6344 - SPYWARE-PUT Adware excite search bar runtime detection - config (spyware-put.rules)
6345 - SPYWARE-PUT Adware excite search bar runtime detection - search (spyware-put.rules)
6346 - SPYWARE-PUT Adware stationripper update detection (spyware-put.rules)
6347 - SPYWARE-PUT Adware stationripper ad display detection (spyware-put.rules)
6348 - SPYWARE-PUT Snoopware zenosearch runtime detection (spyware-put.rules)
6349 - SPYWARE-PUT Hijacker richfind update detection (spyware-put.rules)
6350 - SPYWARE-PUT Hijacker richfind auto search redirect detection (spyware-put.rules)
6351 - SPYWARE-PUT Hijacker adblock update detection (spyware-put.rules)
6352 - SPYWARE-PUT Hijacker adblock auto search redirect detection (spyware-put.rules)
6353 - SPYWARE-PUT Hijacker adblock ie search assistant redirect detection (spyware-put.rules)
6354 - SPYWARE-PUT Trickler wsearch runtime detection - auto update (spyware-put.rules)
6355 - SPYWARE-PUT Trickler wsearch runtime detection - mp3 search (spyware-put.rules)
6356 - SPYWARE-PUT Trickler wsearch runtime detection - desktop search (spyware-put.rules)
6357 - SPYWARE-PUT Hijacker need2find initial configuration detection (spyware-put.rules)
6358 - SPYWARE-PUT Hijacker need2find search query detection (spyware-put.rules)
6359 - SPYWARE-PUT Adware altnet runtime detection - initial retrieval (spyware-put.rules)
6360 - SPYWARE-PUT Adware altnet runtime detection - update (spyware-put.rules)
6361 - SPYWARE-PUT Adware altnet runtime detection - status report (spyware-put.rules)
6362 - SPYWARE-PUT Hijacker microgaming runtime detection (spyware-put.rules)
6363 - SPYWARE-PUT adware surfaccuracy runtime detection (spyware-put.rules)
6364 - SPYWARE-PUT Hijacker imeshbar runtime detection (spyware-put.rules)
6365 - SPYWARE-PUT Other-Technologies sony rootkit runtime detection (spyware-put.rules)
6366 - SPYWARE-PUT Trickler eacceleration downloadreceiver user-agent string detected (spyware-put.rules)
6367 - SPYWARE-PUT Trickler eacceleration downloadreceiver runtime etection - stop-sign ads (spyware-put.rules)
6368 - SPYWARE-PUT Adware flashtrack media/spoton runtime detection - update request (spyware-put.rules)
6369 - DELETED SPYWARE-PUT Adware flashtrack media runtime detection - download .dll (deleted.rules)
6370 - DELETED SPYWARE-PUT Adware flashtrack media runtime detection - download .exe (deleted.rules)
6371 - SPYWARE-PUT Adware flashtrack media/spoton runtime detection - pop up ads (spyware-put.rules)
6372 - SPYWARE-PUT Trickler spyblocs eblocs detection - get wsliveup.dat (spyware-put.rules)
6373 - SPYWARE-PUT Trickler spyblocs eblocs detection - stbarpat.dat (spyware-put.rules)
6374 - SPYWARE-PUT Trickler spyblocs eblocs detection - get spyblpat.dat/spyblini.ini (spyware-put.rules)
6375 - SPYWARE-PUT Trickler spyblocs.eblocs detection - register request (spyware-put.rules)
6376 - SPYWARE-PUT Hijacker girafa toolbar - toolbar update (spyware-put.rules)
6377 - SPYWARE-PUT Hijacker girafa toolbar - browser hijack (spyware-put.rules)
6378 - SPYWARE-PUT Hijacker adbars runtime detection - homepage hijack (spyware-put.rules)
6379 - SPYWARE-PUT Hijacker adbars runtime detection - search in toolbar (spyware-put.rules)
6380 - SPYWARE-PUT Hijacker dotcomtoolbar runtime detection - toolbar information retrieve (spyware-put.rules)
6381 - SPYWARE-PUT Hijacker dotcomtoolbar runtime detection - search in toolbar (spyware-put.rules)
6382 - SPYWARE-PUT Hijacker dotcomtoolbar runtime detection - url hook (spyware-put.rules)
6383 - SPYWARE-PUT Keylogger stealthwatcher 2000 runtime detection - tcp connection setup (spyware-put.rules)
6384 - SPYWARE-PUT Keylogger stealthwatcher 2000 runtime detection - agent discover broadcast (spyware-put.rules)
6385 - SPYWARE-PUT Keylogger stealthwatcher 2000 runtime detection - agent status monitoring (spyware-put.rules)
6386 - SPYWARE-PUT Keylogger stealthwatcher 2000 runtime detection - agent up notification (spyware-put.rules)
6387 - SPYWARE-PUT Hijacker internet optimizer runtime detection - autosearch hijack (spyware-put.rules)
6388 - SPYWARE-PUT Hijacker internet optimizer runtime detection - error page hijack (spyware-put.rules)
6389 - SPYWARE-PUT Adware esyndicate runtime detection - postinstall request (spyware-put.rules)
6390 - SPYWARE-PUT Adware esyndicate runtime detection - ads popup (spyware-put.rules)
6391 - SPYWARE-PUT Adware esyndicate runtime detection - ads popup (spyware-put.rules)
6392 - SPYWARE-PUT Hijacker zeropopup runtime detection (spyware-put.rules)
6393 - DELETED SPYWARE-PUT Hijacker zeropopup runtime detection - button search (deleted.rules)
6394 - SPYWARE-PUT Hijacker adstart runtime detection (spyware-put.rules)
6395 - BACKDOOR a-311 death runtime detection - initial connection server-to-client (backdoor.rules)
6396 - BACKDOOR a-311 death user-agent string detected (backdoor.rules)
6397 - BACKDOOR http rat runtime detection - smtp (backdoor.rules)
6398 - BACKDOOR http rat runtime detection - http (backdoor.rules)
6399 - BACKDOOR rad 1.2.3 runtime detection (backdoor.rules)
6400 - BACKDOOR snowdoor runtime detection client-to-server (backdoor.rules)
6401 - BACKDOOR snowdoor runtime detection server-to-client (backdoor.rules)
6402 - BACKDOOR netangel connection client-to-server (backdoor.rules)
6403 - WEB-PHP horde help module arbitrary command execution attempt (web-php.rules)

Updated rules:
5869 - DELETED SPYWARE-PUT Trickler VX2/ABetterInternet transponder thinstaller runtime detection - download request 1 (deleted.rules)
5870 - DELETED SPYWARE-PUT Trickler VX2/ABetterInternet transponder thinstaller runtime detection - download request 2 (deleted.rules)