Sourcefire VRT Update

Date: 2006-08-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.

The format of the file is:

sid - Message (rule group)

New rules:
7502 <-> Enabled  <-> WEB-CLIENT tsuserex.ADsTSUserEx.1 ActiveX CLSID access (web-client.rules)
7503 <-> Enabled  <-> WEB-CLIENT tsuserex.ADsTSUserEx.1 ActiveX CLSID unicode access (web-client.rules)
7504 <-> Disabled <-> SPYWARE-PUT Keylogger actualspy runtime detection - ftp-data (spyware-put.rules)
7505 <-> Disabled <-> SPYWARE-PUT Keylogger actualspy runtime detection - smtp (spyware-put.rules)
7506 <-> Disabled <-> SPYWARE-PUT Hacker-Tool coma runtime detection - init connection - flowbit set (spyware-put.rules)
7507 <-> Disabled <-> SPYWARE-PUT Hacker-Tool coma runtime detection - init connection (spyware-put.rules)
7508 <-> Disabled <-> SPYWARE-PUT Hacker-Tool coma runtime detection - ping - flowbit set (spyware-put.rules)
7509 <-> Disabled <-> SPYWARE-PUT Hacker-Tool coma runtime detection - ping (spyware-put.rules)
7510 <-> Disabled <-> SPYWARE-PUT Trickler edonkey2000 runtime detection - version verification (spyware-put.rules)
7511 <-> Disabled <-> SPYWARE-PUT Trickler edonkey2000 runtime detection - get ads page (spyware-put.rules)
7512 <-> Disabled <-> SPYWARE-PUT Keylogger watchdog runtime detection - init connection - flowbit set (spyware-put.rules)
7513 <-> Disabled <-> SPYWARE-PUT Keylogger watchdog runtime detection - init connection (spyware-put.rules)
7514 <-> Disabled <-> SPYWARE-PUT Keylogger watchdog runtime detection - send out info to server periodically (spyware-put.rules)
7515 <-> Disabled <-> SPYWARE-PUT Keylogger watchdog runtime detection - remote monitoring (spyware-put.rules)
7516 <-> Disabled <-> SPYWARE-PUT Trickler hmtoolbar runtime detection (spyware-put.rules)
7517 <-> Disabled <-> SPYWARE-PUT Hijacker chinese keywords runtime detection (spyware-put.rules)
7518 <-> Disabled <-> SPYWARE-PUT Trackware earthlink toolbar runtime detection - get up-to-date news info (spyware-put.rules)
7519 <-> Disabled <-> SPYWARE-PUT Trackware earthlink toolbar runtime detection - track activity (spyware-put.rules)
7520 <-> Disabled <-> SPYWARE-PUT Trackware earthlink toolbar runtime detection - ie autosearch hijack (spyware-put.rules)
7521 <-> Disabled <-> SPYWARE-PUT Trackware earthlink toolbar runtime detection - search toolbar request 1 (spyware-put.rules)
7522 <-> Disabled <-> SPYWARE-PUT Trackware earthlink toolbar runtime detection - search toolbar request 2 (spyware-put.rules)
7523 <-> Disabled <-> SPYWARE-PUT Trackware earthlink toolbar runtime detection - click news button links (spyware-put.rules)
7524 <-> Disabled <-> SPYWARE-PUT Hijacker moneybar runtime detection - cgispy counter (spyware-put.rules)
7525 <-> Disabled <-> SPYWARE-PUT Trackware hotblox toolbar runtime detection - barad.asp request (spyware-put.rules)
7526 <-> Disabled <-> SPYWARE-PUT Trackware hotblox toolbar runtime detection - stat counter (spyware-put.rules)
7527 <-> Disabled <-> SPYWARE-PUT Trackware hotblox toolbar runtime detection - toolbar find function (spyware-put.rules)
7528 <-> Disabled <-> SPYWARE-PUT Trackware hotblox toolbar runtime detection - ie autosearch hijack (spyware-put.rules)
7529 <-> Disabled <-> SPYWARE-PUT Snoopware halflife jacker runtime detection (spyware-put.rules)
7530 <-> Disabled <-> SPYWARE-PUT Trickler mediaseek.pl client runtime detection - trickler (spyware-put.rules)
7531 <-> Disabled <-> SPYWARE-PUT Trickler mediaseek.pl client runtime detection - login (spyware-put.rules)
7532 <-> Disabled <-> SPYWARE-PUT Adware piolet runtime detection - user-agent (spyware-put.rules)
7533 <-> Disabled <-> SPYWARE-PUT Adware piolet runtime detection - ads request (spyware-put.rules)
7534 <-> Disabled <-> SPYWARE-PUT Hijacker clearsearch variant runtime detection - ie hijacking (spyware-put.rules)
7535 <-> Disabled <-> SPYWARE-PUT Hijacker clearsearch variant runtime detection - pass information (spyware-put.rules)
7536 <-> Disabled <-> SPYWARE-PUT Hijacker clearsearch variant runtime detection - popup (spyware-put.rules)
7537 <-> Disabled <-> SPYWARE-PUT Trackware arrow search runtime detection (spyware-put.rules)
7538 <-> Disabled <-> SPYWARE-PUT Screen-Scraper hidden camera runtime detection (spyware-put.rules)
7539 <-> Disabled <-> SPYWARE-PUT Keylogger eye spy pro 1.0 runtime detection (spyware-put.rules)
7540 <-> Disabled <-> SPYWARE-PUT Hacker-Tool unify runtime detection - cgi notification (spyware-put.rules)
7541 <-> Disabled <-> SPYWARE-PUT Keylogger starlogger runtime detection (spyware-put.rules)
7542 <-> Disabled <-> SPYWARE-PUT Hacker-Tool mini oblivion runtime detection - successful init connection (spyware-put.rules)
7543 <-> Disabled <-> SPYWARE-PUT Hijacker 2020search runtime detection (spyware-put.rules)
7544 <-> Disabled <-> SPYWARE-PUT Keylogger PerfectKeylogger runtime detection - flowbit set 1 (spyware-put.rules)
7545 <-> Disabled <-> SPYWARE-PUT Keylogger PerfectKeylogger runtime detection - flowbit set 2 (spyware-put.rules)
7546 <-> Disabled <-> SPYWARE-PUT Keylogger PerfectKeylogger runtime detection (spyware-put.rules)
7547 <-> Disabled <-> SPYWARE-PUT Keylogger activity monitor 3.8 runtime detection - agent status monitoring (spyware-put.rules)
7548 <-> Disabled <-> SPYWARE-PUT Keylogger activity monitor 3.8 runtime detection - agent up notification (spyware-put.rules)
7549 <-> Disabled <-> SPYWARE-PUT Keylogger activity monitor 3.8 runtime detection (spyware-put.rules)
7550 <-> Disabled <-> SPYWARE-PUT Adware adroar runtime detection (spyware-put.rules)
7551 <-> Disabled <-> SPYWARE-PUT Keylogger ardamax keylogger runtime detection - smtp (spyware-put.rules)
7552 <-> Disabled <-> SPYWARE-PUT Keylogger ardamax keylogger runtime detection - ftp (spyware-put.rules)
7553 <-> Disabled <-> SPYWARE-PUT Adware hxdl runtime detection - hxlogonly user-agent (spyware-put.rules)
7554 <-> Disabled <-> SPYWARE-PUT Adware hxdl runtime detection - hxdownload user-agent (spyware-put.rules)
7555 <-> Disabled <-> SPYWARE-PUT Adware hxdl runtime detection - crypt user-agent (spyware-put.rules)
7556 <-> Disabled <-> SPYWARE-PUT Hijacker blazefind runtime detection - search bar (spyware-put.rules)
7557 <-> Disabled <-> SPYWARE-PUT Trackware purityscan runtime detection - start up (spyware-put.rules)
7558 <-> Disabled <-> SPYWARE-PUT Trackware purityscan runtime detection - installation notify (spyware-put.rules)
7559 <-> Disabled <-> SPYWARE-PUT Trackware purityscan runtime detection - track user activity and status (spyware-put.rules)
7560 <-> Disabled <-> SPYWARE-PUT Trackware purityscan runtime detection - self update (spyware-put.rules)
7561 <-> Disabled <-> SPYWARE-PUT Trackware purityscan runtime detection - opt out of interstitial advertising (spyware-put.rules)
7562 <-> Disabled <-> SPYWARE-PUT Adware morpheus runtime detection - ad 1 (spyware-put.rules)
7563 <-> Disabled <-> SPYWARE-PUT Adware morpheus runtime detection - ad 2 (spyware-put.rules)
7564 <-> Disabled <-> SPYWARE-PUT Hijacker startnow runtime detection (spyware-put.rules)
7565 <-> Disabled <-> SPYWARE-PUT Hijacker adshooter.searchforit runtime detection - search engine (spyware-put.rules)
7566 <-> Disabled <-> SPYWARE-PUT Hijacker adshooter.searchforit runtime detection - redirector (spyware-put.rules)
7567 <-> Disabled <-> SPYWARE-PUT Trackware funwebproducts mywebsearchtoolbar-funtools runtime detection (spyware-put.rules)
7568 <-> Disabled <-> SPYWARE-PUT Trackware webhancer runtime detection (spyware-put.rules)
7569 <-> Disabled <-> SPYWARE-PUT Adware lordofsearch runtime detection (spyware-put.rules)
7570 <-> Disabled <-> SPYWARE-PUT Hijacker linkspider search bar runtime detection - ads (spyware-put.rules)
7571 <-> Disabled <-> SPYWARE-PUT Hijacker linkspider search bar runtime detection - toolbar search (spyware-put.rules)
7572 <-> Disabled <-> SPYWARE-PUT Trickler album galaxy runtime detection - startup data (spyware-put.rules)
7573 <-> Disabled <-> SPYWARE-PUT Trickler album galaxy runtime detection - p2p gnutella (spyware-put.rules)
7574 <-> Disabled <-> SPYWARE-PUT Keylogger proagent 2.0 runtime detection (spyware-put.rules)
7575 <-> Disabled <-> SPYWARE-PUT Hijacker starware toolbar runtime detection - weather request (spyware-put.rules)
7576 <-> Disabled <-> SPYWARE-PUT Hijacker starware toolbar runtime detection - hijack ie browser (spyware-put.rules)
7577 <-> Disabled <-> SPYWARE-PUT Hijacker starware toolbar runtime detection - collect information (spyware-put.rules)
7578 <-> Disabled <-> SPYWARE-PUT Hijacker starware toolbar runtime detection - reference (spyware-put.rules)
7579 <-> Disabled <-> SPYWARE-PUT Hijacker starware toolbar runtime detection - smileys (spyware-put.rules)
7580 <-> Disabled <-> SPYWARE-PUT Hijacker starware toolbar runtime detection - update (spyware-put.rules)
7581 <-> Disabled <-> SPYWARE-PUT Hijacker flashbar runtime detection - user-agent (spyware-put.rules)
7582 <-> Disabled <-> SPYWARE-PUT Trickler pcast runtime detection - update checking (spyware-put.rules)
7583 <-> Disabled <-> SPYWARE-PUT Hacker-Tool clandestine runtime detection - flowbit set big (spyware-put.rules)
7584 <-> Disabled <-> SPYWARE-PUT Hacker-Tool clandestine runtime detection - flowbit set open (spyware-put.rules)
7585 <-> Disabled <-> SPYWARE-PUT Hacker-Tool clandestine runtime detection - flowbit set image (spyware-put.rules)
7586 <-> Disabled <-> SPYWARE-PUT Hacker-Tool clandestine runtime detection - image transferred (spyware-put.rules)
7587 <-> Disabled <-> SPYWARE-PUT Trickler urlblaze runtime detection - software information request (spyware-put.rules)
7588 <-> Disabled <-> SPYWARE-PUT Trickler urlblaze runtime detection - files search or download (spyware-put.rules)
7589 <-> Disabled <-> SPYWARE-PUT Trickler urlblaze runtime detection - irc notification (spyware-put.rules)
7590 <-> Disabled <-> SPYWARE-PUT Hijacker swbar runtime detection (spyware-put.rules)
7591 <-> Disabled <-> SPYWARE-PUT Keylogger keylogger pro runtime detection - flowbit set (spyware-put.rules)
7592 <-> Disabled <-> SPYWARE-PUT Keylogger keylogger pro runtime detection (spyware-put.rules)
7593 <-> Disabled <-> SPYWARE-PUT Trackware trellian toolbarbrowser runtime detection (spyware-put.rules)
7594 <-> Disabled <-> SPYWARE-PUT Adware comedy planet runtime detection - ads (spyware-put.rules)
7595 <-> Disabled <-> SPYWARE-PUT Adware comedy planet runtime detection - collect user information (spyware-put.rules)
7596 <-> Disabled <-> SPYWARE-PUT Keylogger spy lantern keylogger runtime detection - flowbit set (spyware-put.rules)
7597 <-> Disabled <-> SPYWARE-PUT Keylogger spy lantern keylogger runtime detection (spyware-put.rules)
7598 <-> Disabled <-> SPYWARE-PUT Snoopware 2-seek runtime detection - search in toolbar (spyware-put.rules)
7599 <-> Disabled <-> SPYWARE-PUT Snoopware 2-seek runtime detection - user info collection (spyware-put.rules)
7600 <-> Disabled <-> SPYWARE-PUT Hijacker adtraffic runtime detection - notfound website search hijack and redirection (spyware-put.rules)
7601 <-> Disabled <-> SPYWARE-PUT Snoopware big brother v3.5.1 runtime detection - connect to keyserver (spyware-put.rules)
7602 <-> Disabled <-> SPYWARE-PUT Snoopware big brother v3.5.1 runtime detection - connect to receiver - flowbit set (spyware-put.rules)
7603 <-> Disabled <-> SPYWARE-PUT Snoopware big brother v3.5.1 runtime detection - connect to receiver (spyware-put.rules)
7604 <-> Disabled <-> BACKDOOR katux 2.0 runtime detection - screen capture - flowbit set (backdoor.rules)
7605 <-> Disabled <-> BACKDOOR katux 2.0 runtime detection - screen capture (backdoor.rules)
7606 <-> Disabled <-> BACKDOOR katux 2.0 runtime detection - get system info - flowbit set (backdoor.rules)
7607 <-> Disabled <-> BACKDOOR katux 2.0 runtime detection - get system info (backdoor.rules)
7608 <-> Disabled <-> BACKDOOR katux 2.0 runtime detection - chat - flowbit set (backdoor.rules)
7609 <-> Disabled <-> BACKDOOR katux 2.0 runtime detection - chat (backdoor.rules)
7610 <-> Disabled <-> BACKDOOR flux 1.0 runtime detection - initial connection - flowbit 1 (backdoor.rules)
7611 <-> Disabled <-> BACKDOOR flux 1.0 runtime detection - initial connection - flowbit 2 (backdoor.rules)
7612 <-> Disabled <-> BACKDOOR flux 1.0 runtime detection - initial connection - flowbit 3 (backdoor.rules)
7613 <-> Disabled <-> BACKDOOR flux 1.0 runtime detection - successful initial connection (backdoor.rules)
7614 <-> Disabled <-> BACKDOOR flux 1.0 runtime detection - keep alive - flowbit set (backdoor.rules)
7615 <-> Disabled <-> BACKDOOR flux 1.0 runtime detection - keep alive (backdoor.rules)
7616 <-> Disabled <-> BACKDOOR theef 2.0 runtime detection - connection without password (backdoor.rules)
7617 <-> Disabled <-> BACKDOOR theef 2.0 runtime detection - connection request with password - flowbit 1 (backdoor.rules)
7618 <-> Disabled <-> BACKDOOR theef 2.0 runtime detection - connection request with password - flowbit 2 (backdoor.rules)
7619 <-> Disabled <-> BACKDOOR theef 2.0 runtime detection - connection request with password (backdoor.rules)
7620 <-> Disabled <-> BACKDOOR remote control 1.7 runtime detection - connection request flowbit 1 (backdoor.rules)
7621 <-> Disabled <-> BACKDOOR remote control 1.7 runtime detection - connection request - flowbit 2 (backdoor.rules)
7622 <-> Disabled <-> BACKDOOR remote control 1.7 runtime detection - connection request - flowbit 3 (backdoor.rules)
7623 <-> Disabled <-> BACKDOOR remote control 1.7 runtime detection - connection request (backdoor.rules)
7624 <-> Disabled <-> BACKDOOR remote control 1.7 runtime detection - data communication (backdoor.rules)
7625 <-> Disabled <-> BACKDOOR skyrat show runtime detection - initial connection - flowbit 1 (backdoor.rules)
7626 <-> Disabled <-> BACKDOOR skyrat show runtime detection - initial connection - flowbit 2 (backdoor.rules)
7627 <-> Disabled <-> BACKDOOR skyrat show runtime detection - initial connection - flowbit 3 (backdoor.rules)
7628 <-> Disabled <-> BACKDOOR skyrat show runtime detection - initial connection - flowbit 4 (backdoor.rules)
7629 <-> Disabled <-> BACKDOOR skyrat show runtime detection - initial connection (backdoor.rules)
7630 <-> Disabled <-> BACKDOOR helios 3.1 runtime detection - initial connection (backdoor.rules)
7631 <-> Disabled <-> BACKDOOR hornet 1.0 runtime detection - fetch system info - flowbit set (backdoor.rules)
7632 <-> Disabled <-> BACKDOOR hornet 1.0 runtime detection - fetch system info (backdoor.rules)
7633 <-> Disabled <-> BACKDOOR hornet 1.0 runtime detection - irc connection - flowbit set (backdoor.rules)
7634 <-> Disabled <-> BACKDOOR hornet 1.0 runtime detection - irc connection (backdoor.rules)
7635 <-> Disabled <-> BACKDOOR hornet 1.0 runtime detection - fetch process list - flowbit set (backdoor.rules)
7636 <-> Disabled <-> BACKDOOR hornet 1.0 runtime detection - fetch processes list (backdoor.rules)
7637 <-> Disabled <-> BACKDOOR hornet 1.0 runtime detection - icq notification (backdoor.rules)
7638 <-> Disabled <-> BACKDOOR ncph runtime detection - initial connection (backdoor.rules)
7639 <-> Disabled <-> BACKDOOR air runtime detection - php notification (backdoor.rules)
7640 <-> Disabled <-> BACKDOOR air runtime detection - webmail notification (backdoor.rules)
7641 <-> Disabled <-> BACKDOOR am remote client runtime detection - client-to-server (backdoor.rules)
7642 <-> Disabled <-> BACKDOOR am remote client runtime detection - server-to-client (backdoor.rules)
7643 <-> Disabled <-> BACKDOOR netcontrol takeover runtime detection (backdoor.rules)
7644 <-> Disabled <-> BACKDOOR ullysse runtime detection - client-to-server (backdoor.rules)
7645 <-> Disabled <-> BACKDOOR snipernet 2.1 runtime detection - flowbit set (backdoor.rules)
7646 <-> Disabled <-> BACKDOOR snipernet 2.1 runtime detection (backdoor.rules)
7647 <-> Disabled <-> BACKDOOR minicom lite runtime detection - udp (backdoor.rules)
7648 <-> Disabled <-> BACKDOOR minicom lite runtime detection - client-to-server (backdoor.rules)
7649 <-> Disabled <-> BACKDOOR minicom lite runtime detection - server-to-client (backdoor.rules)
7650 <-> Disabled <-> BACKDOOR small uploader 1.01 runtime detection - initial connection - flowbit set (backdoor.rules)
7651 <-> Disabled <-> BACKDOOR small uploader 1.01 runtime detection - initial connection (backdoor.rules)
7652 <-> Disabled <-> BACKDOOR small uploader 1.01 runtime detection - get server information - flowbit set (backdoor.rules)
7653 <-> Disabled <-> BACKDOOR small uploader 1.01 runtime detection - get server information (backdoor.rules)
7654 <-> Disabled <-> BACKDOOR small uploader 1.01 runtime detection - remote shell - flowbit set (backdoor.rules)
7655 <-> Disabled <-> BACKDOOR small uploader 1.01 runtime detection - remote shell (backdoor.rules)
7656 <-> Disabled <-> BACKDOOR diems mutter runtime detection - client-to-server (backdoor.rules)
7657 <-> Disabled <-> BACKDOOR diems mutter runtime detection - server-to-client (backdoor.rules)
7658 <-> Disabled <-> BACKDOOR jodeitor 1.1 runtime detection - initial connection (backdoor.rules)
7659 <-> Disabled <-> BACKDOOR lan filtrator 1.1 runtime detection - sin notification (backdoor.rules)
7660 <-> Disabled <-> BACKDOOR lan filtrator 1.1 runtime detection - initial connection request - flowbit set (backdoor.rules)
7661 <-> Disabled <-> BACKDOOR lan filtrator 1.1 runtime detection - initial connection request (backdoor.rules)
7662 <-> Disabled <-> BACKDOOR snid x2 v1.2 runtime detection - initial connection - flowbit set (backdoor.rules)
7663 <-> Disabled <-> BACKDOOR snid x2 v1.2 runtime detection - initial connection (backdoor.rules)
7664 <-> Disabled <-> BACKDOOR screen control 1.0 runtime detection - initial connection - flowbit set (backdoor.rules)
7665 <-> Disabled <-> BACKDOOR screen control 1.0 runtime detection - initial connection (backdoor.rules)
7666 <-> Disabled <-> BACKDOOR screen control 1.0 runtime detection - capture on port 2208 - flowbit set (backdoor.rules)
7667 <-> Disabled <-> BACKDOOR screen control 1.0 runtime detection - capture on port 2208 (backdoor.rules)
7668 <-> Disabled <-> BACKDOOR screen control 1.0 runtime detection - capture on port 2213 - flowbit set (backdoor.rules)
7669 <-> Disabled <-> BACKDOOR screen control 1.0 runtime detection - capture on port 2213 (backdoor.rules)
7670 <-> Disabled <-> BACKDOOR digital upload runtime detection - initial connection (backdoor.rules)
7671 <-> Disabled <-> BACKDOOR digital upload runtime detection - chat (backdoor.rules)
7672 <-> Disabled <-> BACKDOOR remoter runtime detection - initial connection (backdoor.rules)
7673 <-> Disabled <-> BACKDOOR remote havoc runtime detection - flowbit set 1 (backdoor.rules)
7674 <-> Disabled <-> BACKDOOR remote havoc runtime detection - flowbit set 2 (backdoor.rules)
7675 <-> Disabled <-> BACKDOOR remote havoc runtime detection (backdoor.rules)
7676 <-> Disabled <-> BACKDOOR cool remote control 1.12 runtime detection - initial connection - flowbit set (backdoor.rules)
7677 <-> Disabled <-> BACKDOOR cool remote control 1.12 runtime detection - initial connection (backdoor.rules)
7678 <-> Disabled <-> BACKDOOR cool remote control 1.12 runtime detection - upload file - flowbit set (backdoor.rules)
7679 <-> Disabled <-> BACKDOOR cool remote control 1.12 runtime detection - upload file (backdoor.rules)
7680 <-> Disabled <-> BACKDOOR cool remote control 1.12 runtime detection - download file - flowbit set (backdoor.rules)
7681 <-> Disabled <-> BACKDOOR cool remote control 1.12 runtime detection - download file (backdoor.rules)
7682 <-> Disabled <-> BACKDOOR acid head 1.00 runtime detection - flowbit set (backdoor.rules)
7683 <-> Disabled <-> BACKDOOR acid head 1.00 runtime detection (backdoor.rules)
7684 <-> Disabled <-> BACKDOOR hrat 1.0 runtime detection (backdoor.rules)
7685 <-> Disabled <-> BACKDOOR illusion runtime detection - get remote info client-to-server (backdoor.rules)
7686 <-> Disabled <-> BACKDOOR illusion runtime detection - get remote info server-to-client (backdoor.rules)
7687 <-> Disabled <-> BACKDOOR illusion runtime detection - file browser client-to-server (backdoor.rules)
7688 <-> Disabled <-> BACKDOOR illusion runtime detection - file browser server-to-client (backdoor.rules)
7689 <-> Disabled <-> BACKDOOR evade runtime detection - initial connection (backdoor.rules)
7690 <-> Disabled <-> BACKDOOR evade runtime detection - file manager - flowbit set (backdoor.rules)
7691 <-> Disabled <-> BACKDOOR evade runtime detection - file manager (backdoor.rules)
7692 <-> Disabled <-> BACKDOOR exception 1.0 runtime detection - notification (backdoor.rules)
7693 <-> Disabled <-> BACKDOOR exception 1.0 runtime detection - intial connection client-to-server (backdoor.rules)
7694 <-> Disabled <-> BACKDOOR exception 1.0 runtime detection - intial connection server-to-client (backdoor.rules)
7695 <-> Disabled <-> BACKDOOR hanky panky 1.1 runtime detection - initial connection - flowbit set 1 (backdoor.rules)
7696 <-> Disabled <-> BACKDOOR hanky panky 1.1 runtime detection - initial connection - flowbit set 2 (backdoor.rules)
7697 <-> Disabled <-> BACKDOOR hanky panky 1.1 runtime detection - initial connection (backdoor.rules)
7698 <-> Disabled <-> BACKDOOR brain wiper runtime detection - launch application - flowbit set (backdoor.rules)
7699 <-> Disabled <-> BACKDOOR brain wiper runtime detection - launch application (backdoor.rules)
7700 <-> Disabled <-> BACKDOOR brain wiper runtime detection - chat - flowbit set (backdoor.rules)
7701 <-> Disabled <-> BACKDOOR brain wiper runtime detection - chat (backdoor.rules)
7702 <-> Disabled <-> BACKDOOR roach 1.0 runtime detection - remote control actions - flowbit set (backdoor.rules)
7703 <-> Disabled <-> BACKDOOR roach 1.0 runtime detection - remote control actions (backdoor.rules)
7704 <-> Disabled <-> BACKDOOR roach 1.0 server installation notification - email (backdoor.rules)
7705 <-> Disabled <-> BACKDOOR omniquad instant remote control runtime detection - initial connection - flowbit set (backdoor.rules)
7706 <-> Disabled <-> BACKDOOR omniquad instant remote control runtime detection - initial connection (backdoor.rules)
7707 <-> Disabled <-> BACKDOOR omniquad instant remote control runtime detection - file transfer setup (backdoor.rules)
7708 <-> Disabled <-> BACKDOOR fear1.5/aciddrop1.0 runtime detection - initial connection - flowbit set (backdoor.rules)
7709 <-> Disabled <-> BACKDOOR fear1.5/aciddrop1.0 runtime detection - initial connection - flowbit set (backdoor.rules)
7710 <-> Disabled <-> BACKDOOR fear1.5/aciddrop1.0 runtime detection - initial connection (backdoor.rules)
7711 <-> Disabled <-> BACKDOOR amitis runtime command detection attacker to victim (backdoor.rules)
7712 <-> Disabled <-> BACKDOOR amitis runtime detection victim to attacker (backdoor.rules)
7713 <-> Disabled <-> BACKDOOR amitis v1.3 runtime detection - email notification (backdoor.rules)
7714 <-> Disabled <-> BACKDOOR netdevil runtime detection - flowbit set 1 (backdoor.rules)
7715 <-> Disabled <-> BACKDOOR netdevil runtime detection - flowbit set 2 (backdoor.rules)
7716 <-> Disabled <-> BACKDOOR netdevil runtime detection (backdoor.rules)
7717 <-> Disabled <-> BACKDOOR snake trojan runtime detection (backdoor.rules)
7718 <-> Disabled <-> BACKDOOR dameware mini remote control runtime detection - initial connection - flowbit set (backdoor.rules)
7719 <-> Disabled <-> BACKDOOR dameware mini remote control runtime detection - initial connection (backdoor.rules)
7720 <-> Disabled <-> BACKDOOR desktop scout runtime detection (backdoor.rules)
7721 <-> Disabled <-> BACKDOOR prorat 1.9 initial connection detection (backdoor.rules)
7722 <-> Disabled <-> BACKDOOR prorat 1.9 cgi notification detection (backdoor.rules)
7723 <-> Disabled <-> BACKDOOR wollf runtime detection (backdoor.rules)
7724 <-> Disabled <-> BACKDOOR reversable ver1.0 runtime detection - initial connection - flowbit set (backdoor.rules)
7725 <-> Disabled <-> BACKDOOR reversable ver1.0 runtime detection - initial connection (backdoor.rules)
7726 <-> Disabled <-> BACKDOOR reversable ver1.0 runtime detection - execute command - flowbit set (backdoor.rules)
7727 <-> Disabled <-> BACKDOOR reversable ver1.0 runtime detection - execute command (backdoor.rules)
7728 <-> Disabled <-> BACKDOOR radmin runtime detection - client-to-server (backdoor.rules)
7729 <-> Disabled <-> BACKDOOR radmin runtime detection - server-to-client (backdoor.rules)
7730 <-> Disabled <-> BACKDOOR outbreak_0.2.7 runtime detection - reverse connection (backdoor.rules)
7731 <-> Disabled <-> BACKDOOR outbreak_0.2.7 runtime detection - ring server-to-client (backdoor.rules)
7732 <-> Disabled <-> BACKDOOR outbreak_0.2.7 runtime detection - ring client-to-server (backdoor.rules)
7733 <-> Disabled <-> BACKDOOR outbreak_0.2.7 runtime detection - initial connection (backdoor.rules)
7734 <-> Disabled <-> BACKDOOR bionet 4.05 runtime detection - initial connection - flowbit set (backdoor.rules)
7735 <-> Disabled <-> BACKDOOR bionet 4.05 runtime detection - initial connection (backdoor.rules)
7736 <-> Disabled <-> BACKDOOR bionet 4.05 runtime detection - file manager - flowbit set (backdoor.rules)
7737 <-> Disabled <-> BACKDOOR bionet 4.05 runtime detection - file manager (backdoor.rules)
7738 <-> Disabled <-> BACKDOOR alexmessomalex runtime detection - initial connection (backdoor.rules)
7739 <-> Disabled <-> BACKDOOR alexmessomalex runtime detection - grab (backdoor.rules)
7740 <-> Disabled <-> BACKDOOR nova 1.0 runtime detection - initial connection with pwd set - flowbit set (backdoor.rules)
7741 <-> Disabled <-> BACKDOOR nova 1.0 runtime detection - initial connection with pwd set (backdoor.rules)
7742 <-> Disabled <-> BACKDOOR nova 1.0 runtime detection - cgi notification client-to-server (backdoor.rules)
7743 <-> Disabled <-> BACKDOOR nova 1.0 runtime detection - cgi notification server-to-client (backdoor.rules)
7744 <-> Disabled <-> BACKDOOR phoenix 2.1 runtime detection - flowbit set (backdoor.rules)
7745 <-> Disabled <-> BACKDOOR phoenix 2.1 runtime detection (backdoor.rules)
7746 <-> Disabled <-> BACKDOOR bobo 1.0 runtime detection - initial connection - flowbit set (backdoor.rules)
7747 <-> Disabled <-> BACKDOOR bobo 1.0 runtime detection - initial connection (backdoor.rules)
7748 <-> Disabled <-> BACKDOOR bobo 1.0 runtime detection - send message - flowbit set (backdoor.rules)
7749 <-> Disabled <-> BACKDOOR bobo 1.0 runtime detection - send message (backdoor.rules)
7750 <-> Disabled <-> BACKDOOR buschtrommel 1.22 runtime detection - initial connection - flowbit set 1 (backdoor.rules)
7751 <-> Disabled <-> BACKDOOR buschtrommel 1.22 runtime detection - initial connection - flowbit set 2 (backdoor.rules)
7752 <-> Disabled <-> BACKDOOR buschtrommel 1.22 runtime detection - initial connection (backdoor.rules)
7753 <-> Disabled <-> BACKDOOR buschtrommel 1.22 runtime detection - spy function - flowbit set 1 (backdoor.rules)
7754 <-> Disabled <-> BACKDOOR buschtrommel 1.22 runtime detection - spy function - flowbit set 2 (backdoor.rules)
7755 <-> Disabled <-> BACKDOOR buschtrommel 1.22 runtime detection - spy function (backdoor.rules)
7756 <-> Disabled <-> BACKDOOR beast 2.02 runtime detection - initial connection - flowbit set (backdoor.rules)
7757 <-> Disabled <-> BACKDOOR beast 2.02 runtime detection - initial connection (backdoor.rules)
7758 <-> Disabled <-> BACKDOOR glacier runtime detection - initial connection and directory browse (backdoor.rules)
7759 <-> Disabled <-> BACKDOOR glacier runtime detection - screen capture (backdoor.rules)
7760 <-> Disabled <-> BACKDOOR netthief runtime detection (backdoor.rules)
7761 <-> Disabled <-> BACKDOOR analftp 0.1 runtime detection - initial connection (backdoor.rules)
7762 <-> Disabled <-> BACKDOOR analftp 0.1 runtime detection - icq notification (backdoor.rules)
7763 <-> Disabled <-> BACKDOOR nt remote controller 2000 runtime detection - services client-to-server (backdoor.rules)
7764 <-> Disabled <-> BACKDOOR nt remote controller 2000 runtime detection - sysinfo client-to-server (backdoor.rules)
7765 <-> Disabled <-> BACKDOOR nt remote controller 2000 runtime detection - sysinfo server-to-client (backdoor.rules)
7766 <-> Disabled <-> BACKDOOR nt remote controller 2000 runtime detection - foldermonitor client-to-server (backdoor.rules)
7767 <-> Disabled <-> BACKDOOR nt remote controller 2000 runtime detection - foldermonitor server-to-client (backdoor.rules)
7768 <-> Disabled <-> BACKDOOR data rape runtime detection - execute program client-to-server (backdoor.rules)
7769 <-> Disabled <-> BACKDOOR data rape runtime detection - execute program server-to-client (backdoor.rules)
7770 <-> Disabled <-> BACKDOOR messiah 4.0 runtime detection - get server info - flowbit set (backdoor.rules)
7771 <-> Disabled <-> BACKDOOR messiah 4.0 runtime detection - get server info (backdoor.rules)
7772 <-> Disabled <-> BACKDOOR messiah 4.0 runtime detection - enable keylogger - flowbit set (backdoor.rules)
7773 <-> Disabled <-> BACKDOOR messiah 4.0 runtime detection - enable keylogger (backdoor.rules)
7774 <-> Disabled <-> BACKDOOR messiah 4.0 runtime detection - screen capture - flowbit set (backdoor.rules)
7775 <-> Disabled <-> BACKDOOR messiah 4.0 runtime detection - screen capture (backdoor.rules)
7776 <-> Disabled <-> BACKDOOR messiah 4.0 runtime detection - get drives - flowbit set (backdoor.rules)
7777 <-> Disabled <-> BACKDOOR messiah 4.0 runtime detection - get drives (backdoor.rules)
7778 <-> Disabled <-> BACKDOOR elfrat runtime detection - initial connection (backdoor.rules)
7779 <-> Disabled <-> BACKDOOR net devil 1.4 runtime detection - initial connection - flowbit set 1 (backdoor.rules)
7780 <-> Disabled <-> BACKDOOR net devil 1.4 runtime detection - initial connection - flowbit set 2 (backdoor.rules)
7781 <-> Disabled <-> BACKDOOR net devil 1.4 runtime detection - initial connection (backdoor.rules)
7782 <-> Disabled <-> BACKDOOR net devil 1.4 runtime detection - file manager - flowbit set (backdoor.rules)
7783 <-> Disabled <-> BACKDOOR net devil 1.4 runtime detection - file manager (backdoor.rules)
7784 <-> Disabled <-> BACKDOOR forced control uploader runtime detection - connection with password - flowbit set (backdoor.rules)
7785 <-> Disabled <-> BACKDOOR forced control uploader runtime detection - connection with password (backdoor.rules)
7786 <-> Disabled <-> BACKDOOR forced control uploader runtime detection directory listing - flowbit set 1 (backdoor.rules)
7787 <-> Disabled <-> BACKDOOR forced control uploader runtime detection directory listing - flowbit set 2 (backdoor.rules)
7788 <-> Disabled <-> BACKDOOR forced control uploader runtime detection directory listing - flowbit set 3 (backdoor.rules)
7789 <-> Disabled <-> BACKDOOR forced control uploader runtime detection directory listing - flowbit set 4 (backdoor.rules)
7790 <-> Disabled <-> BACKDOOR forced control uploader runtime detection directory listing (backdoor.rules)
7791 <-> Disabled <-> BACKDOOR remote anything 5.11.22 runtime detection - victim response (backdoor.rules)
7792 <-> Disabled <-> BACKDOOR remote anything 5.11.22 runtime detection - chat with victim (backdoor.rules)
7793 <-> Disabled <-> BACKDOOR remote anything 5.11.22 runtime detection - chat with attacker (backdoor.rules)

Updated rules:
2382 <-> Disabled <-> NETBIOS SMB Session Setup NTMLSSP asn1 overflow attempt (netbios.rules)
2383 <-> Disabled <-> NETBIOS SMB-DS Session Setup NTMLSSP asn1 overflow attempt (netbios.rules)
3000 <-> Disabled <-> NETBIOS SMB Session Setup NTMLSSP unicode asn1 overflow attempt (netbios.rules)
3001 <-> Disabled <-> NETBIOS SMB Session Setup NTMLSSP andx asn1 overflow attempt (netbios.rules)
3002 <-> Disabled <-> NETBIOS SMB Session Setup NTMLSSP unicode andx asn1 overflow attempt (netbios.rules)
3003 <-> Disabled <-> NETBIOS SMB-DS Session Setup NTMLSSP unicode asn1 overflow attempt (netbios.rules)
3004 <-> Disabled <-> NETBIOS SMB-DS Session Setup NTMLSSP andx asn1 overflow attempt (netbios.rules)
3005 <-> Disabled <-> NETBIOS SMB-DS Session Setup NTMLSSP unicode andx asn1 overflow attempt (netbios.rules)
5318 <-> Disabled <-> WEB-CLIENT wmf file SetAbortProc arbitrary code execution attempt (web-client.rules)
5319 <-> Enabled  <-> WEB-CLIENT Metasploit Windows picture and fax viewer wmf arbitrary code execution attempt (web-client.rules)
5710 <-> Enabled  <-> WEB-CLIENT Windows Media Player Plugin for Non-IE browsers buffer overflow attempt (web-client.rules)
5846 <-> Disabled <-> SPYWARE-PUT Trickler vx2 or DLmax runtime detection (spyware-put.rules)
6009 <-> Enabled  <-> WEB-CLIENT RDS.Dataspace ActiveX Object Access (web-client.rules)
6688 <-> Disabled <-> WEB-CLIENT PNG file transfer (web-client.rules)
6689 <-> Disabled <-> WEB-CLIENT Malformed PNG detected cHRM overflow attempt (web-client.rules)
6690 <-> Disabled <-> WEB-CLIENT Malformed PNG detected iCCP overflow attempt (web-client.rules)
6691 <-> Disabled <-> WEB-CLIENT Malformed PNG detected sBIT overflow attempt (web-client.rules)
6692 <-> Disabled <-> WEB-CLIENT Malformed PNG detected sRGB overflow attempt (web-client.rules)
6693 <-> Disabled <-> WEB-CLIENT Malformed PNG detected bKGD overflow attempt (web-client.rules)
6694 <-> Disabled <-> WEB-CLIENT Malformed PNG detected hIST overflow attempt (web-client.rules)
6695 <-> Disabled <-> WEB-CLIENT Malformed PNG detected tRNS overflow attempt (web-client.rules)
6696 <-> Disabled <-> WEB-CLIENT Malformed PNG detected pHYs overflow attempt (web-client.rules)
6697 <-> Disabled <-> WEB-CLIENT Malformed PNG detected sPLT overflow attempt (web-client.rules)
6698 <-> Disabled <-> WEB-CLIENT Malformed PNG detected tIME overflow attempt (web-client.rules)
6699 <-> Disabled <-> WEB-CLIENT Malformed PNG detected iTXt overflow attempt (web-client.rules)
6700 <-> Disabled <-> WEB-CLIENT Malformed PNG detected tEXt overflow attempt (web-client.rules)
6701 <-> Disabled <-> WEB-CLIENT Malformed PNG detected zTXt overflow attempt (web-client.rules)
7027 <-> Enabled  <-> WEB-IIS frontpage server extensions 2002 cross site scripting attempt (web-iis.rules)
7028 <-> Enabled  <-> WEB-IIS frontpage server extensions 2002 cross site scripting attempt (web-iis.rules)
7029 <-> Enabled  <-> WEB-IIS frontpage server extensions 2002 cross site scripting attempt (web-iis.rules)
7422 <-> Enabled  <-> EXPLOIT Microsoft MMC mmcndmgr.dll cross site scripting attempt (exploit.rules)
7423 <-> Enabled  <-> EXPLOIT Microsoft MMC mmc.exe cross site scripting attempt (exploit.rules)
7424 <-> Enabled  <-> EXPLOIT Microsoft MMC createcab.cmd cross site scripting attempt (exploit.rules)
7439 <-> Enabled  <-> WEB-CLIENT HTML Help ActiveX CLSID access (web-client.rules)
7440 <-> Enabled  <-> WEB-CLIENT HTML Help ActiveX CLSID unicode access (web-client.rules)