2000005 || ET EXPLOIT Cisco Telnet Buffer Overflow || url,www.cisco.com/warp/public/707/cisco-sn-20040326-exploits.shtml
2000006 || ET DOS Cisco Router HTTP DoS || url,www.cisco.com/warp/public/707/cisco-sn-20040326-exploits.shtml
2000007 || ET EXPLOIT Catalyst SSH protocol mismatch || url,www.cisco.com/warp/public/707/catalyst-ssh-protocolmismatch-pub.shtml
2000009 || ET EXPLOIT Cisco IOS HTTP DoS || url,www.cisco.com/warp/public/707/ioshttpserverquery-pub.shtml
2000010 || ET DOS Cisco 514 UDP flood DoS || url,www.cisco.com/warp/public/707/IOS-cbac-dynacl-pub.shtml
2000011 || ET DOS Catalyst memory leak attack || url,www.cisco.com/en/US/products/products_security_advisory09186a00800b138e.shtml
2000012 || ET EXPLOIT Cisco %u IDS evasion
2000013 || ET EXPLOIT Cisco IOS HTTP server DoS
2000015 || ET P2P Phatbot Control Connection || url,www.lurhq.com/phatbot.html
2000016 || ET DOS SSL Bomb DoS Attempt || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx || cve,CAN-2004-0120
2000017 || ET EXPLOIT NII Microsoft ASN.1 Library Buffer Overflow Exploit || url,www.microsoft.com/technet/security/bulletin/ms04-007.asp
2000024 || ET MALWARE rcprograms || url,sarc.com/avcenter/venc/data/adware.rcprograms.html
2000025 || ET MALWARE Gator Cookie || url,www3.ca.com/securityadvisor/pest/content.aspx?q=67999
2000026 || ET MALWARE Gator Agent Traffic
2000031 || ET EXPLOIT CVS server heap overflow attempt (target BSD)
2000032 || ET EXPLOIT LSA exploit || url,www.upenn.edu/computing/virus/04/w32.sasser.worm.html || url,www.eeye.com/html/research/advisories/AD20040501.html
2000033 || ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP)
2000035 || ET POLICY Hotmail Inbox Access
2000036 || ET POLICY Hotmail Message Access
2000037 || ET POLICY Hotmail Compose Message Access
2000038 || ET POLICY Hotmail Compose Message Submit
2000039 || ET POLICY Hotmail Compose Message Submit Data
2000040 || ET WORM Sasser FTP Traffic || url,vil.mcafeesecurity.com/vil/content/Print125009.htm
2000041 || ET Yahoo Mail Inbox View
2000042 || ET Yahoo Mail Message View
2000043 || ET Yahoo Mail Message Compose Open
2000044 || ET Yahoo Mail Message Send
2000045 || ET Yahoo Mail Message Send Info Capture
2000046 || ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (Win2k)
2000047 || ET WORM Sasser Transfer _up.exe || url,vil.mcafeesecurity.com/vil/content/Print125009.htm
2000048 || ET EXPLOIT CVS server heap overflow attempt (target Linux)
2000049 || ET EXPLOIT CVS server heap overflow attempt (target Solaris)
2000306 || ET MALWARE Virtumonde Spyware siae3123.exe GET || url,sarc.com/avcenter/venc/data/adware.virtumonde.html
2000307 || ET MALWARE Virtumonde Spyware siae3123.exe GET (8081) || url,sarc.com/avcenter/venc/data/adware.virtumonde.html
2000308 || ET MALWARE Virtumonde Spyware Information Post || url,sarc.com/avcenter/venc/data/adware.virtumonde.html
2000309 || ET POLICY GotoMyPC Polling Client
2000327 || ET MALWARE Spyware 2020 || url,securityresponse.symantec.com/avcenter/venc/data/spyware.2020search.html
2000328 || ET POLICY Outbound Multiple Non-SMTP Server Emails
2000329 || ET EXPLOIT mIRC <=6.12 DCC Buffer Overflow || bugtraq,8880
2000330 || ET P2P ed2k connection to server || url,www.giac.org/practical/GCIH/Ian_Gosling_GCIH.pdf
2000332 || ET P2P ed2k request part || url,www.giac.org/practical/GCIH/Ian_Gosling_GCIH.pdf
2000333 || ET P2P ed2k file request answer || url,www.giac.org/practical/GCIH/Ian_Gosling_GCIH.pdf
2000334 || ET P2P BitTorrent peer sync || url,bitconjurer.org/BitTorrent/protocol.html
2000335 || ET P2P Overnet (Edonkey) Server Announce || url,www.overnet.com
2000336 || ET MALWARE Yesadvertising Banking Spyware RETRIEVE || url,isc.sans.org/presentations/banking_malware.pdf
2000337 || ET MALWARE Yesadvertising Banking Spyware INFORMATION SUBMIT || url,isc.sans.org/presentations/banking_malware.pdf
2000338 || ET P2P iroffer IRC Bot help message || url,iroffer.org
2000339 || ET P2P iroffer IRC Bot offered files advertisement || url,iroffer.org
2000340 || ET P2P Kaaza Media desktop p2pnetworking.exe Activity || url,www.giac.org/practical/GCIH/Ian_Gosling_GCIH.pdf
2000341 || ET Yahoo Mail General Page View
2000342 || ET EXPLOIT Squid NTLM Auth Overflow Exploit || cve,CAN-2004-0541 || url,www.idefense.com/application/poi/display?id=107
2000343 || ET WORM Possible Evaman Worm Outbound || url,secunia.com/virus_information/10429/evaman
2000345 || ET ATTACK RESPONSE IRC - Nick change on non-std port
2000346 || ET ATTACK RESPONSE IRC - Name response on non-std port
2000347 || ET ATTACK RESPONSE IRC - Private message on non-std port
2000348 || ET ATTACK RESPONSE IRC - Channel JOIN on non-std port
2000349 || ET ATTACK RESPONSE IRC - DCC file transfer request on non-std port
2000350 || ET ATTACK RESPONSE IRC - DCC chat request on non-std port
2000351 || ET ATTACK RESPONSE IRC - channel join on non-std port
2000352 || ET ATTACK RESPONSE IRC - dns request on non-std port
2000355 || ET POLICY IRC authorization message
2000356 || ET POLICY IRC connection
2000357 || ET P2P BitTorrent Traffic || url,bitconjurer.org/BitTorrent/protocol.html
2000366 || ET MALWARE Binet (download complete) || url,sarc.com/avcenter/venc/data/pf/adware.betterinternet.html
2000367 || ET MALWARE Binet (set_pix) || url,sarc.com/avcenter/venc/data/pf/adware.betterinternet.html
2000369 || ET P2P BitTorrent Announce || url,bitconjurer.org/BitTorrent/protocol.html
2000371 || ET MALWARE Binet (randreco.exe) || url,sarc.com/avcenter/venc/data/pf/adware.betterinternet.html
2000372 || ET EXPLOIT MS-SQL SQL Injection running SQL statements line comment || url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html || url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
2000373 || ET EXPLOIT MS-SQL SQL Injection line comment || url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html || url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
2000377 || ET EXPLOIT MS-SQL heap overflow attempt || url,www.nextgenss.com/papers/tp-SQL2000.pdf
2000378 || ET EXPLOIT MS-SQL DOS attempt (08) || url,www.nextgenss.com/papers/tp-SQL2000.pdf
2000379 || ET EXPLOIT MS-SQL DOS attempt (08) 1 byte || url,www.nextgenss.com/papers/tp-SQL2000.pdf
2000380 || ET EXPLOIT MS-SQL Spike buffer overflow || bugtraq,5411
2000381 || ET EXPLOIT MS-SQL DOS bouncing packets || url,www.nextgenss.com/papers/tp-SQL2000.pdf
2000418 || ET POLICY Executable and linking format (ELF) file download || url,www.itee.uq.edu.au/~cristina/students/david/honoursThesis96/bff.htm
2000419 || ET POLICY PE EXE or DLL Windows file download
2000420 || ET POLICY REG files version 4 download || url,www.ss64.com/nt/regedit.html
2000421 || ET POLICY REG files version 5 download || url,www.ss64.com/nt/regedit.html
2000422 || ET POLICY REG files version 5 Unicode download || url,www.ss64.com/nt/regedit.html
2000423 || ET POLICY NE EXE OS2 file download || url,www.itee.uq.edu.au/~cristina/students/david/honoursThesis96/bff.htm
2000424 || ET POLICY LX EXE OS2 file download || url,www.itee.uq.edu.au/~cristina/students/david/honoursThesis96/bff.htm
2000425 || ET POLICY NE EXE Windows 3.x file download || url,www.itee.uq.edu.au/~cristina/students/david/honoursThesis96/bff.htm
2000426 || ET POLICY EXE compressed PKWARE Windows file download || url,www.program-transformation.org/Transform/PcExeFormat
2000427 || ET POLICY PE EXE Install Windows file download || url,www.program-transformation.org/Transform/PcExeFormat
2000428 || ET POLICY ZIP file download || url,zziplib.sourceforge.net/zzip-parse.print.html
2000429 || ET POLICY Download Windows Help File CHM 2 || url,www.securiteam.com/windowsntfocus/6V00N000AU.html || url,www.speakeasy.org/~russotto/chm/chmformat.html
2000488 || ET EXPLOIT MS-SQL SQL Injection closing string plus line comment || url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html || url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
2000489 || ET POLICY Download Windows Help File CHM || url,www.securiteam.com/windowsntfocus/6V00N000AU.html || url,www.speakeasy.org/~russotto/chm/chmformat.html
2000494 || ET WORM Possible Atak.mm Worm Outbound || url,securityresponse.symantec.com/avcenter/venc/data/w32.atak@mm.html
2000496 || ET DOS Microsoft SMS dos attempt || url,www.securityfocus.com/archive/1/368911/2004-07-12/2004-07-18/0
2000499 || ET ATTACK RESPONSE FTP inaccessible directory access COM1
2000500 || ET ATTACK RESPONSE FTP inaccessible directory access COM2
2000501 || ET ATTACK RESPONSE FTP inaccessible directory access COM3
2000502 || ET ATTACK RESPONSE FTP inaccessible directory access COM4
2000503 || ET ATTACK RESPONSE FTP inaccessible directory access LPT1
2000504 || ET ATTACK RESPONSE FTP inaccessible directory access LPT2
2000505 || ET ATTACK RESPONSE FTP inaccessible directory access LPT3
2000506 || ET ATTACK RESPONSE FTP inaccessible directory access LPT4
2000507 || ET ATTACK RESPONSE FTP inaccessible directory access AUX
2000508 || ET ATTACK RESPONSE FTP inaccessible directory access NULL
2000514 || ET MALWARE IE homepage hijacking || url,www.geek.com/news/geeknews/2004Jun/gee20040610025522.htm
2000519 || ET MALWARE shell browser vulnerability W9x/XP || url,www.packetfocus.com/shell_exploit.htm
2000520 || ET MALWARE shell browser vulnerability NT/2K || url,www.packetfocus.com/shell_exploit.htm
2000536 || ET SCAN NMAP -sO || arachnids,162
2000537 || ET SCAN NMAP -sS || arachnids,162
2000538 || ET SCAN NMAP -sA (1) || arachnids,162
2000540 || ET SCAN NMAP -sA (2) || arachnids,162
2000543 || ET SCAN NMAP -f -sF || arachnids,162
2000544 || ET SCAN NMAP -f -sN || arachnids,162
2000545 || ET SCAN NMAP -f -sS || arachnids,162
2000546 || ET SCAN NMAP -f -sX || arachnids,162
2000559 || ET WEB THCIISLame IIS SSL Exploit Attempt || url,isc.sans.org/diary.php?date=2004-07-17 || url,www.thc.org/exploits/THCIISSLame.c
2000560 || ET POLICY HTTP CONNECT Tunnel Attempt Inbound
2000562 || ET VIRUS OUTBOUND Suspicious Email Attachment
2000563 || ET EXPLOIT Pwdump3e Password Hash Retrieval port 445
2000564 || ET EXPLOIT Pwdump3e pwservice.exe Access port 445
2000565 || ET EXPLOIT Pwdump3e Session Established Reg-Entry port 139
2000566 || ET EXPLOIT Pwdump3e Session Established Reg-Entry port 445
2000567 || ET EXPLOIT Pwdump3e pwservice.exe Access port 139
2000568 || ET EXPLOIT Pwdump3e Password Hash Retrieval port 139
2000569 || ET POLICY KitCo Kcast Ticker (agtray)
2000570 || ET POLICY KitCo Kcast Ticker (autray)
2000571 || ET POLICY AOL Webmail Message Send
2000572 || ET POLICY AOL Webmail Login
2000574 || ET MALWARE Bargain Buddy || url,www.doxdesk.com/parasite/BargainBuddy.html
2000575 || ET SCAN ICMP PING IPTools || url,www.ks-soft.net/ip-tools.eng/index.htm || url,www.ks-soft.net/ip-tools.eng
2000577 || ET MALWARE Popuptraffic.com Bot Reporting || url,popuptraffic.com
2000580 || ET MALWARE Shop At Home Select.com Install Attempt || url,www.shopathomeselect.com || url,www.spywareguide.com/product_show.php?id=700
2000581 || ET MALWARE Shop At Home Select.com Install Download || url,www.shopathomeselect.com || url,www.spywareguide.com/product_show.php?id=700
2000582 || ET MALWARE F1Organizer Reporting
2000583 || ET MALWARE Mindset Interactive Install (1) || url,www.mindsetinteractive.com
2000584 || ET MALWARE Mindset Interactive Install (2) || url,www.mindsetinteractive.com
2000585 || ET MALWARE F1Organizer Install Attempt
2000586 || ET MALWARE Ezula Related Calling Home || url,www.spyany.com/program/article_spw_rm_eZuLa.html || url,www.ezula.com
2000587 || ET MALWARE SpywareLabs VirtualBouncer Seeking Instructions || url,securityresponse.symantec.com/avcenter/venc/data/adware.virtualbouncer.html
2000588 || ET MALWARE TopMoxie Reporting Data to External Host || url,www.topmoxie.com
2000589 || ET MALWARE TopMoxie Retrieving Data (downloads) || url,www.topmoxie.com
2000590 || ET MALWARE TopMoxie Retrieving Data (common) || url,www.topmoxie.com
2000593 || ET MALWARE Binet Ad Retrieval || url,sarc.com/avcenter/venc/data/pf/adware.betterinternet.html
2000594 || ET MALWARE Mindset Interactive Ad Retrieval || url,www.mindsetinteractive.com
2000595 || ET MALWARE Gator Checkin || url,www3.ca.com/securityadvisor/pest/content.aspx?q=67999
2000596 || ET MALWARE Gator/Claria Data Submission || url,www3.ca.com/securityadvisor/pest/content.aspx?q=67999
2000597 || ET MALWARE Gator New Code Download || url,www3.ca.com/securityadvisor/pest/content.aspx?q=67999
2000598 || ET MALWARE Altnet PeerPoints Manager Data Submission || url,securityresponse.symantec.com/avcenter/venc/data/adware.topsearch.html
2000599 || ET MALWARE Fun Web Products Install || url,www.funwebproducts.com
2000600 || ET MALWARE MyWebSearch Toolbar Receiving Configuration
2000601 || ET MALWARE Salongas Infection
2000900 || ET MALWARE JoltID Agent Probing or Announcing UDP || url,securityresponse.symantec.com/avcenter/venc/data/adware.p2pnetworking.html || url,forum.treweeke.com/lofiversion/index.php/t597.html || url,www.joltid.com
2000901 || ET MALWARE JoltID Agent Communicating TCP || url,securityresponse.symantec.com/avcenter/venc/data/adware.p2pnetworking.html || url,forum.treweeke.com/lofiversion/index.php/t597.html || url,www.joltid.com
2000902 || ET MALWARE MarketScore.com Spyware Configuration Access || url,www.spysweeper.com/remove-marketscore.html || url,www.marketscore.com
2000903 || ET MALWARE Avres Agent Receiving Instructions || url,ar.avres.net/ie/updatenew/ || url,www.avres.net
2000905 || ET MALWARE FlashPoint Agent Retrieving New Code || url,www.flashpoint.bm
2000906 || ET MALWARE Altnet PeerPoints Manager Start || url,securityresponse.symantec.com/avcenter/venc/data/adware.topsearch.html
2000907 || ET MALWARE Altnet PeerPoints Manager Settings Download || url,securityresponse.symantec.com/avcenter/venc/data/adware.topsearch.html
2000908 || ET MALWARE WhenUClick.com App and Search Bar Install (1) || url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || url,www.whenusearch.com
2000909 || ET MALWARE WhenUClick.com App and Search Bar Install (2) || url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || url,www.whenusearch.com
2000910 || ET MALWARE WhenUClick.com Clock Sync App Checkin || url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || url,www.whenusearch.com
2000911 || ET MALWARE WhenUClick.com Weather App Checkin || url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || url,www.whenusearch.com
2000912 || ET MALWARE WhenUClick.com Clock Sync App Checkin (1) || url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || url,www.whenusearch.com
2000913 || ET MALWARE WhenUClick.com Clock Sync App Checkin (2) || url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || url,www.whenusearch.com
2000914 || ET MALWARE WhenUClick.com Weather App Checkin (1) || url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || url,www.whenusearch.com
2000915 || ET MALWARE WhenUClick.com Weather App Checkin (2) || url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || url,www.whenusearch.com
2000916 || ET MALWARE WhenUClick.com WhenUSave App Checkin || url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || url,www.whenusearch.com
2000917 || ET MALWARE WhenUClick.com WhenUSave Data Retrieval (offersdata) || url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || url,www.whenusearch.com
2000918 || ET MALWARE WhenUClick.com Desktop Bar Install || url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || url,www.whenusearch.com
2000919 || ET MALWARE WhenUClick.com WhenUSave Data Retrieval (Searchdb) || url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || url,www.whenusearch.com
2000920 || ET MALWARE Hotbar Install (1) || url,www.hotbar.com
2000921 || ET MALWARE Hotbar Install (2) || url,www.hotbar.com
2000922 || ET MALWARE Hotbar Install (3) || url,www.hotbar.com
2000923 || ET MALWARE Hotbar Agent Reporting Information || url,www.hotbar.com
2000924 || ET MALWARE Hotbar Agent Upgrading || url,www.hotbar.com
2000925 || ET MALWARE Hotbar Agent Partner Checkin || url,www.hotbar.com
2000927 || ET MALWARE ISearchTech.com XXXPornToolbar Reporting || url,www.isearchtech.com
2000928 || ET MALWARE ISearchTech.com XXXPornToolbar Activity (1) || url,www.isearchtech.com
2000929 || ET MALWARE Hotbar Agent Activity || url,www.hotbar.com
2000930 || ET MALWARE 180solutions Update Engine || url,www.safer-networking.org/index.php?page=threats&detail=212
2000931 || ET MALWARE Comet Systems Spyware Traffic
2000932 || ET MALWARE Keenvalue Update Engine || url,www.safer-networking.org/index.php?page=updatehistory&detail=2003-11-24
2000934 || ET MALWARE 2020search Update Engine || url,www.safer-networking.org/index.php?page=updatehistory&detail=2004-03-04
2000936 || ET MALWARE FlashTrack Agent Retrieving New App Code || url,www.flashpoint.bm
2001013 || ET MALWARE Fun Web Products SmileyCentral || url,www.funwebproducts.com
2001015 || ET MALWARE JoltID Agent Keep-Alive || url,securityresponse.symantec.com/avcenter/venc/data/adware.p2pnetworking.html || url,forum.treweeke.com/lofiversion/index.php/t597.html || url,www.joltid.com
2001016 || ET MALWARE SideStep Bar Install || url,www.spyany.com/program/article_spw_rm_SideStep.html || url,www.sidestep.com
2001017 || ET MALWARE SideStep Bar Reporting Data || url,www.spyany.com/program/article_spw_rm_SideStep.html || url,www.sidestep.com
2001020 || ET MALWARE SideStep Bar Update Reporting || url,www.spyany.com/program/article_spw_rm_SideStep.html || url,www.sidestep.com
2001021 || ET WEB Suspicious Encrypted Webpage Content
2001022 || ET EXPLOIT Invalid non-fragmented packet with fragment offset>0
2001023 || ET EXPLOIT Invalid fragment - ACK reset
2001024 || ET EXPLOIT Invalid fragment - illegal flags
2001031 || ET MALWARE Casino on Net Reporting Data || url,www.888casino.net
2001032 || ET MALWARE Casino on Net Ping Hit || url,www.888casino.net
2001033 || ET MALWARE Casino on Net Data Download || url,www.888casino.net
2001034 || ET MALWARE Fun Web Products Agent Traffic || url,www.funwebproducts.com
2001035 || ET P2P Morpheus Install || url,www.morpheus.com
2001036 || ET P2P Morpheus Install ini Download || url,www.morpheus.com
2001037 || ET P2P Morpheus Update Request || url,www.morpheus.com
2001038 || ET MALWARE Ebates Install || url,www.pestpatrol.com/PestInfo/e/ebates_moneymaker.asp
2001040 || ET MALWARE My Search Bar Install || url,www.2-spyware.com/parasite-my-search-bar.html
2001041 || ET MALWARE Casino on Net Install || url,www.888casino.net
2001043 || ET MALWARE Fun Web Products MyWay Agent Traffic || url,www.funwebproducts.com
2001044 || ET Yahoo Briefcase Upload
2001046 || ET WORM UPX compressed file download - possible worm
2001047 || ET WORM UPX encrypted file download - possible worm
2001048 || ET EXPLOIT IE process injection iexplore.exe executable download
2001050 || ET MALWARE CometSystems Spyware
2001052 || ET EXPLOIT NTDump Session Established Reg-Entry port 139
2001053 || ET EXPLOIT NTDump.exe Service Started port 139
2001055 || ET MISC HP Web JetAdmin ExecuteFile admin access || bugtraq,10224
2001056 || ET WORM W32/Sasser.worm.b || url,securityresponse.symantec.com/avcenter/venc/data/w32.sasser.worm.html
2001057 || ET WORM W32/Sasser.worm.a || url,securityresponse.symantec.com/avcenter/venc/data/w32.sasser.worm.html
2001058 || ET EXPLOIT libpng tRNS overflow attempt || cve,CAN-2004-0597
2001059 || ET P2P Ares traffic || url,www.aresgalaxy.org
2001060 || ET P2P Ares GET || url,www.aresgalaxy.org
2001066 || ET TROJAN IE Ilookup Trojan || url,62.131.86.111/analysis.htm
2001075 || ET WEB-MISC cross site scripting attempt IMG onerror or onload
2001076 || ET WEB-MISC cross site scripting attempt TYPE + JAVASCRIPT
2001077 || ET WEB-MISC cross site scripting attempt STYLE + JAVASCRIPT
2001078 || ET WEB-MISC cross site scripting attempt STYLE + JSCRIPT
2001079 || ET WEB-MISC cross site scripting attempt STYLE + VBSCRIPT 1
2001080 || ET WEB-MISC cross site scripting attempt STYLE + VBSCRIPT 2
2001081 || ET WEB-MISC cross site scripting attempt STYLE + ECMACRIPT
2001082 || ET WEB-MISC cross site scripting attempt STYLE + EXPRESSION 1
2001083 || ET WEB-MISC cross site scripting attempt STYLE + EXPRESSION 2
2001084 || ET WEB-MISC cross site scripting attempt using XML
2001085 || ET WEB-MISC cross site scripting attempt executing hidden Javascript 1
2001086 || ET WEB-MISC cross site scripting attempt executing hidden Javascript 2
2001087 || ET WEB-MISC cross site scripting attempt to execute Javascript code
2001088 || ET WEB-MISC cross site scripting attempt to execute VBScript code
2001089 || ET WEB-MISC cross site scripting attempt to access SHELL\:
2001090 || ET WEB-MISC cross site scripting stealth attempt to execute Javascript code
2001091 || ET WEB-MISC cross site scripting stealth attempt to execute VBScript code
2001092 || ET WEB-MISC cross site scripting stealth attempt to access SHELL\:
2001095 || ET EXPLOIT IFRAME ExecCommand vulnerability || url,www.securiteam.com/exploits/3D5Q4RFPPK.html
2001099 || ET EXPLOIT Attempt to execute VBScript code
2001101 || ET EXPLOIT Stealth attempt to execute Javascript code
2001102 || ET EXPLOIT Stealth attempt to execute VBScript code
2001103 || ET EXPLOIT Stealth attempt to access SHELL\:
2001105 || ET EXPLOIT Javascript execution with expression eval || url,www.securiteam.com/exploits/3D5Q4RFPPK.html
2001106 || ET EXPLOIT Javascript execution with expression eval hex || url,www.securiteam.com/exploits/3D5Q4RFPPK.html
2001114 || ET POLICY Mozilla XPI install files download
2001115 || ET POLICY MSI (microsoft installer file) download
2001116 || ET DNS - Standard query response, Format error
2001117 || ET DNS - Standard query response, Name Error
2001118 || ET DNS - Standard query response, Not Implemented
2001119 || ET DNS - Standard query response, Refused
2001181 || ET EXPLOIT Internet Explorer Plugin.ocx Heap Overflow || url,www.hnc3k.com/ievulnerabil.htm
2001182 || ET EXPLOIT IE trojan Ants3set 1.exe - process injection
2001185 || ET P2P Soulseek traffic (1) || url,www.slsknet.org
2001186 || ET P2P Soulseek traffic (2) || url,www.slsknet.org
2001187 || ET P2P Soulseek Filesearch Results || url,www.slsknet.org
2001188 || ET P2P Soulseek || url,www.slsknet.org
2001190 || ET EXPLOIT libPNG - Possible NULL-pointer crash in png_handle_iCCP || url,www.securiteam.com/unixfocus/5ZP0C0KDPG.html
2001191 || ET EXPLOIT libPNG - Width exceeds limit || url,www.securiteam.com/unixfocus/5ZP0C0KDPG.html
2001192 || ET EXPLOIT libPNG - Height exceeds limit || url,www.securiteam.com/unixfocus/5ZP0C0KDPG.html
2001195 || ET EXPLOIT libPNG - Possible integer overflow in allocation in png_handle_sPLT || url,www.securiteam.com/unixfocus/5ZP0C0KDPG.html
2001197 || ET WEB_SPECIFIC PHPNuke SQL injection attempt || url,www.waraxe.us/index.php?modname=sa&id=35
2001198 || ET MALWARE Twaintec Download Attempt || url,www.pestpatrol.com/PestInfo/t/twain-tech.asp
2001199 || ET MALWARE Twaintec Ad Retrieval || url,www.pestpatrol.com/PestInfo/t/twain-tech.asp
2001202 || ET WEB_SPECIFIC PHPNuke general SQL injection attempt || url,www.waraxe.us/?modname=sa&id=036 || url,www.waraxe.us/?modname=sa&id=030
2001205 || ET DOS Internet Explorer Memory Corruption Bug || url,www.securiteam.com/windowsntfocus/5XP051FDFM.html
2001210 || ET EXPLOIT FTP Serv-U Local Privilege Escalation Vulnerability || url,www.securiteam.com/windowsntfocus/5YP0F1FDPO.html
2001211 || ET EXPLOIT FTP Serv-U directory traversal vulnerability (1) || url,www.securiteam.com/windowsntfocus/6C0041F0KO.html
2001212 || ET EXPLOIT FTP Serv-U directory traversal vulnerability (2) || url,www.securiteam.com/windowsntfocus/6C0041F0KO.html
2001213 || ET EXPLOIT FTP Serv-U LIST -l Parameter Buffer Overflow || url,www.securiteam.com/windowsntfocus/5ZP0G2KCKA.html
2001215 || ET EXPLOIT FTP Serv-U Server Long Filename Stack Overflow Vulnerability || url,www.securiteam.com/windowsntfocus/5OP0N1PBPG.html
2001216 || ET MALWARE Twaintec Reporting Data || url,www.pestpatrol.com/PestInfo/t/twain-tech.asp
2001217 || ET EXPLOIT Adobe Acrobat Reader Malicious URL Null Byte || cve,2004-0629 || url,www.securiteam.com/windowsntfocus/5BP0D20DPW.html || url,idefense.com/application/poi/display?id=126&type=vulnerabilities
2001218 || ET WEB_SPECIFIC PHPNuke general XSS attempt || url,www.waraxe.us/?modname=sa&id=030
2001219 || ET SCAN Potential SSH Scan || url,en.wikipedia.org/wiki/Brute_force_attack
2001221 || ET MALWARE F1Organizer Config Download
2001222 || ET MALWARE Default-homepage-network.com Access || url,default-homepage-network.com/start.cgi?new-hkcu
2001223 || ET MALWARE Regnow.com Access || url,www.regnow.com
2001224 || ET MALWARE Regnow.com Gamehouse.com Access || url,www.gamehouse.com
2001225 || ET MALWARE Statblaster Receiving New configuration (update) || url,securityresponse.symantec.com/avcenter/venc/data/adware.statblaster.html
2001228 || ET MALWARE Advertising.com Data Post (villains) || url,securityresponse.symantec.com/avcenter/venc/data/adware.fastseek.html
2001230 || ET MALWARE Advertising.com Data Post (cakedeal) || url,securityresponse.symantec.com/avcenter/venc/data/adware.fastseek.html
2001233 || ET WORM Possible CIA Trojan download/upload attempt
2001235 || ET MALWARE Weatherbug
2001238 || ET WEB Possible Xedus Webserver Directory Traversal Attempt || url,www.gulftech.org/?node=research&article_id=00047-08302004
2001239 || ET Cisco Device in Config Mode
2001240 || ET Cisco Device New Config Built
2001241 || ET CHAT MSN file transfer request
2001242 || ET CHAT MSN file transfer accept
2001243 || ET CHAT MSN file transfer reject
2001253 || ET CHAT Yahoo IM successful logon
2001254 || ET CHAT Yahoo IM voicechat
2001255 || ET CHAT Yahoo IM ping
2001256 || ET CHAT Yahoo IM conference invitation
2001257 || ET CHAT Yahoo IM conference logon success
2001258 || ET CHAT Yahoo IM conference message
2001259 || ET CHAT Yahoo IM file transfer request
2001260 || ET CHAT Yahoo IM message
2001261 || ET CHAT Yahoo IM successful chat join
2001262 || ET CHAT Yahoo IM conference offer invitation
2001263 || ET CHAT Yahoo IM conference request
2001264 || ET CHAT Yahoo IM conference watch
2001266 || ET MALWARE Browseraid.com Agent Reporting Data || url,www.browseraid.com
2001267 || ET MALWARE Weatherbug Capture
2001269 || ET WORM Beagle User Agent Detected || url,securityresponse.symantec.com/avcenter/venc/data/w32.beagle.i@mm.html
2001273 || ET WORM Outbound W32.Novarg.A worm || url,securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.a@mm.html
2001293 || ET MALWARE Featured-Results.com Agent Reporting Data || url,www.featured-results.com
2001294 || ET POLICY Dameware Remote Control Service Install
2001295 || ET MALWARE Browseraid.com Agent || url,www.browseraid.com
2001296 || ET P2P eDonkey File Status || url,www.edonkey.com
2001297 || ET P2P eDonkey File Status Request || url,www.edonkey.com
2001298 || ET P2P eDonkey Server Status Request || url,www.edonkey.com
2001299 || ET P2P eDonkey Server Status || url,www.edonkey.com
2001304 || ET MALWARE Browseraid.com Agent Updating || url,www.browseraid.com
2001306 || ET MALWARE Gator/Clarian Agent || url,www3.ca.com/securityadvisor/pest/content.aspx?q=67999
2001307 || ET MALWARE Wild Tangent Agent Installation || url,www.wildtangent.com || url,www.spyany.com/program/article_spw_rm_WildTangent.html
2001308 || ET MALWARE Internet Optomizer Reporting Data || url,securityresponse.symantec.com/avcenter/venc/data/adware.netoptimizer.html
2001309 || ET MALWARE Wild Tangent Agent Checking In || url,www.wildtangent.com || url,www.spyany.com/program/article_spw_rm_WildTangent.html
2001310 || ET MALWARE Wild Tangent Agent Traffic || url,www.wildtangent.com || url,www.spyany.com/program/article_spw_rm_WildTangent.html
2001311 || ET MALWARE Rdxrp.com Traffic
2001312 || ET MALWARE Rdxrp.com Traffic (Generic)
2001313 || ET MALWARE Traffic Syndicate Add/Remove
2001314 || ET MALWARE Wild Tangent Agent || url,www.wildtangent.com || url,www.spyany.com/program/article_spw_rm_WildTangent.html
2001315 || ET MALWARE Traffic Syndicate Agent Updating (1)
2001316 || ET MALWARE Traffic Syndicate Agent Updating (2)
2001317 || ET MALWARE Webhancer Data Upload || url,securityresponse.symantec.com/avcenter/venc/data/spyware.webhancer.html
2001318 || ET MALWARE Adwave Agent Access || url,www.intermute.com/spyware/HuntBar.html
2001320 || ET MALWARE Speedera Agent
2001321 || ET MALWARE Speedera Agent (Specific)
2001322 || ET MALWARE Wild Tangent New Install || url,www.wildtangent.com || url,www.spyany.com/program/article_spw_rm_WildTangent.html
2001325 || ET MALWARE Websearch.com Spyware || mcafee,131461
2001328 || ET POLICY SSN Detected in Clear Text (dashed)
2001329 || ET POLICY RDP connection request
2001330 || ET POLICY RDP connection confirm
2001331 || ET POLICY RDP disconnect request
2001334 || ET MALWARE Ezula || url,www.spyany.com/program/article_spw_rm_eZuLa.html || url,www.ezula.com
2001335 || ET MALWARE Ezula Installer Download || url,www.spyany.com/program/article_spw_rm_eZuLa.html || url,www.ezula.com
2001337 || ET WORM Korgo.P offering executable || url,www.f-secure.com/v-descs/korgo_p.shtml
2001338 || ET WORM Korgo.P binary upload || url,www.f-secure.com/v-descs/korgo_p.shtml
2001339 || ET MALWARE BInet Information Upload || url,sarc.com/avcenter/venc/data/pf/adware.betterinternet.html
2001340 || ET MALWARE LocalNRD Spyware Checkin || url,www.localnrd.com
2001341 || ET MALWARE OfferOptimizer.com Spyware || url,www.offeroptimizer.com
2001342 || ET WEB IIS ASP.net Auth Bypass / Canonicalization
2001343 || ET WEB IIS ASP.net Auth Bypass / Canonicalization % 5 C
2001344 || ET WEB PHP EasyDynamicPages exploit || cve,CAN-2004-0073 || url,www.securitytracker.com/alerts/2004/Jan/1008584.html
2001345 || ET MALWARE Bonziportal Traffic || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=59256
2001346 || ET INAPPROPRIATE Kiddy Porn preteen
2001347 || ET INAPPROPRIATE Kiddy Porn pre-teen
2001348 || ET INAPPROPRIATE Kiddy Porn early teen
2001349 || ET INAPPROPRIATE free XXX
2001350 || ET INAPPROPRIATE hardcore anal
2001351 || ET INAPPROPRIATE masturbation
2001352 || ET INAPPROPRIATE ejaculation
2001353 || ET INAPPROPRIATE BDSM
2001359 || ET MALWARE MarketScore.com Spyware Access || url,www.spysweeper.com/remove-marketscore.html || url,www.marketscore.com
2001362 || ET DOS MS04-030 Attempted DoS || url,isc.sans.org/diary.php?date=2004-10-20
2001363 || ET EXPLOIT Possible MS04-032 Windows Metafile (.emf) Heap Overflow Portbind Attempt || url,www.microsoft.com/technet/security/bulletin/ms04-032.mspx
2001364 || ET EXPLOIT MS04-032 Windows Metafile (.emf) Heap Overflow Connectback Attempt || url,www.microsoft.com/technet/security/bulletin/ms04-032.mspx
2001365 || ET WEB-MISC Alternate Data Stream source view attempt || cve,1999-0278 || url,support.microsoft.com/kb/q188806/
2001366 || ET DOS Possible Microsoft SQL Server Remote Denial Of Service Attempt || bugtraq,11265
2001369 || ET EXPLOIT MS04-032 Windows Metafile (.emf) Heap Overflow Exploit || url,www.k-otik.com/exploits/20041020.HOD-ms04032-emf-expl2.c.php
2001374 || ET EXPLOIT MS04-032 Bad EMF file || url,www.sygate.com/alerts/SSR20041013-0001.htm
2001375 || ET POLICY Credit Card Number Detected in Clear (16 digit spaced) || url,www.beachnet.com/~hstiles/cardtype.html
2001376 || ET POLICY Credit Card Number Detected in Clear (16 digit dashed) || url,www.beachnet.com/~hstiles/cardtype.html
2001377 || ET POLICY Credit Card Number Detected in Clear (16 digit) || url,www.beachnet.com/~hstiles/cardtype.html
2001378 || ET POLICY Credit Card Number Detected in Clear (15 digit) || url,www.beachnet.com/~hstiles/cardtype.html
2001379 || ET POLICY Credit Card Number Detected in Clear (15 digit spaced) || url,www.beachnet.com/~hstiles/cardtype.html
2001380 || ET POLICY Credit Card Number Detected in Clear (15 digit dashed) || url,www.beachnet.com/~hstiles/cardtype.html
2001381 || ET POLICY Credit Card Number Detected in Clear (14 digit) || url,www.beachnet.com/~hstiles/cardtype.html
2001382 || ET POLICY Credit Card Number Detected in Clear (14 digit spaced) || url,www.beachnet.com/~hstiles/cardtype.html
2001383 || ET POLICY Credit Card Number Detected in Clear (14 digit dashed) || url,www.beachnet.com/~hstiles/cardtype.html
2001384 || ET POLICY SSN Detected in Clear Text (spaced)
2001385 || ET EXPLOIT Possible ShixxNote buffer-overflow + remote shell attempt || url,aluigi.altervista.org/adv/shixxbof-adv.txt
2001386 || ET INAPPROPRIATE Kiddy Porn pthc
2001387 || ET INAPPROPRIATE Kiddy Porn zeps
2001388 || ET INAPPROPRIATE Kiddy Porn r@ygold
2001389 || ET INAPPROPRIATE Kiddy Porn childlover
2001392 || ET INAPPROPRIATE Sextracker Tracking Code Detected (1)
2001393 || ET INAPPROPRIATE Sextracker Tracking Code Detected (2)
2001395 || ET MALWARE ISearchTech.com XXXPornToolbar Activity (2) || url,www.isearchtech.com
2001396 || ET MALWARE Internet Optimizer Spyware Install || url,securityresponse.symantec.com/avcenter/venc/data/adware.netoptimizer.html
2001397 || ET MALWARE 180solutions Spyware (tracked event reported) || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html
2001398 || ET MALWARE Bfast.com Spyware
2001399 || ET MALWARE 180solutions Spyware (action url reported) || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html
2001400 || ET MALWARE 180solutions Spyware Reporting || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html
2001401 || ET EXPLOIT IE IFRAME Exploit
2001402 || ET POLICY ZIPPED DOC in transit
2001403 || ET POLICY ZIPPED XLS in transit
2001404 || ET POLICY ZIPPED EXE in transit
2001405 || ET POLICY ZIPPED PPT in transit
2001406 || ET POLICY Possible hidden zip extension .cpl
2001407 || ET POLICY Possible hidden zip extension .pif
2001408 || ET POLICY Possible hidden zip extension .scr
2001409 || ET MALWARE Mastermind Related Reporting
2001410 || ET MALWARE Mastermind Related Reporting 8081
2001411 || ET MALWARE Mastermind Related Downloading mm20.ocx
2001413 || ET MALWARE Medis-Motor Related Downloading ast_4_mm.exe
2001414 || ET MALWARE Media-Motor Related Downloading MediaMotor25.exe
2001415 || ET MALWARE E2give Related Downloading IeBHOs.dll || url,research.sunbelt-software.com/threatdisplay.aspx?name=E2Give&threatid=4728
2001416 || ET MALWARE E2give Related Reporting Install || url,research.sunbelt-software.com/threatdisplay.aspx?name=E2Give&threatid=4728
2001417 || ET MALWARE E2give Related Receiving Config || url,research.sunbelt-software.com/threatdisplay.aspx?name=E2Give&threatid=4728
2001418 || ET MALWARE E2give Related Downloading Code || url,research.sunbelt-software.com/threatdisplay.aspx?name=E2Give&threatid=4728
2001419 || ET MALWARE Avres.net Downloading cpr_mm2.exe
2001420 || ET MALWARE Avres.net Downloading ab1.exe
2001421 || ET MALWARE Avres.net Downloading tvm_bundle.exe
2001422 || ET MALWARE Avres.net Reporting Data
2001423 || ET MALWARE E2give Related Reporting || url,research.sunbelt-software.com/threatdisplay.aspx?name=E2Give&threatid=4728
2001424 || ET POLICY Gmail Inbox Access
2001425 || ET POLICY Gmail File Send
2001426 || ET POLICY Gmail Message Send
2001427 || ET CHAT Yahoo IM Unavailable Status
2001430 || ET WORM Bofra Victim Accessing Reactor Page || url,us.mcafee.com/virusInfo/default.asp?id=description&virus_k=129631 || url,securityresponse.symantec.com/avcenter/venc/data/w32.bofra.e@mm.html
2001440 || ET MALWARE Abox Download
2001441 || ET MALWARE Abox Install Report || url,securityresponse.symantec.com/avcenter/venc/data/adware.adultbox.html
2001442 || ET MALWARE Statblaster.MemoryWatcher Download || url,www.memorywatcher.com/eula.aspx
2001443 || ET MALWARE WhenUClick.com Desktop Bar App Checkin || url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || url,www.whenusearch.com
2001444 || ET MALWARE Overpro Spyware Bundle Install || url,www.wildarcade.com
2001445 || ET MALWARE PeopleOnPage Install || url,www.safer-networking.org/en/threats/602.html || url,www.peopleonpage.com
2001446 || ET MALWARE PeopleOnPage Ping || url,www.safer-networking.org/en/threats/602.html || url,www.peopleonpage.com
2001447 || ET MALWARE 2nd-thought (W32.Daqa.C) Download || url,securityresponse.symantec.com/avcenter/venc/data/adware.secondthought.html
2001448 || ET MALWARE MediaTickets Download || url,securityresponse.symantec.com/avcenter/venc/data/adware.winad.html
2001449 || ET POLICY Proxy Connection detected
2001450 || ET MALWARE Wintools Download/Configure || url,www.intermute.com/spyware/HuntBar.html
2001451 || ET MALWARE Bundleware Spyware Download
2001452 || ET MALWARE Bundleware Spyware CHM Download
2001453 || ET MALWARE Couponage Download || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453090725
2001454 || ET MALWARE Couponage Configure || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453090725
2001455 || ET MALWARE Couponage Reporting || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453090725
2001456 || ET MALWARE ContextPanel Reporting
2001458 || ET MALWARE Bundleware Spyware cab Download
2001459 || ET MALWARE Overpro Spyware Games || url,securityresponse.symantec.com/avcenter/venc/data/adware.overpro.html
2001460 || ET MALWARE Sexmaniack Install Tracking
2001461 || ET MALWARE Xpire.info Multiple Spyware Installs (1)
2001462 || ET MALWARE Xpire.info Multiple Spyware Installs Occuring
2001463 || ET MALWARE Xpire.info Multiple Spyware Installs (2)
2001464 || ET MALWARE Xpire.info Multiple Spyware Installs (3)
2001466 || ET MALWARE Xpire.info Multiple Spyware Installs (4)
2001467 || ET MALWARE Xpire.info Multiple Spyware Installs (5)
2001468 || ET MALWARE Xpire.info Multiple Spyware Installs CHM Exploit
2001469 || ET MALWARE Xpire.info Multiple Spyware Installs (6)
2001470 || ET MALWARE Xpire.info Multiple Spyware Installs (7)
2001471 || ET MALWARE Xpire.info Spyware Exploit
2001472 || ET MALWARE Xpire.info Spyware Install Reporting
2001473 || ET MALWARE Searchmeup Spyware Install (toolbar)
2001474 || ET MALWARE Searchmeup Spyware Install (prog)
2001475 || ET MALWARE Searchmeup Spyware Receiving Commands
2001479 || ET MALWARE Coolsearch Spyware Install
2001480 || ET MALWARE Searchmeup Spyware Install (systime)
2001481 || ET MALWARE MediaTickets Spyware Install || url,securityresponse.symantec.com/avcenter/venc/data/adware.winad.html
2001482 || ET MALWARE thebestsoft4u.com Spyware Install (1)
2001483 || ET MALWARE Searchmeup Spyware Install (mstask)
2001484 || ET MALWARE Searchmeup Spyware Install (d.exe)
2001485 || ET MALWARE thebestsoft4u.com Spyware Install (2)
2001486 || ET MALWARE thebestsoft4u.com Spyware Install (3)
2001487 || ET MALWARE Tibsystems Spyware Activity
2001488 || ET MALWARE Tibsystems Spyware Download
2001489 || ET MALWARE Spygalaxy.ws Activity
2001490 || ET MALWARE ICQ-Update.biz Reporting Install
2001491 || ET MALWARE Xpire.info Install Code Download
2001492 || ET MALWARE ISearchTech.com XXXPornToolbar Activity (MyApp) || url,www.isearchtech.com
2001493 || ET MALWARE ISearchTech.com XXXPornToolbar Activity (IST) || url,www.isearchtech.com
2001494 || ET MALWARE Clickspring.net Spyware Reporting Successful Install || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453082745
2001495 || ET MALWARE Outerinfo.com Spyware Install
2001496 || ET MALWARE Outerinfo.com Spyware Advertising Campaign Download
2001497 || ET MALWARE Outerinfo.com Spyware Activity
2001498 || ET MALWARE Internet Optimizer Activity
2001499 || ET MALWARE Look2me Spyware Activity (1) || url,securityresponse.symantec.com/avcenter/venc/data/adware.look2me.html
2001500 || ET MALWARE Clickspring.net Spyware Reporting || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453082745
2001501 || ET MALWARE Clickspring.net Spyware Reporting || url,sarc.com/avcenter/venc/data/adware.bargainbuddy.html
2001503 || ET MALWARE Medialoads.com Spyware Config
2001505 || ET MALWARE Smartpops.com Spyware Install rh.exe || url,securityresponse.symantec.com/avcenter/venc/data/adware.smartpops.html
2001507 || ET MALWARE Medialoads.com Spyware Identifying Country of Origin
2001508 || ET MALWARE Medialoads.com Spyware Reporting (download.cgi)
2001509 || ET MALWARE Medialoads.com Spyware Reporting (register.cgi)
2001510 || ET MALWARE SurfAssistant.com Spyware Install || url,securityresponse.symantec.com/avcenter/venc/data/adware.sa.html
2001512 || ET MALWARE pool.Westpop.com Spyware Install
2001513 || ET MALWARE Smartpops.com Spyware Update || url,securityresponse.symantec.com/avcenter/venc/data/adware.smartpops.html
2001514 || ET MALWARE SurfAssistant.com Spyware Reporting || url,securityresponse.symantec.com/avcenter/venc/data/adware.sa.html
2001516 || ET MALWARE Smartpops.com Spyware Install || url,securityresponse.symantec.com/avcenter/venc/data/adware.smartpops.html
2001517 || ET MALWARE Websearch.com Outbound Dialer Retrieval || mcafee,131461
2001520 || ET MALWARE Spywaremover Activity || url,securityresponse.symantec.com/avcenter/venc/data/adware.topantispyware.html
2001521 || ET MALWARE Spywaremover Activity || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453087903
2001522 || ET MALWARE SpywareLabs Application Install
2001523 || ET MALWARE Statblaster Receiving New configuration (allfiles) || url,securityresponse.symantec.com/avcenter/venc/data/adware.statblaster.html
2001524 || ET MALWARE Statblaster Code Download || url,securityresponse.symantec.com/avcenter/venc/data/adware.statblaster.html
2001525 || ET MALWARE Virtumonde Spyware Code Download mmdom.exe || url,sarc.com/avcenter/venc/data/adware.virtumonde.html
2001526 || ET MALWARE Virtumonde Spyware Code Download bkinst.exe || url,www.lurhq.com/iframeads.html
2001529 || ET MALWARE Casalemedia Access, Likely Spyware
2001530 || ET MALWARE ak-networks.com Spyware Code Download
2001531 || ET MALWARE C4tdownload.com Access, Likely Spyware || url,sarc.com/avcenter/venc/data/adware.clickdloader.b.html
2001532 || ET MALWARE Searchmiracle.com Access, Likely Spyware || url,securityresponse.symantec.com/avcenter/venc/data/trojan.elitebar.html
2001533 || ET MALWARE Searchmiracle.com Spyware Installer silent.exe Download || url,www.searchmiracle.com/silent.exe
2001534 || ET MALWARE Searchmiracle.com Spyware Install (silent_install) || url,www.searchmiracle.com
2001535 || ET MALWARE Searchmiracle.com Spyware Install (protector.exe) || url,www.searchmiracle.com
2001536 || ET MALWARE Spyspotter.com Install
2001537 || ET MALWARE Spyspotter.com Access
2001538 || ET MALWARE Oenji.com Install
2001539 || ET MALWARE Spyspotter.com Access, Likely Spyware
2001540 || ET MALWARE Searchmiracle.com Spyware Install (v3cab) || url,www.searchmiracle.com
2001541 || ET MALWARE Xpire.info Install Report
2001543 || ET EXPLOIT NTDump Session Established Reg-Entry port 445
2001544 || ET EXPLOIT NTDump.exe Service Started port 445
2001546 || ET WEB-MISC LINK Method || url,www.w3.org/Protocols/HTTP/Methods/Link.html
2001547 || ET VIRUS Sobig.E-F Trojan Site Download Request || url,securityresponse.symantec.com/avcenter/venc/data/w32.sobig.e@mm.html
2001548 || ET WORM Sasser FTP exploit attempt || url,www.lurhq.com/dabber.html
2001549 || ET EXPLOIT Possible Sun Java Plugin arbitrary package access exploit (1) || cve,CAN-2004-1029 || url,www.kb.cert.org/vuls/id/760344 || url,secunia.com/advisories/13271/ || url,archives.neohapsis.com/archives/bugtraq/2004-11/0299.html || url,www.idefense.com/application/poi/display?id=158 || url,sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1 || url,jouko.iki.fi/adv/javaplugin.html
2001550 || ET EXPLOIT Possible Sun Java Plugin arbitrary package access exploit (2) || cve,CAN-2004-1029 || url,www.kb.cert.org/vuls/id/760344 || url,secunia.com/advisories/13271/ || url,archives.neohapsis.com/archives/bugtraq/2004-11/0299.html || url,www.idefense.com/application/poi/display?id=158 || url,sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1 || url,jouko.iki.fi/adv/javaplugin.html
2001551 || ET EXPLOIT Possible Sun Java Plugin arbitrary package access exploit (3) || cve,CAN-2004-1029 || url,www.kb.cert.org/vuls/id/760344 || url,secunia.com/advisories/13271/ || url,archives.neohapsis.com/archives/bugtraq/2004-11/0299.html || url,www.idefense.com/application/poi/display?id=158 || url,sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1 || url,jouko.iki.fi/adv/javaplugin.html
2001552 || ET EXPLOIT Possible Sun Java Plugin arbitrary package access exploit (4) || cve,CAN-2004-1029 || url,www.kb.cert.org/vuls/id/760344 || url,secunia.com/advisories/13271/ || url,archives.neohapsis.com/archives/bugtraq/2004-11/0299.html || url,www.idefense.com/application/poi/display?id=158 || url,sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1 || url,jouko.iki.fi/adv/javaplugin.html
2001553 || ET SCAN Possible SSL Brute Force attack or Site Crawl
2001562 || ET MALWARE MarketScore.com Spyware User Configuration and Setup Access || url,www.spysweeper.com/remove-marketscore.html || url,www.marketscore.com
2001563 || ET MALWARE MarketScore.com Spyware SSL Access || url,www.spysweeper.com/remove-marketscore.html || url,www.marketscore.com
2001564 || ET MALWARE MarketScore.com Spyware Proxied Traffic || url,www.spysweeper.com/remove-marketscore.html || url,www.marketscore.com
2001569 || ET SCAN Behavioral Unusual Port 445 traffic, Potential Scan or Infection
2001570 || ET MALWARE Spyware Stormer Reporting Data || url,www.spywarestormer.com
2001571 || ET MALWARE Spyware Stormer/Error Guard Activity || url,www.spywarestormer.com
2001576 || ET MALWARE BInet Information Install Report || url,sarc.com/avcenter/venc/data/pf/adware.betterinternet.html
2001579 || ET SCAN Behavioral Unusual Port 139 traffic, Potential Scan or Infection
2001580 || ET SCAN Behavioral Unusual Port 137 traffic, Potential Scan or Infection
2001581 || ET SCAN Behavioral Unusual Port 135 traffic, Potential Scan or Infection
2001582 || ET SCAN Behavioral Unusual Port 1434 traffic, Potential Scan or Infection
2001583 || ET SCAN Behavioral Unusual Port 1433 traffic, Potential Scan or Infection
2001586 || ET MALWARE MarketScore.com Spyware Proxied Traffic (mitmproxy agent) || url,www.spysweeper.com/remove-marketscore.html || url,www.marketscore.com
2001587 || ET MALWARE MarketScore.com Spyware Upgrading || url,www.spysweeper.com/remove-marketscore.html || url,www.marketscore.com
2001588 || ET MALWARE MarketScore.com Spyware Activity (1) || url,www.spysweeper.com/remove-marketscore.html || url,www.marketscore.com
2001589 || ET MALWARE MarketScore.com Spyware Activity (2) || url,www.spysweeper.com/remove-marketscore.html || url,www.marketscore.com
2001595 || ET POLICY Skype VOIP Checking Version (Startup) || url,www1.cs.columbia.edu/~library/TR-repository/reports/reports-2004/cucs-039-04.pdf
2001596 || ET POLICY Skype VOIP Reporting Install || url,www1.cs.columbia.edu/~library/TR-repository/reports/reports-2004/cucs-039-04.pdf
2001597 || ET POLICY Netop Remote Control Usage || url,www.netop.com
2001608 || ET INAPPROPRIATE Likely Porn
2001609 || ET SCAN F5 BIG-IP 3DNS TCP Probe 1 || url,www.f5.com/f5products/v9intro/index.html
2001610 || ET SCAN F5 BIG-IP 3DNS TCP Probe 2 || url,www.f5.com/f5products/v9intro/index.html
2001611 || ET SCAN F5 BIG-IP 3DNS TCP Probe 3 || url,www.f5.com/f5products/v9intro/index.html
2001616 || ET ATTACK RESPONSE Zone-H.org defacement notification
2001620 || ET ATTACK RESPONSE Likely Botnet Activity
2001621 || ET Exploit Suspected PHP Injection Attack || cve,2002-0953
2001622 || ET EXPLOIT winhlp32 ActiveX control attack, phase 1
2001623 || ET EXPLOIT winhlp32 ActiveX control attack, phase 2
2001624 || ET EXPLOIT winhlp32 ActiveX control attack, phase 3
2001625 || ET EXPLOIT winhlp32 ActiveX control attack via EMAIL, phase 1
2001626 || ET EXPLOIT winhlp32 ActiveX control attack via EMAIL, phase 2
2001627 || ET EXPLOIT winhlp32 ActiveX control attack via EMAIL, phase 3
2001628 || ET ATTACK RESPONSE Outbound PHP Connection
2001633 || ET EXPLOIT Probable MSIE XPSP2 Remote Compromise (1) || url,freehost07.websamba.com/greyhats/sp2rc-analysis.htm
2001634 || ET EXPLOIT Probable MSIE XPSP2 Remote Compromise (2) || url,freehost07.websamba.com/greyhats/sp2rc-analysis.htm
2001635 || ET DOS HTTP GET with newline appended || cve,2004-0942
2001636 || ET DOS squ1rt Apache DoS || cve,2004-0942
2001639 || ET MALWARE Wild Tangent Agent Activity
2001640 || ET MALWARE Altnet PeerPoints Manager Traffic
2001641 || ET MALWARE Microgaming.com Spyware Installation (dlhelper)
2001643 || ET MALWARE Microgaming.com Spyware Installation (2)
2001644 || ET MALWARE Microgaming.com Spyware Reporting Installation
2001645 || ET MALWARE Microgaming.com Spyware Casino App Install
2001646 || ET MALWARE Toprebates.com Install (1) || url,securityresponse.symantec.com/avcenter/venc/data/adware.webrebates.html
2001647 || ET MALWARE Toprebates.com Install (2) || url,securityresponse.symantec.com/avcenter/venc/data/adware.webrebates.html
2001648 || ET MALWARE Toprebates.com User Confirming Membership || url,securityresponse.symantec.com/avcenter/venc/data/adware.webrebates.html
2001650 || ET MALWARE Search Scout Related Spyware (content) || url,securityresponse.symantec.com/avcenter/venc/data/adware.searchscout.html
2001652 || ET MALWARE JoltID Agent New Code Download || url,forum.treweeke.com/lofiversion/index.php/t597.html || url,www.joltid.com
2001653 || ET MALWARE Search Scout Related Spyware (results) || url,securityresponse.symantec.com/avcenter/venc/data/adware.searchscout.html
2001654 || ET MALWARE JoltID Agent Requesting File || url,forum.treweeke.com/lofiversion/index.php/t597.html || url,www.joltid.com
2001655 || ET MALWARE Comet Systems Spyware Traffic (context.xml) || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453083029
2001656 || ET MALWARE GlobalPhon.com Dialer
2001657 || ET MALWARE GlobalPhon.com Dialer Download
2001658 || ET MALWARE Comet Systems Spyware Reporting
2001659 || ET MALWARE GlobalPhon.com Dialer (no_pop)
2001660 || ET MALWARE GlobalPhon.com Dialer (add_ocx)
2001662 || ET MALWARE MyWebSearch Toolbar Traffic (Agent)
2001663 || ET MALWARE MyWebSearch Toolbar Traffic (host)
2001664 || ET P2P Gnutella Connect || url,www.gnutella.com
2001666 || ET MALWARE Metarewards Spyware Activity
2001668 || ET EXPLOIT Exploit MS05-002 Malformed .ANI stack overflow attack
2001669 || ET WEB Proxy GET Request
2001670 || ET WEB Proxy HEAD Request
2001674 || ET WEB Proxy POST Request
2001675 || ET WEB Proxy CONNECT Request
2001677 || ET MALWARE Webhancer Data Post || url,securityresponse.symantec.com/avcenter/venc/data/spyware.webhancer.html
2001678 || ET MALWARE Webhancer Agent Activity || url,securityresponse.symantec.com/avcenter/venc/data/spyware.webhancer.html
2001679 || ET MALWARE JoltID Agent P2P via Proxy Server || url,securityresponse.symantec.com/avcenter/venc/data/adware.p2pnetworking.html
2001682 || ET POLICY MSN IM Poll via HTTP
2001683 || ET MALWARE Windows executable sent when remote host claims to send an image
2001684 || ET MALWARE Windows executable sent when remote host claims to send image, Win32
2001685 || ET MALWARE Possible Windows executable sent when remote host claims to send an image
2001686 || ET EXPLOIT Awstats Remote Code Execution Attempt || cve,CAN-2005-0116 || bugtraq,12298 || url,www.idefense.com/application/poi/display?id=185&type=vulnerabilities&flashstatus=false || url,awstats.sourceforge.net || url,www.k-otik.com/exploits/20050302.awstats_shell.c.php || url,www.k-otik.com/exploits/20050124.awexpl.c.php
2001689 || ET WORM Potential MySQL bot scanning for SQL server || url,isc.sans.org/diary.php?date=2005-01-27
2001696 || ET MALWARE Search Relevancy Spyware || url,securityresponse.symantec.com/avcenter/venc/data/spyware.relevancy.html
2001697 || ET MALWARE ISearchTech.com XXXPornToolbar Data Submission || url,www.isearchtech.com
2001698 || ET MALWARE YourSiteBar Data Submision || url,www.ysbweb.com
2001699 || ET MALWARE YourSiteBar Activity || url,www.ysbweb.com
2001700 || ET MALWARE Windupdates.com Spyware Install
2001701 || ET MALWARE Windupdates.com Spyware Loggin Data
2001702 || ET MALWARE Shop at Home Select Spyware Activity (Bundle)
2001703 || ET MALWARE Context Plus Spyware Activity (1)
2001704 || ET MALWARE Context Plus Spyware Install
2001705 || ET MALWARE Flingstone Spyware Install (sportsinteraction) || url,securityresponse.symantec.com/avcenter/venc/data/adware.winfavorites.html
2001706 || ET MALWARE Context Plus Spyware Activity (2)
2001707 || ET MALWARE Shop at Home Select Spyware Activity (SAH)
2001708 || ET MALWARE Shop at Home Select Spyware Heartbeat || url,securityresponse.symantec.com/avcenter/venc/data/adware.sahagent.html
2001709 || ET MALWARE Shop at Home Select Spyware Config Download (agentprefs) || url,securityresponse.symantec.com/avcenter/venc/data/adware.sahagent.html
2001710 || ET MALWARE Flingstone Spyware Install (cxtpls) || url,securityresponse.symantec.com/avcenter/venc/data/adware.winfavorites.html
2001711 || ET MALWARE Likely Spambot Web-based Control Traffic
2001712 || ET POLICY MyWebEx Server Traffic || url,www.mywebexpc.com/how.php
2001713 || ET POLICY MyWebEx Installation || url,www.mywebexpc.com/how.php
2001714 || ET POLICY MyWebEx Incoming Connection || url,www.mywebexpc.com/how.php
2001715 || ET WORM Bropia.F Worm Propagation || url,www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FBROPIA%2EF
2001716 || ET Web IDN url seen..
2001718 || ET EXPLOIT CAN-2004-1244 PNG with bad width || cve,2004-1214
2001719 || ET EXPLOIT CAN-2004-1244 PNG with bad height || cve,2004-1214
2001720 || ET EXPLOIT CAN-2004-0597 PNG with indexed color || cve,2004-0597
2001721 || ET EXPLOIT CAN-2004-0597 PNG with too big PLTE || cve,2004-0597
2001722 || ET EXPLOIT CAN-2004-0597 PNG with too big hIST || cve,2004-0597
2001723 || ET EXPLOIT ATmaCA PoC for CORE-2004-0819 - Bad PNG
2001724 || ET EXPLOIT libpng CAN-2004-1244 overflow attempt || bugtraq,10872 || cve,2004-0597
2001725 || ET EXPLOIT MS05-014 HTML OBJECT tag local zone exploit || url,www.microsoft.com/technet/security/bulletin/ms05-014.mspx
2001726 || ET VIRUS Trojan-Spy.Win32.Bancos Download || url,securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.b.html
2001727 || ET EXPLOIT MS05-005 Office XP .doc Remote Code Attempt || url,www.frsirt.com/english/advisories/2005/0119 || cve,2004-0848
2001729 || ET MALWARE Tibsystems Spyware Install (1)
2001730 || ET MALWARE A-d-w-a-r-e.com Activity (popup) || url,www.a-d-w-a-r-e.com
2001731 || ET MALWARE SurfSidekick Activity || url,securityresponse.symantec.com/avcenter/venc/data/adware.surfsidekick.html
2001732 || ET MALWARE Top Converting Agent Activity
2001733 || ET MALWARE CrazyWinnings.com Activity
2001734 || ET MALWARE Tibsystems Spyware Install (2)
2001735 || ET MALWARE A-d-w-a-r-e.com Activity (cmd) || url,www.a-d-w-a-r-e.com
2001736 || ET MALWARE UCMore Spyware Activity
2001737 || ET MALWARE ak-networks.com Spyware Code Install
2001738 || ET WEB PHP vBulletin Remote Command Execution Attempt || bugtraq,12542
2001742 || ET EXPLOIT Arkeia full remote access without password or authentication || url,metasploit.com/research/vulns/arkeia_agent
2001743 || ET TROJAN HackerDefender Root Kit Remote Connection Attempt Detected || url,securityresponse.symantec.com/avcenter/venc/data/backdoor.hackdefender.html
2001744 || ET MALWARE Searchmiracle.com Spyware Install (install) || url,www.searchmiracle.com
2001746 || ET MALWARE Enhance My Search Spyware Activity
2001747 || ET MALWARE My-Stats.com Spyware Checkin
2001748 || ET MALWARE Pynix.dll BHO Activity || url,www.pynix.com
2001751 || ET EXPLOIT Nullsoft Shoutcast Server Format String Attack || bugtraq,12096 || cve,2004-1373
2001753 || ET EXPLOIT Pwdump4 Session Established GetHash port 139
2001754 || ET EXPLOIT Pwdump4 Session Established GetHash port 445
2001756 || ET P2P Ares File Upload || url,www.aresgalaxy.org
2001761 || ET MALWARE ABX Toolbar ActiveX Install || url,isc.sans.org/diary.php?date=2005-03-04
2001762 || ET WEB_SPECIFIC phpbb Session Cookie || url,www.waraxe.us/ftopict-555.html
2001763 || ET VIRUS - W32.Opaserv Worm Infection || url,www.sarc.com/avcenter/venc/data/w32.opaserv.worm.html
2001764 || ET VIRUS Bugbear@MM virus via SMTP || url,www.symantec.com/avcenter/venc/data/w32.bugbear@mm.html
2001765 || ET VIRUS BugBear@MM virus in Network share || url,www.symantec.com/avcenter/venc/data/w32.bugbear@mm.html
2001766 || ET VIRUS BugBear@MM Worm Copied to Startup Folder || url,www.symantec.com/avcenter/venc/data/w32.bugbear@mm.html
2001767 || ET WEB ORACLE OLEDB asp error || url,www.wiretrip.net/rfp/p/doc.asp/i2/d42.htm
2001768 || ET WEB MS SQL Server OLEDB asp error || url,www.wiretrip.net/rfp/p/doc.asp/i2/d42.htm
2001780 || ET EXPLOIT Solaris TTYPROMPT environment variable set || url,online.securityfocus.com/archive/1/293844
2001781 || ET WEB ORACLE rwcgi60 information leak attempt || url,www.kb.cert.org/vuls/id/997403
2001783 || ET MALWARE Media Pass ActiveX Install || url,static.windupdates.com/Release/v19/Info.txt || url,www.benedelman.org/news/010205-1.html
2001793 || ET MALWARE Incredisearch.com Spyware Ping
2001794 || ET MALWARE Incredisearch.com Spyware Activity
2001795 || ET DOS Excessive SMTP MAIL-FROM DDoS
2001796 || ET P2P Kazaa over UDP || url,www.kazaa.com/us/index.htm
2001801 || ET POLICY ICQ Status Invisible
2001802 || ET POLICY ICQ Status Change (1)
2001803 || ET POLICY ICQ Status Change (2)
2001804 || ET POLICY ICQ Login
2001805 || ET POLICY ICQ Message
2001806 || ET POLICY Administrator Login Detected
2001807 || ET EXPLOIT CAN-2005-0399 Gif Vuln via http || cve,2005-0399
2001808 || ET P2P LimeWire P2P Traffic || url,www.limewire.com
2001809 || ET P2P Limewire P2P UDP Traffic || url,www.limewire.com
2001810 || ET EXPLOIT WEB PHP remote file include exploit attempt
2001811 || ET WEB Encoded javascriptdocument.write - usually hostile
2001812 || ET P2P KazaaClient P2P Traffic || url,www.kazaa.com/us/index.htm
2001813 || ET EXPLOIT MSIE Hidden Address Bar (Phish) || cve,2001-1410 || url,securityresponse.symantec.com/avcenter/venc/data/js.trojan.blinder.html || url,www.guninski.com/popspoof.html
2001815 || ET MALWARE Spambot Suspicious 220 Banner on Local Port
2001841 || ET P2P UDP traffic - Likely Limewire || url,www.limewire.com
2001846 || ET DOS -ISC- ICMP blind TCP reset DoS guessing attempt || url,isc.sans.org/diary.php?date=2005-04-12 || url,www.microsoft.com/technet/security/bulletin/MS05-019.mspx || cve,can-2004-0790
2001848 || ET EXPLOIT MS05-021 Exchange Link State - Possible Attack (1) || url,www.microsoft.com/technet/security/bulletin/MS05-021.mspx || url,isc.sans.org/diary.php?date=2005-04-12 || cve,CAN-2005-0560
2001849 || ET EXPLOIT MS05-021 Exchange Link State - Possible Attack (2) || url,www.microsoft.com/technet/security/bulletin/MS05-021.mspx || url,isc.sans.org/diary.php?date=2005-04-12 || cve,CAN-2005-0560
2001850 || ET MALWARE Likely Trojan/Spyware Installer Requested (1)
2001852 || ET MALWARE 404Search Spyware User Agent
2001853 || ET MALWARE Easy Search Bar Spyware User Agent
2001854 || ET MALWARE EZULA Spyware User Agent
2001855 || ET MALWARE Fun Web Products Spyware User Agent (1)
2001858 || ET MALWARE Hotbar Spyware User Agent
2001862 || ET MALWARE Surf Assistant Spyware User Agent
2001864 || ET MALWARE Fun Web Products Spyware User Agent (3)
2001865 || ET MALWARE MyWebSearch Spyware User Agent
2001867 || ET MALWARE Search Engine 2000 Spyware User Agent
2001868 || ET MALWARE SureSeeker Spyware User Agent
2001869 || ET MALWARE Sidesearch Spyware User Agent
2001870 || ET MALWARE Surfplayer Spyware User Agent
2001871 || ET MALWARE Target Saver Spyware User Agent
2001872 || ET MALWARE Visicom Spyware User Agent
2001873 || ET EXPLOIT MS Exchange Link State Routing Chunk (maybe MS05-021) || url,www.microsoft.com/technet/security/bulletin/MS05-021.mspx || url,isc.sans.org/diary.php?date=2005-04-12 || cve,CAN-2005-0560
2001874 || ET EXPLOIT TCP Reset from MS Exchange after chunked data, probably crashed it (MS05-021) || url,www.microsoft.com/technet/security/bulletin/MS05-021.mspx || url,isc.sans.org/diary.php?date=2005-04-12 || cve,CAN-2005-0560
2001875 || ET EXPLOIT MS Exchange chunks accepted || url,www.microsoft.com/technet/security/bulletin/MS05-021.mspx || url,isc.sans.org/diary.php?date=2005-04-12 || cve,CAN-2005-0560
2001876 || ET EXPLOIT MS Exchange disliked link state chunk, but didn't die (MS05-021) || url,www.microsoft.com/technet/security/bulletin/MS05-021.mspx || url,isc.sans.org/diary.php?date=2005-04-12 || cve,CAN-2005-0560
2001879 || ET VIRUS Sober-style Ehlo - noalert || url,securityresponse.symantec.com/avcenter/venc/data/w32.sober@mm.html
2001880 || ET VIRUS Sober-style Ehlo followed by SMTP AUTH - noalert || url,securityresponse.symantec.com/avcenter/venc/data/w32.sober@mm.html
2001882 || ET DOS ICMP Path MTU lowered below acceptable threshold || url,isc.sans.org/diary.php?date=2005-04-12 || url,www.microsoft.com/technet/security/bulletin/MS05-019.mspx || cve,CAN-2004-1060
2001884 || ET MALWARE DesktopTraffic Toolbar Spyware || url,research.spysweeper.com/threat_library/threat_details.php?threat=desktoptraffic.net_hijack
2001885 || ET MALWARE Begin2Search.com Spyware || url,sarc.com/avcenter/venc/data/adware.begin2search.html
2001886 || ET MALWARE ToolbarPartner Spyware Install || url,toolbarpartner.com
2001887 || ET MALWARE ToolbarPartner Spyware Activity (1) || url,toolbarpartner.com
2001888 || ET MALWARE ToolbarPartner Spyware Activity (2) || url,toolbarpartner.com
2001889 || ET MALWARE ToolbarPartner Spyware Jeemp Trojan Download || url,toolbarpartner.com
2001890 || ET MALWARE ToolbarPartner Spyware Agent Download (1) || url,toolbarpartner.com
2001891 || ET MALWARE Suspicious User Agent (agent)
2001892 || ET MALWARE ToolbarPartner Spyware Agent Download (2) || url,toolbarpartner.com
2001893 || ET MALWARE ToolbarPartner Spyware Agent Reporting Install || url,toolbarpartner.com
2001894 || ET MALWARE ToolbarPartner Spyware Agent Partner Install || url,toolbarpartner.com
2001895 || ET MALWARE ToolbarPartner Spyware Spambot Retrieving Target Emails || url,toolbarpartner.com
2001897 || ET MALWARE pool.Westpop.com Spyware Updates
2001898 || ET POLICY eBay Bid Placed
2001899 || ET BOTNET HTTP Botnet reg || url,www.honeynet.org/papers/bots
2001900 || ET BOTNET BwB Botnet Checkin || url,www.honeynet.org/papers/bots
2001901 || ET TROJAN Possible Bobax trojan infection || url,www.lurhq.com/bobax.html
2001904 || ET SCAN Behavioral Unusually fast inbound Telnet Connections, Potential Scan or Brute Force || url,www.rapid7.com/nexpose-faq-answer2.htm
2001906 || ET SCAN MYSQL 4.0 brute force root login attempt || url,www.redferni.uklinux.net/mysql/MySQL-323.html
2001907 || ET POLICY eBay Placing Item for sale
2001908 || ET POLICY eBay View Item
2001909 || ET POLICY eBay Watch This Item
2001910 || ET WORM AIM Bot Outbound Control Channel Open and Login
2001919 || ET VIRUS Greeting card gif.exe email incoming SMTP || url,securityresponse.symantec.com/avcenter/venc/data/vbs.postcard@mm.html
2001920 || ET VIRUS Greeting card gif.exe email incoming POP3/IMAP || url,securityresponse.symantec.com/avcenter/venc/data/vbs.postcard@mm.html
2001921 || ET VIRUS Greeting card gif.exe email incoming HTTP || url,securityresponse.symantec.com/avcenter/venc/data/vbs.postcard@mm.html
2001928 || ET WEB_SPECIFIC XSS Possible Arbitrary Scripting Code Attack in phpBB (private message) || url,www.securitytracker.com/alerts/2005/May/1013918.html
2001929 || ET WEB_SPECIFIC XSS Possible Arbitrary Scripting Code Attack in phpBB (signature) || url,www.securitytracker.com/alerts/2005/May/1013918.html
2001932 || ET EXPLOIT wowBB view_user.php SQL Injection || bugtraq,13569
2001933 || ET VIRUS PWS Banker Trojan Sending Report of Infection || url,securityresponse.symantec.com/avcenter/venc/data/pwsteal.banker.b.html
2001944 || ET EXPLOIT MS04-007 Kill-Bill ASN1 exploit attempt || cve,CAN-2003-0818 || url,www.microsoft.com/technet/security/bulletin/MS04-007.mspx || url,www.phreedom.org/solar/exploits/msasn1-bitstring/
2001945 || ET WEB WebAPP Apage.CGI Remote Command Execution Attempt || bugtraq,13637
2001947 || ET MALWARE Zenotecnico Adware || url,www.zenotecnico.com
2001949 || ET WEB_SPECIFIC Athena Web Registration Remote Command Execution Attempt || bugtraq,9349 || cve,CAN-2004-1782
2001950 || ET POLICY RAR File Outbound
2001951 || ET POLICY RAR File Inbound
2001954 || ET EXPLOIT Meteor FTP Server Exploit || url,www.securiteam.com/exploits/5RP0Q2KFPC.html
2001959 || ET VIRUS Hotword Trojan in Transit || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
2001960 || ET VIRUS Hotword Trojan inbound via http || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
2001961 || ET VIRUS Hotword Trojan - Possible File Upload CHJO || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
2001962 || ET VIRUS Hotword Trojan - Possible File Upload CFXP || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
2001963 || ET VIRUS Hotword Trojan - Possible FTP File Request pspv.exe || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
2001964 || ET VIRUS Hotword Trojan - Possible FTP File Request .tea || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
2001965 || ET VIRUS Hotword Trojan - Possible FTP File Status Upload ___ || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
2001966 || ET VIRUS Hotword Trojan - Possible FTP File Status Check ___ || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html
2001972 || ET SCAN Behavioral Unusually fast Terminal Server Traffic, Potential Scan or Infection
2001973 || ET POLICY SSH Server Banner Detected on Expected Port
2001974 || ET POLICY SSH Client Banner Detected on Expected Port
2001975 || ET POLICY SSHv2 Server KEX Detected on Expected Port
2001976 || ET POLICY SSHv2 Client KEX Detected on Expected Port
2001977 || ET POLICY SSHv2 Client New Keys detected on Expected Port
2001978 || ET POLICY SSH session in progress on Expected Port
2001979 || ET POLICY SSH Server Banner Detected on Unusual Port
2001980 || ET POLICY SSH Client Banner Detected on Unusual Port
2001981 || ET POLICY SSHv2 Server KEX Detected on Unusual Port
2001982 || ET POLICY SSHv2 Client KEX Detected on Unusual Port
2001983 || ET POLICY SSHv2 Client New Keys Detected on Unusual Port
2001984 || ET POLICY SSH session in progress on Unusual Port
2001985 || ET VIRUS HTTP RBOT Challenge/Response Authentication || url,www.phreedom.org/solar/exploits/msasn1-bitstring || url,isc.sans.org/diary.php?date=2005-06-03
2001988 || ET EXPLOIT MySQL MaxDB Buffer Overflow
2001989 || ET POLICY Prospero Chat Session in Progress || url,www.prospero.com/technology.htm
2001990 || ET EXPLOIT JamMail Jammail.pl Remote Command Execution Attempt || bugtraq,13937
2001991 || ET EXPLOIT WebHints Scripts Remote Command Execution Attempt || bugtraq,13930
2001992 || ET MALWARE SurfSidekick Download || url,securityresponse.symantec.com/avcenter/venc/data/adware.surfsidekick.html
2001993 || ET MALWARE SurfSidekick Dictionary Download || url,securityresponse.symantec.com/avcenter/venc/data/adware.surfsidekick.html
2001994 || ET MALWARE SurfSidekick Activity (ipixel) || url,securityresponse.symantec.com/avcenter/venc/data/adware.surfsidekick.html
2001995 || ET MALWARE UCMore Spyware Reporting || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=58660
2001996 || ET MALWARE UCMore Spyware Activity User Agent String
2001997 || ET MALWARE TargetNetworks.net Spyware Reporting (req) || url,www.targetnetworks.com
2001998 || ET MALWARE UCMore Spyware Downloading Ads || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=58660
2001999 || ET MALWARE BTGrab.com Spyware Downloading Ads || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453090726 || url,www.btgrab.com
2002000 || ET MALWARE Shopnav Spyware Install || url,securityresponse.symantec.com/avcenter/venc/data/spyware.shopnav.html
2002001 || ET MALWARE 180solutions Spyware Keywords Download || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html
2002002 || ET MALWARE Better Internet Spyware User Agent Activity (thnall)
2002003 || ET MALWARE 180solutions Spyware Install || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html
2002004 || ET MALWARE Topconverting Spyware Install || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html
2002005 || ET MALWARE Better Internet Spyware User Agent Activity (poller)
2002008 || ET MALWARE Wild Tangent Install || mcafee,122249
2002009 || ET MALWARE ESyndicate Spyware Install (esyndicateinst.exe) || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453094058
2002010 || ET MALWARE ESyndicate Spyware Install (sepinst.exe) || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453094058
2002011 || ET MALWARE PeopleonPage Spyware User Agent Activity
2002012 || ET MALWARE GrandstreetInteractive.com Install
2002013 || ET MALWARE GrandstreetInteractive.com Update
2002015 || ET MALWARE Internet Fuel.com Install
2002016 || ET MALWARE jmnad1.com Spyware Install (2)
2002017 || ET MALWARE Overpro Spyware Install Report || url,securityresponse.symantec.com/avcenter/venc/data/adware.overpro.html
2002019 || ET MALWARE jmnad1.com Spyware Install (1)
2002020 || ET MALWARE Overpro Spyware User Agent Activity (merong)
2002021 || ET MALWARE Grandstreet Interactive Spyware User Agent Activity (1)
2002022 || ET POLICY GotoMyPC poll.gotomypc.com Server Response to Polling Client OK
2002023 || ET TROJAN IRC USER command
2002024 || ET TROJAN IRC NICK command
2002025 || ET TROJAN IRC JOIN command
2002026 || ET TROJAN IRC PRIVMSG command
2002027 || ET TROJAN IRC PING command
2002028 || ET TROJAN IRC PONG response
2002029 || ET TROJAN BOT - channel topic scan/exploit command
2002030 || ET TROJAN BOT - potential scan/exploit command
2002031 || ET TROJAN BOT - potential update/download
2002032 || ET TROJAN BOT - potential DDoS command (1)
2002033 || ET TROJAN BOT - potential response
2002034 || ET ATTACK RESPONSE Possible /etc/passwd via HTTP (linux style)
2002035 || ET MALWARE Better Internet Spyware User Agent Activity (thin)
2002036 || ET MALWARE Weird on the Web /180 Solutions Checkin || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html
2002037 || ET MALWARE Shop at Home Select Spyware Install || url,securityresponse.symantec.com/avcenter/venc/data/adware.sahagent.html
2002038 || ET MALWARE Shopathomeselect.com Spyware User Agent Activity
2002040 || ET MALWARE Topconverting Spyware Reporting || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html
2002041 || ET MALWARE Weird on the Web /180 Solutions Update || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html
2002043 || ET MALWARE Shop at Home Select Spyware Config Download || url,securityresponse.symantec.com/avcenter/venc/data/adware.sahagent.html
2002044 || ET MALWARE OutBlaze.com Spyware Activity
2002046 || ET MALWARE TargetNetworks.net Spyware Reporting (tn) || url,www.targetnetworks.com
2002047 || ET MALWARE surfaccuracy Spyware User Agent || url,securityresponse.symantec.com/avcenter/venc/data/adware.surfaccuracy.html
2002048 || ET MALWARE 180solutions Spyware Defs Download || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html
2002061 || ET EXPLOIT Possible BackupExec Metasploit Exploit (inbound) || url,www.metasploit.org/projects/Framework/modules/exploits/backupexec_agent.pm || url,isc.sans.org/diary.php?date=2005-06-27
2002062 || ET EXPLOIT Possible BackupExec Metasploit Exploit (outbound) || url,www.metasploit.org/projects/Framework/modules/exploits/backupexec_agent.pm || url,isc.sans.org/diary.php?date=2005-06-27
2002064 || ET EXPLOIT ms05-011 exploit || url,www.frsirt.com/exploits/20050623.mssmb_poc.c.php || bugtraq,12484
2002065 || ET EXPLOIT Veritas backupexec_agent exploit || url,isc.sans.org/diary.php?date=2005-06-27
2002066 || ET WEB_SPECIFIC CSV-DB CSV_DB.CGI Remote Command Execution Attempt || bugtraq,14059
2002067 || ET WEB_SPECIFIC Community Link Pro Login.CGI Remote Command Execution Attempt || bugtraq,14097
2002068 || ET EXPLOIT NDMP Notify Connect - Possible Backup Exec Remote Agent Recon || url,www.ndmp.org/download/sdk_v4/draft-skardal-ndmp4-04.txt
2002069 || ET WEB_SPECIFIC Blog Spam Insert Attempt || url,www.webmasterworld.com/forum92/3683.htm || url,lists.geeklog.net/pipermail/geeklog-spam/2005-June/000020.html || url,spamhuntress.com/2005/05/14/new-block-for-bulgarians/
2002070 || ET WEB_SPECIFIC phpBB Remote Code Execution Attempt || url,www.securiteam.com/unixfocus/6Z00R2ABPY.html || bugtraq,14086 || url,secunia.com/advisories/15845/
2002071 || ET MALWARE XupiterToolbar Spyware User Agent Activity || url,castlecops.com/tk781-Xupitertoolbar_dll_t_dll.html
2002074 || ET MALWARE Win32.Stubby Spyware User Agent Activity || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453088437
2002076 || ET MALWARE New.net Spyware User Agent Activity || url,www.pcsympathy.com/printout74.html || url,www.newdotnet.com
2002078 || ET MALWARE SideStep Spyware User Agent Activity
2002079 || ET MALWARE MyWaySearch Products Spyware User Agent
2002080 || ET MALWARE MySearch Products Spyware User Agent
2002082 || ET POLICY Unusual User Agent (Client) || url,doc.emergingthreats.net/2002082
2002083 || ET MALWARE Pacimedia Spyware 1
2002087 || ET POLICY Inbound Frequent Emails - Possible Spambot Inbound
2002088 || ET MALWARE C4tdownload.com Spyware Activity || url,sarc.com/avcenter/venc/data/adware.clickdloader.b.html
2002089 || ET MALWARE CWS qck.cc Spyware Installer (in.php) || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453076035
2002090 || ET MALWARE IEHelp.net Spyware Installer || url,securityresponse.symantec.com/avcenter/venc/data/trojan.domcom.html
2002091 || ET MALWARE Searchmiracle.com Spyware Install - silent.exe || url,www.searchmiracle.com
2002092 || ET MALWARE yupsearch.com Spyware Install - protector.exe || url,www.yupsearch.com
2002093 || ET MALWARE Likely Trojan/Spyware Installer Requested (2)
2002094 || ET MALWARE MSUpdater.net Spyware Checkin
2002095 || ET MALWARE CWS qck.cc Spyware Installer (web.php) || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453076035
2002096 || ET MALWARE IEHelp.net Spyware checkin || url,securityresponse.symantec.com/avcenter/venc/data/trojan.domcom.html
2002097 || ET MALWARE IEHelp.net Spyware User Agent Activity
2002098 || ET MALWARE yupsearch.com Spyware Install - sideb.exe || url,www.yupsearch.com
2002099 || ET MALWARE 180solutions Spyware config Download || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html
2002100 || ET WEB WPS wps_shop.cgi Remote Command Execution Attempt || bugtraq,14245
2002101 || ET GAMES Battle.net Starcraft login
2002102 || ET GAMES Battle.net Brood War login
2002103 || ET GAMES Battle.net Diablo login
2002104 || ET GAMES Battle.net Diablo 2 login
2002105 || ET GAMES Battle.net Diablo 2 Lord of Destruction login
2002106 || ET GAMES Battle.net Warcraft 2 login
2002107 || ET GAMES Battle.net Warcraft 3 login
2002108 || ET GAMES Battle.net Warcraft 3\: The Frozen throne login
2002109 || ET GAMES Battle.net old game version
2002110 || ET GAMES Battle.net invalid version
2002111 || ET GAMES Battle.net invalid cdkey
2002112 || ET GAMES Battle.net cdkey in use
2002113 || ET GAMES Battle.net banned key
2002114 || ET GAMES Battle.net wrong product
2002115 || ET GAMES Battle.net failed account login (OLS)\: wrong password
2002116 || ET GAMES Battle.net failed account login (NLS)\: wrong password
2002117 || ET GAMES Battle.net connection reset (possible IP-Ban)
2002118 || ET GAMES Battle.net user in channel
2002119 || ET GAMES Battle.net outgoing chat message
2002120 || ET EXPLOIT Potential MS05-036 exploit - JPEG with embedded ICC - Excessive Profile Size || cve,CVE-2005-1219 || url,www.microsoft.com/technet/security/Bulletin/MS05-036.mspx
2002121 || ET EXPLOIT Potential MS05-036 exploit - JPEG with embedded ICC - Excessive Tag Count || cve,CVE-2005-1219 || url,www.microsoft.com/technet/security/Bulletin/MS05-036.mspx
2002122 || ET EXPLOIT Potential MS05-036 exploit - GIF with embedded ICC - Excessive Profile Size || cve,CVE-2005-1219 || url,www.microsoft.com/technet/security/Bulletin/MS05-036.mspx
2002123 || ET EXPLOIT Potential MS05-036 exploit - GIF with embedded ICC - Excessive Tag Count || cve,CVE-2005-1219 || url,www.microsoft.com/technet/security/Bulletin/MS05-036.mspx
2002124 || ET EXPLOIT Potential MS05-036 exploit - PNG with embedded ICC document || cve,CVE-2005-1219 || url,www.microsoft.com/technet/security/Bulletin/MS05-036.mspx
2002127 || ET EXPLOIT Firefox Set Wallpaper Code Execution Attempt (img) || url,www.mozilla.org/security/announce/mfsa2005-47.html || url,secunia.com/advisories/16043/
2002128 || ET EXPLOIT Firefox Set Wallpaper Code Execution Attempt (input) || url,www.mozilla.org/security/announce/mfsa2005-47.html || url,secunia.com/advisories/16043/
2002129 || ET WEB Cacti Input Validation Attack || url,www.idefense.com/application/poi/display?id=266&type=vulnerabilities || url,www.idefense.com/application/poi/display?id=265&type=vulnerabilities || url,www.cacti.net
2002130 || ET WEB Oracle Reports XSS Attempt || url,www.red-database-security.com/advisory/oracle_reports_various_css.html || url,www.oracle.com/technology/products/reports/index.html
2002131 || ET WEB Oracle Reports XML Information Disclosure || url,www.red-database-security.com/advisory/oracle_reports_read_any_xml_file.html || url,www.oracle.com/technology/products/reports/index.html
2002132 || ET WEB Oracle Reports DESFORMAT Information Disclosure || url,www.red-database-security.com/advisory/oracle_reports_read_any_file.html || url,www.oracle.com/technology/products/reports/index.html
2002133 || ET WEB Oracle Reports OS Command Injection Attempt || url,www.red-database-security.com/advisory/oracle_reports_run_any_os_command.html || url,www.oracle.com/technology/products/reports/index.html
2002134 || ET EXPLOIT MS05-036 exploit - JPEG ICC r/b/g/XYZ GetColorProfileElement overflow || cve,CVE-2005-1219 || url,www.microsoft.com/technet/security/Bulletin/MS05-036.mspx
2002137 || ET EXPLOIT MS05-036 exploit - GIF ICC r/b/g/XYZ GetColorProfileElement overflow || cve,CVE-2005-1219 || url,www.microsoft.com/technet/security/Bulletin/MS05-036.mspx
2002138 || ET GAMES World of Warcraft connection
2002139 || ET GAMES World of Warcraft failed logon
2002140 || ET GAMES Battle.net user joined channel
2002141 || ET GAMES Battle.net user left channel
2002142 || ET GAMES Battle.net received whisper message
2002143 || ET GAMES Battle.net received server broadcast
2002144 || ET GAMES Battle.net joined channel
2002145 || ET GAMES Battle.net user had a flags update
2002146 || ET GAMES Battle.net sent a whisper
2002147 || ET GAMES Battle.net channel full
2002148 || ET GAMES Battle.net channel doesn't exist
2002149 || ET GAMES Battle.net channel is restricted
2002150 || ET GAMES Battle.net informational message
2002151 || ET GAMES Battle.net error message
2002152 || ET GAMES Battle.net 'emote' message
2002153 || ET MALWARE EXE as User Agent - Potential Malware
2002154 || ET GAMES Guild Wars connection
2002155 || ET GAMES Steam connection
2002157 || ET POLICY Skype User-Agent detected
2002158 || ET EXPLOIT XML-RPC for PHP Remote Code Injection || cve,2005-1921 || url,www.securityfocus.com/bid/14088/exploit
2002160 || ET MALWARE CoolWebSearch Spyware (Feat) || url,www.doxdesk.com/parasite/CoolWebSearch.html || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453075759 || url,www.spywareguide.com/product_show.php?id=599
2002164 || ET MALWARE Hotbar Spyware User-Agent || url,www.pchell.com/support/hotbar.shtml || url,www.doxdesk.com/parasite/Hotbar.html
2002166 || ET MALWARE Alexa Search Toolbar User-Agent (Alexa Toolbar) || url,www.spywareguide.com/product_show.php?id=418
2002167 || ET POLICY Software Install Reporting via HTTP - Wise User Agent (Wise) Sometimes Malware Related || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453076771
2002169 || ET MALWARE iWon Spyware (iWonSearchAssistant) || url,www.spywareguide.com/product_show.php?id=461
2002170 || ET GAMES Battle.net incoming chat message
2002171 || ET EXPLOIT COM Object Instantiation Memory Corruption Vulnerability (group 1) || url,www.microsoft.com/technet/security/Bulletin/MS05-038.mspx || cve,2005-1990
2002172 || ET EXPLOIT COM Object Instantiation Memory Corruption Vulnerability (group 2) || url,www.microsoft.com/technet/security/Bulletin/MS05-038.mspx || cve,2005-1990
2002173 || ET EXPLOIT COM Object Instantiation Memory Corruption Vulnerability (group 3) || url,www.microsoft.com/technet/security/Bulletin/MS05-038.mspx || cve,2005-1990
2002174 || ET EXPLOIT CLSID Pattern Matched
2002175 || ET TROJAN Srv.SSA-KeyLogger Checkin Traffic
2002181 || ET EXPLOIT Backup Exec Windows Agent Remote File Access - Attempt || url,www.frsirt.com/exploits/20050811.backupexec_dump.pm.php || url,www.frsirt.com/english/advisories/2005/1387
2002182 || ET EXPLOIT Backup Exec Windows Agent Remote File Access - Vulnerable || url,www.frsirt.com/exploits/20050811.backupexec_dump.pm.php || url,www.frsirt.com/english/advisories/2005/1387
2002186 || ET EXPLOIT SMB-DS Microsoft Windows 2000 Plug and Play Vulnerability || url,isc.sans.org/diary.php?date=2005-08-14 || url,www.microsoft.com/technet/security/Bulletin/MS05-039.mspx
2002187 || ET EXPLOIT NETBIOS SMB Microsoft Windows 2000 PNP Vuln || url,isc.sans.org/diary.php?date=2005-08-14 || url,www.microsoft.com/technet/security/Bulletin/MS05-039.mspx
2002188 || ET EXPLOIT NETBIOS SMB-DS Microsoft Windows 2000 PNP Vuln || url,isc.sans.org/diary.php?date=2005-08-14 || url,www.microsoft.com/technet/security/Bulletin/MS05-039.mspx
2002192 || ET POLICY MSN status change
2002194 || ET MALWARE Pacimedia Spyware 2
2002195 || ET MALWARE Casalemedia Spyware Reporting URL Visited1
2002196 || ET MALWARE Casalemedia Spyware Reporting URL Visited2
2002199 || ET EXPLOIT SMB-DS DCERPC PnP HOD bind attempt
2002200 || ET EXPLOIT SMB-DS DCERPC PnP bind attempt
2002201 || ET EXPLOIT SMB-DS DCERPC PnP QueryResConfList exploit attempt || url,www.microsoft.com/technet/security/Bulletin/MS05-039.mspx || cve,CAN-2005-1983
2002202 || ET EXPLOIT SMB DCERPC PnP bind attempt
2002203 || ET EXPLOIT SMB DCERPC PnP QueryResConfList exploit attempt || url,www.microsoft.com/technet/security/Bulletin/MS05-039.mspx || cve,CAN-2005-1983
2002296 || ET MALWARE Searchfeed.com Spyware 1 || url,www.searchfeed.com
2002297 || ET MALWARE Searchfeed.com Spyware 2 || url,www.searchfeed.com
2002298 || ET MALWARE Searchfeed.com Spyware 3 || url,www.searchfeed.com
2002299 || ET MALWARE Searchfeed.com Spyware 4 || url,www.searchfeed.com
2002300 || ET MALWARE Searchfeed.com Spyware 5 || url,www.searchfeed.com
2002301 || ET MALWARE Searchfeed.com Spyware 6 || url,www.searchfeed.com
2002302 || ET MALWARE Searchfeed.com Spyware 7 || url,www.searchfeed.com
2002303 || ET MALWARE Searchfeed.com Spyware 8 || url,www.searchfeed.com
2002304 || ET MALWARE Advertising.com Reporting Data || url,securityresponse.symantec.com/avcenter/venc/data/adware.fastseek.html
2002305 || ET MALWARE Fun Web Products Smileychooser Spyware || url,www.funwebproducts.com
2002306 || ET MALWARE Fun Web Products Cursorchooser Spyware || url,www.funwebproducts.com
2002307 || ET MALWARE Fun Web Products Stampchooser Spyware || url,www.funwebproducts.com
2002308 || ET EXPLOIT Internet Explorer Vulnerable CLSID (Msdds.dll) || url,www.frsirt.com/exploits/20050817.IE-Msddsdll-0day.php
2002309 || ET MALWARE Metarewards Disclaimer Access
2002310 || ET MALWARE Fun Web Products Smileychooser Spyware || url,www.funwebproducts.com
2002312 || ET POLICY MSN Game Loading
2002313 || ET WEB Cacti graph_image.php Remote Command Execution Attempt || bugtraq,14042 || bugtraq,14129 || cve,CAN-2005-1524
2002314 || ET WEB PHPOutsourcing Zorum prod.php Remote Command Execution Attempt || bugtraq,14601
2002315 || ET EXPLOIT Incoming Electronic Mail for UNIX Expires Header Buffer Overflow Exploit || url,www.instinct.org/elm/ || url,www.frsirt.com/exploits/20050822.elmexploit.c.php
2002316 || ET EXPLOIT Outgoing Electronic Mail for UNIX Expires Header Buffer Overflow Exploit || url,www.instinct.org/elm/ || url,www.frsirt.com/exploits/20050822.elmexploit.c.php
2002317 || ET MALWARE EZSearch Spyware Reporting Search Strings
2002318 || ET MALWARE EZSearch Spyware Reporting Search Category
2002319 || ET MALWARE EZSearch Spyware Reporting 2
2002320 || ET MALWARE Transponder Spyware Activity || url,www.doxdesk.com/parasite/Transponder.html
2002322 || ET WORM Possible MSN Worm Exploit php
2002323 || ET WORM Possible MSN Worm Exploit exe
2002324 || ET WORM Possible MSN Worm Exploit pif
2002325 || ET WORM W32.kelvir.HI || url,securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.hi.html
2002327 || ET POLICY Google Talk (Jabber) Client Login || url,www.xmpp.org || url,talk.google.com
2002330 || ET POLICY Google Talk TLS Client Traffic || url,www.xmpp.org || url,talk.google.com
2002331 || ET WEB Piranha default passwd attempt || nessus,10381 || cve,2000-0248 || bugtraq,1148
2002332 || ET POLICY Google IM traffic Windows client user sign-on || url,www.google.com/talk
2002333 || ET POLICY Google IM traffic friend invited || url,www.google.com/talk
2002334 || ET POLICY Google IM traffic Jabber client sign-on || url,www.google.com/talk
2002335 || ET POLICY Google IM traffic Windows client user sign-off || url,www.google.com/talk
2002348 || ET MALWARE VPP Technologies Spyware
2002349 || ET MALWARE Alexa Spyware Reporting URL
2002350 || ET MALWARE VPP Technologies Spyware Reporting URL
2002351 || ET MALWARE Comet Systems Spyware Update Download
2002352 || ET MALWARE Comet Systems Spyware Context Report
2002353 || ET MALWARE AdultfriendFinder.com Spyware Iframe Download
2002354 || ET MALWARE 180solutions Spyware versionconfig POST || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html
2002361 || ET WEB Netquery Remote Command Execution Attempt || bugtraq,14373
2002362 || ET WEB Barracuda Spam Firewall img.pl Remote Command Execution Attempt || bugtraq,14712
2002363 || ET TROJAN BOT - potential reptile commands
2002364 || ET MALWARE Weatherbug Wxbug Capture
2002365 || ET WEB HP OpenView Network Node Manager Remote Command Execution Attempt || bugtraq,14662
2002371 || ET WEB_SPECIFIC Miva Merchant Cross Site Scripting Attack || url,www.frsirt.com/english/advisories/2005/1758 || url,smallbusiness.miva.com/products/mia/ || bugtraq,14828
2002376 || ET WEB IBM Lotus Domino BaseTarget XSS attempt || bugtraq,14845
2002377 || ET WEB IBM Lotus Domino Src XSS attempt || bugtraq,14846
2002380 || ET EXPLOIT Firefox Domain Name Buffer Overflow || url,www.milw0rm.com/id.php?id=1224 || url,bugzilla.mozilla.org/show_bug.cgi?id=307259 || cve,2005-2871
2002381 || ET EXPLOIT RealPlayer/Helix Player Format String Exploit || cve,2005-2710 || bugtraq,14945 || url,milw0rm.com/id.php?id=1232
2002382 || ET EXPLOIT Wzdftpd SITE command arbitrary command execution attempt || url,www.securiteam.com/exploits/5CP0R1PGUE.html || bugtraq,14935
2002383 || ET SCAN Potential FTP Brute-Force attempt
2002384 || ET TROJAN BOT - potential misc bot commands
2002385 || ET TROJAN BOT - channel topic reptile commands
2002386 || ET TROJAN BOT - channel topic misc bot commands
2002387 || ET TROJAN Mitglieder Proxy Bot Checking In || url,isc.sans.org/diary.php?storyid=722
2002388 || ET WEB vBulletin misc.php Template Name Arbitrary Code Execution || url,metasploit.com/projects/Framework/exploits.html#php_vbulletin_template || cve,2005-0511 || url,www.osvdb.org/14047
2002389 || ET EXPLOIT Vulnerable Mercury 4.01a IMAP Banner || bugtraq,11775 || url,www.pmail.com/whatsnew/m32401.htm
2002390 || ET EXPLOIT Mercury v4.01a IMAP RENAME Buffer Overflow || bugtraq,11775 || url,metasploit.com/projects/Framework/exploits.html#mercury_imap || url,www.pmail.com/whatsnew/m32401.htm
2002394 || ET MALWARE Adwave/MarketScore User Agent (WTA) || url,www.marketscore.com || url,www.adwave.com/our_mission.aspx
2002395 || ET MALWARE Miva User Agent (TPSystem) || url,www.findwhat.com || url,www.miva.com
2002396 || ET MALWARE Miva Spyware User Agent (Travel Update) || url,www.miva.com
2002397 || ET MALWARE Precision Targeting User Agent (XC) || url,www.precisiontargeting.com
2002398 || ET MALWARE DelFin Project User Agent (Dpi) || url,www.delfinproject.com
2002399 || ET MALWARE DelFin Project User Agent (PromulGate) || url,www.delfinproject.com
2002400 || ET MALWARE Suspicious User Agent (Microsoft Internet Explorer) || url,www.topinstalls.com
2002401 || ET MALWARE Web Search User Agent (ST3PS) || url,www.websearch.com
2002402 || ET MALWARE Suspicious Spyware Related User Agent (UtilMind HTTPGet) || url,www.websearch.com
2002403 || ET MALWARE Context Plus User Agent (PTS) || url,www.contextplus.net
2002404 || ET MALWARE Movies etc User Agent (IOInstall) || url,www.movies-etc.com
2002405 || ET MALWARE Internet Optimizer User Agent (ROGUE) || url,www.internet-optimizer.com
2002406 || ET EXPLOIT TAC Attack Directory Traversal || url,cirt.dk/advisories/cirt-37-advisory.pdf || url,secunia.com/advisories/16854 || cve,2005-3040
2002407 || ET POLICY WebshotsNetClient || url,www.webshots.com
2002408 || ET WEB phpMyAdmin Suspicious Activity
2002409 || ET WEB phpMyAdmin Local File Inclusion (2.6.4-pl1) || url,www.frsirt.com/english/advisories/2005/2024 || url,securityreason.com/securityalert/69
2002410 || ET POLICY SMTP Non-US Restricted Outbound
2002411 || ET POLICY SMTP Non-US Confidential Outbound
2002412 || ET POLICY SMTP Non-US Top Secret Outbound
2002413 || ET POLICY SMTP Non-US Secret
2002414 || ET POLICY SMTP NATO Restricted
2002415 || ET POLICY SMTP NATO Confidential Atomal
2002416 || ET POLICY SMTP NATO Confidential
2002417 || ET POLICY SMTP NATO COSMIC Top Secret Atomal
2002418 || ET POLICY SMTP NATO Secret Atomal
2002419 || ET POLICY SMTP NATO Secret
2002420 || ET POLICY SMTP US Confidential, Electronic
2002421 || ET POLICY SMTP US Top Secret, Electronic
2002422 || ET POLICY SMTP US Secret, Electronic
2002423 || ET POLICY SMTP US Confidential REL TO
2002424 || ET POLICY SMTP US Top Secret REL TO
2002425 || ET POLICY SMTP US Secret REL TO
2002426 || ET POLICY SMTP US Confidential COMINT
2002427 || ET POLICY SMTP US Top Secret COMINT
2002428 || ET POLICY SMTP US Secret COMINT
2002429 || ET POLICY SMTP US Unclassified COMSEC
2002430 || ET POLICY SMTP US Confidential COMSEC
2002431 || ET POLICY SMTP US Top Secret COMSEC
2002432 || ET POLICY SMTP US Secret COMSEC
2002433 || ET POLICY SMTP US Secret IMCON
2002434 || ET POLICY SMTP US Top Secret CNWDI
2002435 || ET POLICY SMTP US Secret CNWDI
2002436 || ET POLICY SMTP US Top Secret TK
2002437 || ET POLICY SMTP US Secret TK
2002438 || ET POLICY SMTP US FGI
2002439 || ET POLICY SMTP US FOUO
2002440 || ET POLICY SMTP US Confidential NOFORN
2002441 || ET POLICY SMTP US Top Secret NOFORN
2002442 || ET POLICY SMTP US Secret NOFORN
2002443 || ET POLICY SMTP US Confidential ORCON
2002444 || ET POLICY SMTP US Top Secret ORCON
2002445 || ET POLICY SMTP US Secret ORCON
2002446 || ET POLICY SMTP US Unclassified PROPIN
2002447 || ET POLICY SMTP US Confidential PROPIN
2002448 || ET POLICY SMTP US Top Secret PROPIN
2002449 || ET POLICY SMTP US Secret PROPIN
2002450 || ET POLICY SMTP US Confidential RD
2002451 || ET POLICY SMTP US Top Secret RD
2002452 || ET POLICY SMTP US Secret RD
2002453 || ET POLICY SMTP US SAMI
2002454 || ET POLICY SMTP US Confidential SPECAT
2002455 || ET POLICY SMTP US Top Secret SPECAT
2002456 || ET POLICY SMTP US Secret SPECAT
2002457 || ET POLICY SMTP US Top Secret STOP
2002458 || ET POLICY SMTP Private
2002459 || ET POLICY SMTP Restricted
2002460 || ET POLICY SMTP Confidential
2002461 || ET POLICY SMTP Secret
2002462 || ET POLICY SMTP Top Secret
2002463 || ET POLICY SMTP Sealed
2002464 || ET POLICY SMTP Sensitive
2002465 || ET POLICY SMTP Proprietary
2002466 || ET POLICY SMTP Protected
2002467 || ET POLICY SMTP Law Enorcement Sensitive
2002468 || ET POLICY SMTP Internal Use Only
2002469 || ET POLICY SMTP Date of Birth
2002470 || ET POLICY SMTP HCPCS Code
2002471 || ET POLICY SMTP ICD-10 Code
2002472 || ET POLICY SMTP FDA NDC Code
2002473 || ET POLICY SMTP ADA Procedure Code
2002474 || ET POLICY SMTP DSM-IV Code
2002475 || ET POLICY SMTP AMA CPT Code
2002477 || ET POLICY SMTP Credit Card, JCB
2002483 || ET POLICY SMTP Password
2002484 || ET POLICY SMTP Appraisal
2002485 || ET POLICY SMTP Account Balance
2002486 || ET POLICY SMTP Payment History
2002487 || ET POLICY SMTP Annual Income
2002488 || ET POLICY SMTP Credit History
2002489 || ET POLICY SMTP Transaction History
2002490 || ET POLICY SMTP Customer List
2002491 || ET EXPLOIT COM Object MS05-052 (group 1) || url,www.microsoft.com/technet/security/Bulletin/MS05-052.mspx || cve,2005-2127
2002492 || ET EXPLOIT COM Object MS05-052 (group 2) || url,www.microsoft.com/technet/security/Bulletin/MS05-052.mspx || cve,2005-2127
2002493 || ET EXPLOIT COM Object MS05-052 (group 3) || url,www.microsoft.com/technet/security/Bulletin/MS05-052.mspx || cve,2005-2127
2002494 || ET WEB Versatile Bulletin Board SQL Injection Attack || bugtraq,15068
2002495 || ET POLICY HTTP Non-US Restricted
2002496 || ET POLICY HTTP - Non-US Confidential
2002497 || ET POLICY HTTP - Non-US Top Secret
2002498 || ET POLICY HTTP - Non-US Secret
2002499 || ET POLICY HTTP - NATO Restricted
2002500 || ET POLICY HTTP - NATO Confidential Atomal
2002501 || ET POLICY HTTP - NATO Confidential
2002502 || ET POLICY HTTP - NATO COSMIC Top Secret Atomal
2002503 || ET POLICY HTTP - NATO Secret Atomal
2002504 || ET POLICY HTTP - NATO Secret
2002505 || ET POLICY HTTP - US Confidential, Electronic
2002506 || ET POLICY HTTP - US Top Secret, Electronic
2002507 || ET POLICY HTTP - US Secret, Electronic
2002508 || ET POLICY HTTP - US Confidential REL TO
2002509 || ET POLICY HTTP - US Top Secret REL TO
2002510 || ET POLICY HTTP - US Secret REL TO
2002511 || ET POLICY HTTP - US Confidential COMINT
2002512 || ET POLICY HTTP - US Top Secret COMINT
2002513 || ET POLICY HTTP - US Secret COMINT
2002514 || ET POLICY HTTP - US Unclassified COMSEC
2002515 || ET POLICY HTTP - US Confidential COMSEC
2002516 || ET POLICY HTTP - US Top Secret COMSEC
2002517 || ET POLICY HTTP - US Secret COMSEC
2002518 || ET POLICY HTTP - US Secret IMCON
2002519 || ET POLICY HTTP - US Top Secret CNWDI
2002520 || ET POLICY HTTP - US Secret CNWDI
2002521 || ET POLICY HTTP - US Top Secret TK
2002522 || ET POLICY HTTP - US Secret TK
2002523 || ET POLICY HTTP - US FGI
2002524 || ET POLICY HTTP - US FOUO
2002525 || ET POLICY HTTP - US Confidential NOFORN
2002526 || ET POLICY HTTP - US Top Secret NOFORN
2002527 || ET POLICY HTTP - US Secret NOFORN
2002528 || ET POLICY HTTP - US Top Secret ORCON
2002529 || ET POLICY HTTP - US Secret ORCON
2002530 || ET POLICY HTTP - US Unclassified PROPIN
2002531 || ET POLICY HTTP - US Confidential PROPIN
2002532 || ET POLICY HTTP - US Top Secret PROPIN
2002533 || ET POLICY HTTP - US Secret PROPIN
2002534 || ET POLICY HTTP - US Confidential RD
2002535 || ET POLICY HTTP - US Top Secret RD
2002536 || ET POLICY HTTP - US Secret RD
2002537 || ET POLICY HTTP - US SAMI
2002538 || ET POLICY HTTP - US Confidential SPECAT
2002539 || ET POLICY HTTP - US Top Secret SPECAT
2002540 || ET POLICY HTTP - US Secret SPECAT
2002541 || ET POLICY HTTP - US Top Secret STOP
2002542 || ET POLICY HTTP - Private
2002543 || ET POLICY HTTP - Restricted
2002544 || ET POLICY HTTP - Confidential
2002545 || ET POLICY HTTP - Secret
2002546 || ET POLICY HTTP - Top Secret
2002547 || ET POLICY HTTP - Sealed
2002548 || ET POLICY HTTP - Sensitive
2002549 || ET POLICY HTTP - Proprietary
2002550 || ET POLICY HTTP - Protected
2002551 || ET POLICY HTTP - Law Enorcement Sensitive
2002552 || ET POLICY HTTP - Internal Use Only
2002553 || ET POLICY HTTP - Date of Birth
2002554 || ET POLICY HTTP - HCPCS Code
2002555 || ET POLICY HTTP - ICD-10 Code
2002556 || ET POLICY HTTP - FDA NDC Code
2002557 || ET POLICY HTTP - ADA Procedure Code
2002558 || ET POLICY HTTP - DSM-IV Code
2002559 || ET POLICY HTTP - AMA CPT Code
2002561 || ET POLICY HTTP - Credit Card, JCB
2002567 || ET POLICY HTTP - Password
2002568 || ET POLICY HTTP - Appraisal
2002569 || ET POLICY HTTP - Account Balance
2002570 || ET POLICY HTTP - Payment History
2002571 || ET POLICY HTTP - Annual Income
2002572 || ET POLICY HTTP - Credit History
2002573 || ET POLICY HTTP - Transaction History
2002574 || ET POLICY HTTP - Customer List
2002575 || ET POLICY High Ports -  Non-US Restricted
2002576 || ET POLICY High Ports -  Non-US Confidential
2002577 || ET POLICY High Ports -  Non-US Top Secret
2002578 || ET POLICY High Ports -  Non-US Secret
2002579 || ET POLICY High Ports -  NATO Restricted
2002580 || ET POLICY High Ports -  NATO Confidential Atomal
2002581 || ET POLICY High Ports -  NATO Confidential
2002582 || ET POLICY High Ports -  NATO COSMIC Top Secret Atomal
2002583 || ET POLICY High Ports -  NATO Secret Atomal
2002584 || ET POLICY High Ports -  NATO Secret
2002585 || ET POLICY High Ports -  US Confidential, Electronic
2002586 || ET POLICY High Ports -  US Top Secret, Electronic
2002587 || ET POLICY High Ports -  US Secret, Electronic
2002588 || ET POLICY High Ports -  US Confidential REL TO
2002589 || ET POLICY High Ports -  US Top Secret REL TO
2002590 || ET POLICY High Ports -  US Secret REL TO
2002591 || ET POLICY High Ports -  US Confidential COMINT
2002592 || ET POLICY High Ports -  US Top Secret COMINT
2002593 || ET POLICY High Ports -  US Secret COMINT
2002594 || ET POLICY High Ports -  US Unclassified COMSEC
2002595 || ET POLICY High Ports -  US Confidential COMSEC
2002596 || ET POLICY High Ports -  US Top Secret COMSEC
2002597 || ET POLICY High Ports -  US Secret COMSEC
2002598 || ET POLICY High Ports -  US Secret IMCON
2002599 || ET POLICY High Ports -  US Top Secret CNWDI
2002600 || ET POLICY High Ports -  US Secret CNWDI
2002601 || ET POLICY High Ports -  US Top Secret TK
2002602 || ET POLICY High Ports -  US Secret TK
2002603 || ET POLICY High Ports -  US FGI
2002604 || ET POLICY High Ports -  US FOUO
2002605 || ET POLICY High Ports -  US Confidential NOFORN
2002606 || ET POLICY High Ports -  US Top Secret NOFORN
2002607 || ET POLICY High Ports -  US Secret NOFORN
2002608 || ET POLICY High Ports -  US Confidential ORCON
2002609 || ET POLICY High Ports -  US Top Secret ORCON
2002610 || ET POLICY High Ports -  US Secret ORCON
2002611 || ET POLICY High Ports -  US Unclassified PROPIN
2002612 || ET POLICY High Ports -  US Confidential PROPIN
2002613 || ET POLICY High Ports -  US Top Secret PROPIN
2002614 || ET POLICY High Ports -  US Secret PROPIN
2002615 || ET POLICY High Ports -  US Confidential RD
2002616 || ET POLICY High Ports -  US Top Secret RD
2002617 || ET POLICY High Ports -  US Secret RD
2002618 || ET POLICY High Ports -  US SAMI
2002619 || ET POLICY High Ports -  US Confidential SPECAT
2002620 || ET POLICY High Ports -  US Top Secret SPECAT
2002621 || ET POLICY High Ports -  US Secret SPECAT
2002622 || ET POLICY High Ports -  US Top Secret STOP
2002623 || ET POLICY High Ports -  Private
2002624 || ET POLICY High Ports -  Restricted
2002625 || ET POLICY High Ports -  Confidential
2002626 || ET POLICY High Ports -  Secret
2002627 || ET POLICY High Ports -  Top Secret
2002628 || ET POLICY High Ports -  Sealed
2002629 || ET POLICY High Ports -  Sensitive
2002630 || ET POLICY High Ports -  Proprietary
2002631 || ET POLICY High Ports -  Protected
2002632 || ET POLICY High Ports -  Law Enorcement Sensitive
2002633 || ET POLICY High Ports -  Internal Use Only
2002634 || ET POLICY High Ports -  Date of Birth
2002635 || ET POLICY High Ports -  HCPCS Code
2002636 || ET POLICY High Ports -  ICD-10 Code
2002637 || ET POLICY High Ports -  FDA NDC Code
2002638 || ET POLICY High Ports -  ADA Procedure Code
2002639 || ET POLICY High Ports -  DSM-IV Code
2002640 || ET POLICY High Ports -  AMA CPT Code
2002642 || ET POLICY High Ports -  Credit Card, JCB
2002648 || ET POLICY High Ports -  Password
2002649 || ET POLICY High Ports -  Appraisal
2002650 || ET POLICY High Ports -  Account Balance
2002651 || ET POLICY High Ports -  Payment History
2002652 || ET POLICY High Ports -  Annual Income
2002653 || ET POLICY High Ports -  Credit History
2002654 || ET POLICY High Ports -  Transaction History
2002655 || ET POLICY High Ports -  Customer List
2002656 || ET EXPLOIT malformed Sack - Snort DoS-by-$um$id
2002658 || ET POLICY EIN in the clear (US-IRS Employer ID Number) || url,policy.ssa.gov/poms.nsf/lnx/0101001001?opendocument || url,policy.ssa.gov/poms.nsf/lnx/0101001004
2002659 || ET CHAT Yahoo IM Client Install
2002660 || ET WEB RSA Web Auth Exploit Attempt - Long URL || url,www.metasploit.com/projects/Framework/modules/exploits/rsa_iiswebagent_redirect.pm || url,secunia.com/advisories/17281
2002662 || ET WEB TWiki INCLUDE remote command execution attempt || bugtraq,14960
2002663 || ET WEB_SPECIFIC e107 resetcore.php SQL Injection attempt || bugtraq,15125
2002664 || ET SCAN Nessus User Agent || url,www.nessus.org
2002667 || ET WEB sumthin scan || url,www.webmasterworld.com/forum11/2100.htm
2002668 || ET WEB_SPECIFIC CutePHP CuteNews directory traversal vulnerability - show_news || bugtraq,15295
2002671 || ET WEB_SPECIFIC Galerie ShowGallery.php SQL Injection attempt || bugtraq,15313
2002673 || ET P2P MS Foldershare Login Detected || url,www.foldershare.com
2002674 || ET MALWARE Sony DRM Reporting 2 || url,www.sysinternals.com/blog/2005/11/more-on-sony-dangerous-decloaking.html
2002675 || ET MALWARE Sony DRM Reporting 1 || url,www.sysinternals.com/blog/2005/11/more-on-sony-dangerous-decloaking.html
2002676 || ET POLICY nstx DNS Tunnel Outbound || url,nstx.dereference.de/nstx || url,savannah.nongnu.org/projects/nstx/
2002677 || ET SCAN Nikto Web App Scan in Progress || url,www.cirt.net/code/nikto.shtml
2002678 || ET WEB_SPECIFIC Cyphor show.php SQL injection attempt || bugtraq,15418
2002679 || ET MALWARE Sony DRM Related - CodeSupport ActiveX Attempt || url,www.hack.fi/~muzzy/sony-drm/ || url,www.frsirt.com/english/advisories/2005/2454
2002680 || ET MALWARE Sony DRM - Uninstaller CLSID || url,www.microsoft.com/technet/security/bulletin/ms05-054.mspx || url,www.frsirt.com/english/advisories/2005/2493 || url,www.freedom-to-tinker.com/?p=931
2002681 || ET WEB_SPECIFIC Mambo Exploit || url,www.us-cert.gov/cas/bulletins/SB07-106.html || url,isc.sans.org/diary.php?storyid=869 || url,seclists.org/lists/fulldisclosure/2005/Nov/0528.html
2002682 || ET EXPLOIT Microsoft Internet Explorer Window() Possible Code Execution || cve,2005-1790 || url,www.computerterrorism.com/research/ie/ct21-11-2005 || url,secunia.com/advisories/15546
2002683 || ET WORM shell bot perl code download
2002684 || ET WORM Shell Bot Code Download
2002685 || ET WEB Barracuda Spam Firewall img.pl Remote Directory Traversal Attempt || bugtraq,14710
2002695 || ET VIRUS Generic Downloader Outbound HTTP connection - Downloading Code
2002697 || ET EXPLOIT CVSTrac filediff Arbitrary Remote Code Execution || cve,2004-1456 || bugtraq,10878
2002702 || ET EXPLOIT OSTicket Remote Code Execution Attempt || cve,CAN-2005-1439 || cve,CAN-2005-1438 || url,www.gulftech.org/?node=research&article_id=00071-05022005 || url,secunia.com/advisories/15216
2002703 || ET EXPLOIT GuppY error.php Arbitrary Remote Code Execution || bugtraq,15609
2002704 || ET POLICY HTTP - US Confidential ORCON
2002707 || ET MALWARE iframebiz - adv***.php || url,isc.sans.org/diary.php?storyid=868 || url,iframecash.biz
2002708 || ET MALWARE iframebiz - sploit.anr || url,isc.sans.org/diary.php?storyid=868 || url,iframecash.biz
2002709 || ET MALWARE iframebiz - loaderadv***.jar || url,isc.sans.org/diary.php?storyid=868 || url,iframecash.biz
2002710 || ET MALWARE iframebiz - loadadv***.exe || url,isc.sans.org/diary.php?storyid=868 || url,iframecash.biz
2002711 || ET WEB includer.cgi Remote Command Execution Attempt || url,isc.sans.org/diary.php?storyid=823
2002721 || ET WEB Cisco IOS HTTP set enable password attack || url,www.infohacking.com/INFOHACKING_RESEARCH/Our_Advisories/cisco/index.html || bugtraq,15602 || cve,2005-3921
2002722 || ET POLICY MP3 File Transfer Outbound || url,filext.com/detaillist.php?extdetail=mp3&Search=Search
2002723 || ET POLICY MP3 File Transfer Inbound || url,filext.com/detaillist.php?extdetail=mp3&Search=Search
2002724 || ET EXPLOIT MciWndx ActiveX Control || url,www.microsoft.com/technet/security/bulletin/ms05-054.mspx
2002725 || ET EXPLOIT COM Object Instantiation Memory Corruption Vulnerability MS05-054 || url,www.microsoft.com/technet/security/bulletin/ms05-054.mspx || cve,2005-2831
2002728 || ET TROJAN Ransky or variant backdoor communication ping || url,www.sophos.com/virusinfo/analyses/trojranckcx.html
2002729 || ET POLICY Outbound Hamachi VPN Connection Attempt || url,www.hamachi.cc
2002730 || ET WEB PHPGedView Remote Script Code Execution attempt || bugtraq,15983
2002731 || ET WEB PHP Generic phpbb arbitrary command attempt || url,cve.mitre.org/cgi-bin/cvekey.cgi?keyword=phpbb_root_path
2002733 || ET EXPLOIT WMF Escape Record Exploit - All Ports - v3 || url,www.frsirt.com/english/advisories/2005/3086
2002734 || ET EXPLOIT WMF Exploit || url,www.frsirt.com/exploits/20051228.ie_xp_pfv_metafile.pm.php
2002735 || ET MALWARE Zenotecnico Adware 2 || url,www.zenotecnico.com
2002736 || ET MALWARE Trafficsector.com Spyware Install
2002737 || ET MALWARE Zenotecnico Spyware Install Report || url,www.zenotecnico.com
2002738 || ET MALWARE SurfSidekick Activity (rinfo) || url,securityresponse.symantec.com/avcenter/venc/data/adware.surfsidekick.html
2002739 || ET MALWARE iDownloadAgent Spyware User Agent
2002740 || ET MALWARE adservs.com Spyware
2002741 || ET EXPLOIT WMF Escape Record Exploit - Web Only - version 3 || url,www.frsirt.com/english/advisories/2005/3086
2002742 || ET EXPLOIT WMF Escape Record Exploit - Version 3 || url,www.frsirt.com/english/advisories/2005/3086
2002743 || ET EXPLOIT WMF Escape Record Exploit - Web Only - all versions || url,www.frsirt.com/english/advisories/2005/3086
2002749 || ET POLICY Reserved IP Space Traffic - Bogon Nets 1 || url,www.cymru.com/Documents/bogon-list.html
2002750 || ET POLICY Reserved IP Space Traffic - Bogon Nets 2 || url,www.cymru.com/Documents/bogon-list.html
2002751 || ET POLICY Reserved IP Space Traffic - Bogon Nets 3 || url,www.cymru.com/Documents/bogon-list.html
2002752 || ET POLICY Reserved Internal IP Traffic || url,www.cymru.com/Documents/bogon-list.html
2002757 || ET EXPLOIT WMF Escape Record Exploit - Web Only - version 1 || url,www.frsirt.com/english/advisories/2005/3086
2002758 || ET EXPLOIT WMF Escape Record Exploit - Version 1 || url,www.frsirt.com/english/advisories/2005/3086
2002759 || ET EXPLOIT WMF Escape Record Exploit - All Ports - v1 || url,www.frsirt.com/english/advisories/2005/3086
2002760 || ET P2P GnucDNA UDP Ultrapeer Traffic
2002761 || ET P2P Gnutella TCP Ultrapeer Traffic
2002762 || ET TROJAN Torpig Reporting User Activity (x25) || url,www.sophos.com/virusinfo/analyses/trojtorpigr.html
2002763 || ET TROJAN Dumador Reporting User Activity || url,www.norman.com/Virus/Virus_descriptions/24279/
2002764 || ET EXPLOIT WinProxy Host port buffer overflow || bugtraq,16147 || cve,2005-4085
2002765 || ET MALWARE Corpsespyware.net BlackListed Malicious Domain - google.vc || url,www.securityfocus.com/infocus/1745
2002766 || ET MALWARE Corpsespyware.net BlackList - pcpeek || url,www.securityfocus.com/infocus/1745
2002767 || ET MALWARE Corpsespyware.net Distribution - bos.biz || url,www.securityfocus.com/infocus/1745
2002768 || ET MALWARE Corpsespyware.net Distribution - fesexy || url,www.securityfocus.com/infocus/1745
2002769 || ET MALWARE Corpsespyware.net Distribution - studiolacase || url,www.securityfocus.com/infocus/1745
2002770 || ET MALWARE Corpsespyware.net - msits.exe access || url,www.securityfocus.com/infocus/1745
2002771 || ET MALWARE Corpsespyware.net - msys.exe access || url,www.securityfocus.com/infocus/1745
2002773 || ET TROJAN FSG Packed Binary via HTTP Inbound || url,www.securityfocus.com/infocus/1745
2002774 || ET MALWARE Corpsespyware.net Blind Data Upload || url,www.securityfocus.com/infocus/1745
2002775 || ET TROJAN Goldun Reporting User Activity || url,www.avira.com/en/threats/TR_Spy_Goldun_de_1_details.html
2002776 || ET TROJAN SickleBot Reporting User Activity
2002777 || ET WEB Light Weight Calendar 'date' Arbitrary Remote Code Execution
2002780 || ET TROJAN Goldun Reporting User Activity 2 || url,www.avira.com/en/threats/TR_Spy_Goldun_de_1_details.html
2002781 || ET TROJAN w32agent.dsi Posting Info || url,nepenthes.sourceforge.net/analysis\:w32agent.dsi
2002782 || ET TROJAN w32agent.dsi Domain Update || url,nepenthes.sourceforge.net/analysis\:w32agent.dsi
2002783 || ET EXPLOIT Java runtime.exec() call || url,www.mullingsecurity.com
2002784 || ET EXPLOIT Java private function call sun.misc.unsafe || url,www.mullingsecurity.com
2002785 || ET EXPLOIT Java field reflector call java.lang.reflect.field || url,www.mullingsecurity.com
2002786 || ET EXPLOIT Javascript unsafe applet call || url,www.mullingsecurity.com
2002787 || ET EXPLOIT Javascript Securitymanager class applet call || url,www.mullingsecurity.com
2002790 || ET TROJAN Haxdoor Reporting User Activity || url,www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_HAXDOOR.DI
2002791 || ET EXPLOIT MISC Computer Associates Negative Content-Length Buffer Overflow || cve,2005-3653 || bugtraq,16354
2002792 || ET TROJAN Win32.Agent Reporting User Activity
2002796 || ET POLICY X-Box Live Connecting || url,www.microsoft.com/xbox/
2002799 || ET EXPLOIT MS05-005 Office XP .rtf Remote Code Attempt || url,www.frsirt.com/english/advisories/2005/0119 || cve,2004-0848
2002800 || ET WEB_SPECIFIC PHP PHPNuke Remote File Inclusion Attempt || url,www.zone-h.org/en/advisories/read/id=8694/
2002801 || ET WEB_SPECIFIC Google Desktop User-Agent Detected || url,news.com.com/2100-1032_3-6038197.html
2002802 || ET EXPLOIT Windows Media Player parsing BMP file with 0 size offset to start of image || bugtraq,16633 || cve,2006-0006 || url,www.microsoft.com/technet/security/Bulletin/MS06-005.mspx || url,www.milw0rm.com/id.php?id=1500
2002803 || ET EXPLOIT BMP with invalid bfOffBits || bugtraq,16633 || cve,2006-0006 || url,www.microsoft.com/technet/security/Bulletin/ms06-005.mspx
2002804 || ET MALWARE Spyaxe Spyware DB Update
2002805 || ET MALWARE Spyaxe Spyware DB Version Check
2002806 || ET MALWARE Spyaxe Spyware Checkin
2002807 || ET MALWARE Spyaxe Spyware User Agent
2002808 || ET MALWARE Spyaxe Spyware User Agent 2
2002809 || ET ATTACK RESPONSE Hostile FTP Server Banner (StnyFtpd)
2002810 || ET ATTACK RESPONSE Hostile FTP Server Banner (Reptile)
2002811 || ET ATTACK RESPONSE Hostile FTP Server Banner (Bot Server)
2002812 || ET TROJAN PWS-LDPinch Reporting User Activity
2002814 || ET P2P Direct Connect Traffic (client-server) || url,en.wikipedia.org/wiki/Direct_connect_file-sharing_application
2002815 || ET WEB_SPECIFIC Plume CMS prepend.php Remote File Inclusion attempt || nessus,20972 || bugtraq,16662 || cve,CVE-2006-0725
2002816 || ET MALWARE DelFin Project Spyware (payload)
2002817 || ET MALWARE DelFin Project Spyware (setup)
2002818 || ET MALWARE MyWebSearch Toolbar Traffic (general download)
2002819 || ET MALWARE MyWebSearch Toolbar Traffic (bin download)
2002820 || ET MALWARE Hotbar Agent Subscription POST || url,www.hotbar.com
2002821 || ET MALWARE SideStep Bar Reporting Data (sbstart) || url,www.spyany.com/program/article_spw_rm_SideStep.html || url,www.sidestep.com
2002822 || ET POLICY Wget User Agent || url,www.gnu.org/software/wget
2002823 || ET POLICY POSSIBLE Web Crawl using Wget || url,www.gnu.org/software/wget/
2002824 || ET POLICY CURL User Agent || url,curl.haxx.se
2002825 || ET POLICY POSSIBLE Web Crawl using Curl || url,curl.haxx.se
2002826 || ET POLICY fetch User Agent || url,gobsd.com/code/freebsd/lib/libfetch
2002827 || ET POLICY POSSIBLE Crawl using Fetch || url,gobsd.com/code/freebsd/lib/libfetch
2002828 || ET POLICY googlebot User Agent || url,www.google.com/webmasters/bot.html
2002829 || ET POLICY Googlebot Crawl || url,www.google.com/webmasters/bot.html
2002830 || ET POLICY msnbot User Agent || url,search.msn.com/msnbot.htm
2002831 || ET POLICY Msnbot Crawl || url,search.msn.com/msnbot.htm
2002832 || ET POLICY Yahoo Crawler User Agent || url,mms-mmcrawler-support@yahoo-inc.com
2002833 || ET POLICY Yahoo Crawler Crawl || url,mms-mmcrawler-support@yahoo-inc.com
2002836 || ET MALWARE MyWebSearch Toolbar Traffic (bar config download)
2002837 || ET WEB PmWiki Globals Variables Overwrite Attempt || nessus,20891 || bugtraq,16421 || cve,CVE-2006-0479
2002838 || ET Google Search Appliance browsing the Internet || url,www.google.com/enterprise/gsa/index.html
2002839 || ET MALWARE My Search Spyware Config Download
2002840 || ET MALWARE Freeze.com Spyware/Adware (Install)
2002841 || ET MALWARE Freeze.com Spyware/Adware (Install Registration)
2002842 || ET SCAN MYSQL 4.1 brute force root login attempt || url,www.redferni.uklinux.net/mysql/MySQL-Protocol.html
2002843 || ET DOS Microsoft Streaming Server Malformed Request || url,www.microsoft.com/technet/security/bulletin/ms00-038.mspx || bugtraq,1282
2002844 || ET WEB WebDAV search overflow || cve,2003-0109
2002845 || ET EXPLOIT MSSQL Hello Overflow Attempt || bugtraq,5411 || cve,2002-1123
2002846 || ET WEB Minishare GET Overflow || bugtraq,11620 || cve,2004-2271
2002847 || ET WEB WebAdmin User Overflow || cve,2003-471
2002848 || ET EXPLOIT SIP UDP Softphone INVITE overflow || cve,2006-0189 || bugtraq,16213
2002849 || ET WEB-MISC Google Appliance External Proxy Stylesheet || cve,2005-3758 || bugtraq,15509
2002850 || ET FTP USER login flowbit
2002851 || ET FTP HP-UX LIST command without login || bugtraq,15138 || cve,2005-3296
2002852 || ET EXPLOIT HP-UX Printer LPD Command Insertion || bugtraq,15136 || cve,2005-3277
2002853 || ET DOS FreeBSD NFS RPC Kernel Panic || bugtraq,19017 || cve,2006-0900
2002854 || ET TROJAN Gozi/Orderjack Reporting User Activity || url,www.avira.com/en/threats/section/fulldetails/id_vir/1724/tr_dldr.orderjack.a.html || url,www.secureworks.com/research/threats/gozi
2002855 || ET GAMES Blizzard Downloader || url,www.worldofwarcraft.com/info/faq/blizzarddownloader.html
2002856 || ET MALWARE Suspicious POST to ROBOTS.TXT
2002857 || ET TROJAN Win32.VB.aie Reporting User Activity
2002858 || ET MALWARE Fun Web Products StationaryChooser Spyware || url,www.funwebproducts.com
2002859 || ET TROJAN PassSickle Reporting User Activity
2002860 || ET EXPLOIT Internet Explorer createTextRange Code Execution || cve,2006-1359 || bugtraq,17196
2002861 || ET EXPLOIT Danim.dll and Dxtmsft.dll COM Objects || url,www.microsoft.com/technet/security/bulletin/ms06-013.mspx || cve,2006-1186
2002862 || ET EXPLOIT PeerCast Url Overflow || bugtraq,17040 || cve,2006-1148
2002863 || ET WEB osCommerce vulnerable web application extras update.php exists || url,retrogod.altervista.org/oscommerce_22_adv.html
2002864 || ET WEB osCommerce extras/update.php disclosure || url,retrogod.altervista.org/oscommerce_22_adv.html
2002865 || ET WEB MISC Novell GroupWise Messenger Accept Language Buffer Overflow || bugtraq,17503 || cve,2006-0992
2002866 || ET POLICY Winpcap Installation in Progress || url,www.winpcap.org
2002867 || ET WEB Horde 3.0.9-3.1.0 Help Viewer Remote PHP Exploit || bugtraq,17292 || cve,2006-1491 || url,www.milw0rm.com/exploits/1660
2002868 || ET WEB Horde Web Mail Help Access || bugtraq,17292 || cve,2006-1491
2002869 || ET WEB WebAttacker kit (exploit1 ie0601)
2002870 || ET WEB WebAttacker kit (exploit ie0604)
2002871 || ET WEB WebAttacker kit (bug ie0604)
2002872 || ET POLICY Myspace Login Attempt
2002874 || ET MALWARE Metafisher/Goldun z User Agent
2002876 || ET MALWARE Small-EM/Divo/PassSickle User Agent
2002877 || ET MALWARE BankSnif/Nethelper User Agent
2002878 || ET POLICY iTunes User Agent || url,hcsoftware.sourceforge.net/jason-rohrer/itms4all/
2002879 || ET WEB_SPECIFIC PHP phpMyAgenda rootagenda Remote File Include Attempt || bugtraq,17670 || cve,2006-2009
2002880 || ET SNMP Cisco Non-Trap PDU request on SNMPv1 trap port || bugtraq,10186 || cve,2004-0714
2002881 || ET SNMP Cisco Non-Trap PDU request on SNMPv2 trap port || bugtraq,10186 || cve,2004-0714
2002882 || ET SNMP Cisco Non-Trap PDU request on SNMPv3 trap port || bugtraq,10186 || cve,2004-0714
2002886 || ET EXPLOIT SYS get_domain_index_metadata Privilege Escalation Attempt || bugtraq,17699
2002887 || ET EXPLOIT SYS get_domain_index_tables Access || bugtraq,17699
2002888 || ET EXPLOIT SYS get_v2_domain_index_tables Privilege Escalation Attempt || bugtraq,17699
2002889 || ET WEB JuniperSetup Control Buffer Overflow || url,www.eeye.com/html/research/advisories/AD20060424.html
2002892 || ET VIRUS Mytob.X [clam] SMTP Inbound || url,www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=42326
2002893 || ET VIRUS Mytob.X [clam] SMTP Outbound || url,www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=42326
2002894 || ET VIRUS W32.Nugache SMTP Inbound || url,www.symantec.com/avcenter/venc/data/w32.nugache.a@mm.html
2002895 || ET VIRUS W32.Nugache SMTP Outbound || url,www.symantec.com/avcenter/venc/data/w32.nugache.a@mm.html
2002896 || ET EXPLOIT Symantec Scan Engine Request Password Hash || bugtraq,17637 || cve,2006-0230
2002897 || ET WEB Horde README access probe || url,csirt.terradon.com/postarchive.php?month=4&year=2006#article28 || cve,CVE-2006-1491
2002898 || ET WEB_SPECIFIC PHP Web Calendar Remote File Inclusion Attempt || cve,2005-2717 || bugtraq,14651
2002899 || ET WEB_SPECIFIC PHP VWar Remote File Inclusion get_header.php || bugtraq,17358 || cve,2006-1636 || url,www.milw0rm.com/exploits/1632
2002900 || ET WEB CGI AWstats Migrate Command Attempt || bugtraq,17844
2002901 || ET WEB_SPECIFIC PHP Aardvark Topsites PHP CONFIG[PATH] Remote File Include Attempt || url,www.osvdb.org/25158 || cve,CVE-2006-2149
2002902 || ET WEB_SPECIFIC PHP VWar Remote File Inclusion functions_install.php || bugtraq,17290 || cve,2006-1503
2002903 || ET EXPLOIT x86 PexFnstenvMov/Sub Encoder
2002904 || ET EXPLOIT x86 Alpha2 GetEIPs Encoder
2002905 || ET EXPLOIT x86 Countdown Encoder
2002906 || ET EXPLOIT x86 PexAlphaNum Encoder
2002907 || ET EXPLOIT x86 PexCall Encoder
2002908 || ET EXPLOIT x86 JmpCallAdditive Encoder
2002910 || ET SCAN Potential VNC Scan 5800-5820
2002911 || ET SCAN Potential VNC Scan 5900-5920
2002912 || ET EXPLOIT VNC Possible Vulnerable Server Response || cve,2006-2369 || url,www.cl.cam.ac.uk/Research/DTG/attarchive/vnc/rfbproto.pdf
2002913 || ET EXPLOIT VNC Client response || url,www.cl.cam.ac.uk/Research/DTG/attarchive/vnc/rfbproto.pdf
2002914 || ET EXPLOIT VNC Server VNC Auth Offer || url,www.cl.cam.ac.uk/Research/DTG/attarchive/vnc/rfbproto.pdf
2002915 || ET EXPLOIT VNC Authentication Reply || url,www.cl.cam.ac.uk/Research/DTG/attarchive/vnc/rfbproto.pdf
2002916 || ET EXPLOIT RealVNC Authentication Bypass Attempt || cve,2006-2369 || url,www.cl.cam.ac.uk/Research/DTG/attarchive/vnc/rfbproto.pdf || url,archives.neohapsis.com/archives/fulldisclosure/2006-05/0356.html || url,secunia.com/advisories/20107/
2002917 || ET EXPLOIT RealVNC Server Authentication Bypass Successful || cve,2006-2369 || url,archives.neohapsis.com/archives/fulldisclosure/2006-05/0356.html || url,secunia.com/advisories/20107/
2002918 || ET EXPLOIT VNC Server VNC Auth Offer - No Challenge string || url,www.cl.cam.ac.uk/Research/DTG/attarchive/vnc/rfbproto.pdf
2002919 || ET EXPLOIT VNC Good Authentication Reply || url,www.cl.cam.ac.uk/Research/DTG/attarchive/vnc/rfbproto.pdf
2002920 || ET POLICY VNC Authentication Failure || url,www.cl.cam.ac.uk/Research/DTG/attarchive/vnc/rfbproto.pdf
2002921 || ET EXPLOIT VNC Multiple Authentication Failures || url,www.cl.cam.ac.uk/Research/DTG/attarchive/vnc/rfbproto.pdf
2002922 || ET POLICY VNC Authentication Successful || url,www.cl.cam.ac.uk/Research/DTG/attarchive/vnc/rfbproto.pdf
2002923 || ET EXPLOIT VNC Server Not Requiring Authentication (case 2) || cve,2006-2369 || url,www.cl.cam.ac.uk/Research/DTG/attarchive/vnc/rfbproto.pdf
2002924 || ET EXPLOIT VNC Server Not Requiring Authentication || cve,2006-2369 || url,www.cl.cam.ac.uk/Research/DTG/attarchive/vnc/rfbproto.pdf
2002925 || ET INAPPROPRIATE Google Image Search, Safe Mode Off
2002926 || ET SNMP Cisco Non-Trap PDU request on SNMPv1 random port || bugtraq,10186 || cve,2004-0714
2002927 || ET SNMP Cisco Non-Trap PDU request on SNMPv2 random port || bugtraq,10186 || cve,2004-0714
2002928 || ET SNMP Cisco Non-Trap PDU request on SNMPv3 random port || bugtraq,10186 || cve,2004-0714
2002929 || ET TROJAN Haxdoor Reporting User Activity 2
2002931 || ET MALWARE CWS Trafcool.biz Related Installer || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453076035
2002932 || ET MALWARE CWS Related Installer || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453076035
2002933 || ET MALWARE CWS Spy-Sheriff.com Infeced Buy Page Request || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453076035
2002934 || ET POLICY libwww-perl User Agent || url,www.linpro.no/lwp/
2002935 || ET POLICY libwww-perl User Agent || url,www.linpro.no/lwp/
2002937 || ET WEB WebAttacker kit (ie0606)
2002938 || ET TROJAN elitekeylogger v1.0 reporting - Inbound
2002940 || ET TROJAN XP keylogger v2.1 mail report - Inbound
2002941 || ET TROJAN elitekeylogger v1.0 reporting - Outbound
2002942 || ET TROJAN XP keylogger v2.1 mail report - Outbound
2002943 || ET POLICY python.urllib User Agent Web Crawl || url,docs.python.org/lib/module-urllib.html
2002944 || ET POLICY python.urllib User Agent || url,docs.python.org/lib/module-urllib.html
2002945 || ET POLICY Java Url Lib User Agent Web Crawl || url,www.mozilla.org/docs/netlib/seealso/netmods.html
2002946 || ET POLICY Java Url Lib User Agent || url,www.mozilla.org/docs/netlib/seealso/netmods.html
2002947 || ET WEB MISC PunkBuster Server webkey Buffer Overflow || url,aluigi.altervista.org/adv/pbwebbof-adv.txt
2002948 || ET POLICY External Windows Update in Progress || url,windowsupdate.microsoft.com
2002949 || ET POLICY Windows Update in Progress || url,windowsupdate.microsoft.com
2002950 || ET POLICY TOR 1.0 Server Key Retrieval || url,tor.eff.org
2002951 || ET POLICY TOR 1.0 Status Update || url,tor.eff.org
2002952 || ET POLICY TOR 1.0 Inbound Circuit Traffic || url,tor.eff.org
2002953 || ET POLICY TOR 1.0 Outbound Circuit Traffic || url,tor.eff.org
2002954 || ET MALWARE Bravesentry.com Fake Antispyware Download || url,research.sunbelt-software.com/threatdisplay.aspx?name=BraveSentry&threatid=44152 || url,www.bravesentry.com
2002955 || ET MALWARE Bestcount.net Spyware Checkin || url,reports.internic.net/cgi/whois?whois_nic=bestcount.net&type=domain
2002956 || ET MALWARE Bestcount.net Spyware Downloading vxgame || url,reports.internic.net/cgi/whois?whois_nic=bestcount.net&type=domain
2002957 || ET MALWARE Bestcount.net Spyware Initial Infection Download || url,reports.internic.net/cgi/whois?whois_nic=bestcount.net&type=domain
2002959 || ET TROJAN Tibs Checkin
2002960 || ET TROJAN Tibs Download
2002961 || ET TROJAN Tibs Checkin 2
2002962 || ET TROJAN Tibs Code Download
2002963 || ET TROJAN Generic Spambot-Spyware Access
2002964 || ET TROJAN Generic Spyware Update Download
2002965 || ET TROJAN Generic Spambot Spam Download
2002966 || ET MALWARE Elitemediagroup.net Spyware Config Download || url,elitemediagroup.net
2002967 || ET MALWARE Dollarrevenue.com Spyware Code Download || url,dollarrevenue.com
2002968 || ET MALWARE Matcash.com Spyware Code Download || url,matcash.com
2002969 || ET POLICY Microsoft BITS User Agent || url,au.download.windowsupdate.com
2002970 || ET MALWARE VB WinHTTP User Agent - Possible Malware
2002971 || ET EXPLOIT Wmm2fxa.dll COM Object Instantiation Memory Corruption || url,www.microsoft.com/technet/security/bulletin/ms06-021.mspx || bugtraq,18328 || cve,2006-1303
2002972 || ET WEB PHP ZeroBoard .htaccess upload || url,secunia.com/advisories/20592/
2002973 || ET SCAN Behavioral Unusual Port 3127 traffic, Potential Scan or Backdoor
2002974 || ET TROJAN Backdoor.Hupigon Possible Control Connection Being Established || url,www.avira.com/en/threats/section/fulldetails/id_vir/1051/bds_hupigon.bo.html
2002975 || ET TROJAN Backdoor.Hupigon INFECTION - Reporting Host Type || url,www.avira.com/en/threats/section/fulldetails/id_vir/1051/bds_hupigon.bo.html
2002976 || ET TROJAN Banker.Delf Infection - Sending Initial Email to Owner || url,www.avira.com/en/threats/section/details/id_vir/1836/tr_banker.delf.df735649.html
2002977 || ET TROJAN Banload Downloader Infection - Sending initial email to owner || url,www.viruslist.com/en/viruses/encyclopedia?virusid=95586
2002978 || ET TROJAN Banker.Delf Infection variant 2 - Sending Initial Email to Owner || url,www.avira.com/en/threats/section/details/id_vir/1836/tr_banker.delf.df735649.html
2002979 || ET POLICY SC-KeyLog Keylogger Installed - Sending Initial Email Report || url,www.soft-central.net/keylog.php
2002980 || ET TROJAN Banker.Delf Infection variant 3 - Sending Initial Email to Owner || url,www.avira.com/en/threats/section/details/id_vir/1836/tr_banker.delf.df735649.html
2002981 || ET TROJAN Banker.Delf Infection variant 4 - Sending Initial Email to Owner || url,www.avira.com/en/threats/section/details/id_vir/1836/tr_banker.delf.df735649.html
2002982 || ET TROJAN GENERAL Possible Trojan Sending Initial Email to Owner - INFECTADO
2002983 || ET TROJAN GENERAL Possible Trojan Sending Initial Email to Owner - SUCCESSO
2002984 || ET MALWARE SpySherriff Spyware Activity
2002986 || ET POLICY ICQ Install Direct download - Not normal mode of install
2002987 || ET MALWARE Jupitersatellites.biz Spyware Download
2002988 || ET MALWARE Possible Spambot Checking in to Spam
2002989 || ET MALWARE Possible Spambot getting new exe url
2002990 || ET MALWARE Possible Spambot Pulling IP List to Spam
2002991 || ET MALWARE Possible Spambot getting new exe
2002992 || ET SCAN Rapid POP3 Connections - Possible Brute Force Attack
2002993 || ET SCAN Rapid POP3S Connections - Possible Brute Force Attack
2002994 || ET SCAN Rapid IMAP Connections - Possible Brute Force Attack
2002995 || ET SCAN Rapid IMAPS Connections - Possible Brute Force Attack
2002996 || ET WEB PHP GeekLog Remote File Include Vulnerability || url,securitydot.net/xpl/exploits/vulnerabilities/articles/1122/exploit.html
2002997 || ET WEB PHP Remote File Inclusion (monster list http) || url,www.sans.org/top20/
2002998 || ET SMTP HELO Non-Displayable Characters MailEnable Denial of Service || bugtraq,18630 || cve,2006-3277
2002999 || ET MALWARE /jk/exp.wmf Exploit Code Load Attempt
2003000 || ET MALWARE PopupSh.ocx Access Attempt
2003002 || ET POLICY TLS/SSL Client Hello on Unusual Port TLS
2003003 || ET POLICY TLS/SSL Client Hello on Unusual Port SSLv3
2003004 || ET POLICY TLS/SSL Client Hello on Unusual Port Case 2
2003005 || ET POLICY TLS/SSL Client Hello on Unusual Port SSLv3
2003006 || ET POLICY TLS/SSL Client Key Exchange on Unusual Port
2003007 || ET POLICY TLS/SSL Client Key Exchange on Unusual Port SSLv3
2003008 || ET POLICY TLS/SSL Client Cipher Set on Unusual Port
2003009 || ET POLICY TLS/SSL Client Cipher Set on Unusual Port SSLv3
2003010 || ET POLICY TLS/SSL Server Hello on Unusual Port
2003011 || ET POLICY TLS/SSL Server Hello on Unusual Port SSLv3
2003012 || ET POLICY TLS/SSL Server Certificate Exchange on Unusual Port
2003013 || ET POLICY TLS/SSL Server Certificate Exchange on Unusual Port SSLv3
2003014 || ET POLICY TLS/SSL Server Key Exchange on Unusual Port
2003015 || ET POLICY TLS/SSL Server Key Exchange on Unusual Port SSLv3
2003016 || ET POLICY TLS/SSL Server Hello Done on Unusual Port
2003017 || ET POLICY TLS/SSL Server Hello Done on Unusual Port SSLv3
2003018 || ET POLICY TLS/SSL Server Cipher Set on Unusual Port
2003019 || ET POLICY TLS/SSL Server Cipher Set on Unusual Port SSLv3
2003020 || ET POLICY TLS/SSL Encrypted Application Data on Unusual Port
2003021 || ET POLICY TLS/SSL Encrypted Application Data on Unusual Port SSLv3
2003022 || ET POLICY Skype Bootstrap Node (udp) || url,www1.cs.columbia.edu/~library/TR-repository/reports/reports-2004/cucs-039-04.pdf
2003023 || ET EXPLOIT IE StructuredGraphicsControl SourceURL Bug MoBB#6 || cve,2006-3427 || url,browserfun.blogspot.com/2006/07/mobb-6-structuredgraphicscontrol.html
2003025 || ET MALWARE Unknown Web Bot Controller Accessed
2003026 || ET POLICY Known SSL traffic on port 443 being excluded from SSL Alerts
2003027 || ET POLICY Known SSL traffic on port 8000 being excluded from SSL Alerts
2003028 || ET POLICY Known SSL traffic on port 8080 being excluded from SSL Alerts
2003029 || ET POLICY Known SSL traffic on port 8200 being excluded from SSL Alerts
2003030 || ET POLICY Known SSL traffic on port 8443 being excluded from SSL Alerts
2003031 || ET POLICY Known SSL traffic on port 5222 (Jabber) being excluded from SSL Alerts
2003032 || ET POLICY Known SSL traffic on port 5223 (Jabber) being excluded from SSL Alerts
2003033 || ET POLICY Known SSL traffic on port 2967 (Symantec) being excluded from SSL Alerts
2003034 || ET MALWARE Trojan.Downloader.Time2Pay.AQ || url,research.sunbelt-software.com
2003035 || ET POLICY Known SSL traffic on port 3128 (proxy) being excluded from SSL Alerts
2003036 || ET POLICY Known SSL traffic on port 8080 (proxy) being excluded from SSL Alerts
2003037 || ET POLICY Known SSL traffic on port 8292 (Bloomberg) being excluded from SSL Alerts
2003038 || ET POLICY Known SSL traffic on port 8294 (Bloomberg) being excluded from SSL Alerts
2003039 || ET EXPLOIT UPnP DLink M-Search Overflow Attempt || url,www.eeye.com/html/research/advisories/AD20060714.html
2003040 || ET POLICY PCMesh Anonymous Proxy client connect
2003041 || ET VIRUS Win32.SMTP-Mailer SMTP Outbound || url,www.hauri.net/virus/virusinfo_read.php?code=TRW3000774&start=1 || url,research.sunbelt-software.com/threatdisplay.aspx?name=Win32.SMTP-Mailer&threatid=48095
2003045 || ET POLICY Real.com Game Arcade Install (User agent)
2003046 || ET POLICY Real.com Game Arcade Install
2003047 || ET POLICY Proxy Judge Discovery/Evasion (prxjdg.cgi)
2003048 || ET POLICY Proxy Judge Discovery/Evasion (proxyjudge.cgi)
2003055 || ET MALWARE Suspicious 220 Banner on Local Port
2003056 || ET WEB-MISC EiQNetworks Security Analyzer Buffer Overflow || url,secunia.com/advisories/21211/ || cve,2006-3838
2003057 || ET MALWARE 180solutions Spyware Actionlibs Download || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html
2003058 || ET MALWARE 180solutions (Zango) Spyware Installer Download || url,securityresponse.symantec.c