[Emerging-updates] Live Commit Output

emerging@emergingthreats.net emerging at emergingthreats.net
Tue Dec 1 14:34:05 EST 2009


[***] Results from Oinkmaster started Tue Dec  1 14:34:05 2009 [***]

[+++]          Added rules:          [+++]

 2010373 - ET WEB_CLIENT Haihaisoft Universal Player ActiveX Control URL Property Buffer Overflow Attempt (emerging-web_client.rules)
 2010374 - ET WEB_CLIENT ACTIVEX Haihaisoft Universal Player ActiveX Control URL Property Buffer Overflow Function Call Attempt (emerging-web_client.rules)
 2010375 - ET EXPLOIT Possible Oracle Database Text Component ctxsys.drvxtabc.create_tables Remote SQL Injection Attempt (emerging-exploit.rules)
 2010376 - ET CURRENT_EVENTS WU Malicious Spam Inbound (emerging-current_events.rules)
 2010377 - ET POLICY JBOSS/JMX 80 access from outside (emerging-policy.rules)
 2010378 - ET POLICY JBOSS/JMX 8080 access from outside (emerging-policy.rules)
 2010379 - ET WEB-APPS JBOSS/JMX REMOTE WAR deployment attempt (POST) (emerging-web_server.rules)
 2010380 - ET WEB-APPS JBOSS/JMX REMOTE WAR deployment  attempt (GET) (emerging-web_server.rules)
 2010381 - ET TROJAN Bredolab Checkin (emerging-virus.rules)
 2010382 - ET TROJAN Fake AV GET (emerging-virus.rules)
 2010383 - ET EXPLOIT METASPLOIT BSD Bind shell (emerging-exploit.rules)
 2010384 - ET EXPLOIT METASPLOIT BSD Bind shell (Countdown Encoded 1) (emerging-exploit.rules)
 2010385 - ET EXPLOIT METASPLOIT BSD Bind shell (Countdown Encoded 2) (emerging-exploit.rules)
 2010386 - ET EXPLOIT METASPLOIT BSD Bind shell (Countdown Encoded 3) (emerging-exploit.rules)
 2010387 - ET EXPLOIT METASPLOIT BSD Bind shell (Countdown Encoded 4) (emerging-exploit.rules)
 2010388 - ET EXPLOIT METASPLOIT BSD Bind shell (Countdown Encoded 5) (emerging-exploit.rules)
 2010389 - ET EXPLOIT METASPLOIT BSD Bind shell (Pex Encoded 1) (emerging-exploit.rules)
 2010390 - ET EXPLOIT METASPLOIT BSD Bind shell (Pex Encoded 2) (emerging-exploit.rules)
 2010391 - ET EXPLOIT METASPLOIT BSD Bind shell (Not Encoded 1) (emerging-exploit.rules)
 2010392 - ET EXPLOIT METASPLOIT BSD Bind shell (Not Encoded 2) (emerging-exploit.rules)
 2010393 - ET EXPLOIT METASPLOIT BSD Bind shell (Not Encoded 3) (emerging-exploit.rules)
 2010394 - ET EXPLOIT METASPLOIT BSD Bind shell (Not Encoded 4) (emerging-exploit.rules)
 2010395 - ET EXPLOIT METASPLOIT BSD Bind shell (Not Encoded 5) (emerging-exploit.rules)
 2010396 - ET EXPLOIT METASPLOIT BSD Bind shell (Pex Alphanumeric Encoded 1) (emerging-exploit.rules)
 2010397 - ET EXPLOIT METASPLOIT BSD Bind shell (Pex Alphanumeric Encoded 2) (emerging-exploit.rules)
 2010398 - ET EXPLOIT METASPLOIT BSD Bind shell (Pex Alphanumeric Encoded 3) (emerging-exploit.rules)
 2010399 - ET EXPLOIT METASPLOIT BSD Bind shell (Pex Alphanumeric Encoded 4) (emerging-exploit.rules)
 2010400 - ET EXPLOIT METASPLOIT BSD Bind shell (Pex Alphanumeric Encoded 5) (emerging-exploit.rules)
 2010401 - ET EXPLOIT METASPLOIT BSD Bind shell (PexFstEnvMov Encoded 1) (emerging-exploit.rules)
 2010402 - ET EXPLOIT METASPLOIT BSD Bind shell (PexFstEnvMov Encoded 2) (emerging-exploit.rules)
 2010403 - ET EXPLOIT METASPLOIT BSD Bind shell (JmpCallAdditive Encoded) (emerging-exploit.rules)
 2010404 - ET EXPLOIT METASPLOIT BSD Bind shell (Alpha2 Encoded 1) (emerging-exploit.rules)
 2010405 - ET EXPLOIT METASPLOIT BSD Bind shell (Alpha2 Encoded 2) (emerging-exploit.rules)
 2010406 - ET EXPLOIT METASPLOIT BSD Bind shell (Alpha2 Encoded 3) (emerging-exploit.rules)
 2010407 - ET EXPLOIT METASPLOIT BSD Reverse shell (PexFnstenvSub Encoded 1) (emerging-exploit.rules)
 2010408 - ET EXPLOIT METASPLOIT BSD Reverse shell (PexFnstenvSub Encoded 2) (emerging-exploit.rules)
 2010409 - ET EXPLOIT METASPLOIT BSD Reverse shell (Countdown Encoded 1) (emerging-exploit.rules)
 2010410 - ET EXPLOIT METASPLOIT BSD Reverse shell (Countdown Encoded 2) (emerging-exploit.rules)
 2010411 - ET EXPLOIT METASPLOIT BSD Reverse shell (Countdown Encoded 3) (emerging-exploit.rules)
 2010412 - ET EXPLOIT METASPLOIT BSD Reverse shell (Countdown Encoded 4) (emerging-exploit.rules)
 2010413 - ET EXPLOIT METASPLOIT BSD Reverse shell (Pex Encoded 1) (emerging-exploit.rules)
 2010414 - ET EXPLOIT METASPLOIT BSD Reverse shell (Pex Encoded 2) (emerging-exploit.rules)
 2010415 - ET EXPLOIT METASPLOIT BSD Reverse shell (Not Encoded 1) (emerging-exploit.rules)
 2010416 - ET EXPLOIT METASPLOIT BSD Reverse shell (Not Encoded 2) (emerging-exploit.rules)
 2010417 - ET EXPLOIT METASPLOIT BSD Reverse shell (Not Encoded 3) (emerging-exploit.rules)
 2010418 - ET EXPLOIT METASPLOIT BSD Reverse shell (Pex Alphanumeric Encoded 1) (emerging-exploit.rules)
 2010419 - ET EXPLOIT METASPLOIT BSD Reverse shell (Pex Alphanumeric Encoded 2) (emerging-exploit.rules)
 2010420 - ET EXPLOIT METASPLOIT BSD Reverse shell (Pex Alphanumeric Encoded 3) (emerging-exploit.rules)
 2010421 - ET EXPLOIT METASPLOIT BSD Reverse shell (PexFnstenvMov Encoded 1) (emerging-exploit.rules)
 2010422 - ET EXPLOIT METASPLOIT BSD Reverse shell (PexFnstenvMov Encoded 2) (emerging-exploit.rules)
 2010423 - ET EXPLOIT METASPLOIT BSD Reverse shell (JmpCallAdditive Encoded 1) (emerging-exploit.rules)
 2010424 - ET EXPLOIT METASPLOIT BSD Reverse shell (Alpha2 Encoded 1) (emerging-exploit.rules)
 2010425 - ET EXPLOIT METASPLOIT BSD Reverse shell (Alpha2 Encoded 2) (emerging-exploit.rules)
 2010426 - ET EXPLOIT METASPLOIT BSD Reverse shell (Alpha2 Encoded 3) (emerging-exploit.rules)
 2010427 - ET EXPLOIT METASPLOIT BSD SPARC Bind shell (SPARC Encoded 1) (emerging-exploit.rules)
 2010428 - ET EXPLOIT METASPLOIT BSD SPARC Bind shell (SPARC Encoded 2) (emerging-exploit.rules)
 2010429 - ET EXPLOIT METASPLOIT BSD SPARC Bind shell (Not Encoded 1) (emerging-exploit.rules)
 2010430 - ET EXPLOIT METASPLOIT BSD SPARC Bind shell (Not Encoded 2) (emerging-exploit.rules)
 2010431 - ET EXPLOIT METASPLOIT BSD SPARC Bind shell (Not Encoded 3) (emerging-exploit.rules)
 2010432 - ET EXPLOIT METASPLOIT BSD SPARC Bind shell (Not Encoded 4) (emerging-exploit.rules)
 2010433 - ET EXPLOIT METASPLOIT BSD SPARC Reverse shell (Not Encoded 1) (emerging-exploit.rules)
 2010434 - ET EXPLOIT METASPLOIT BSD SPARC Reverse shell (Not Encoded 2) (emerging-exploit.rules)
 2010435 - ET EXPLOIT METASPLOIT BSD SPARC Reverse shell (SPARC Encoded 1) (emerging-exploit.rules)
 2010436 - ET EXPLOIT METASPLOIT BSD SPARC Reverse shell (SPARC Encoded 2) (emerging-exploit.rules)
 2010437 - ET EXPLOIT METASPLOIT BSD SPARC Reverse shell (Not Encoded 3) (emerging-exploit.rules)


[///]     Modified active rules:     [///]

 2400000 - ET DROP Spamhaus DROP Listed Traffic Inbound (emerging-drop.rules)
 2400001 - ET DROP Spamhaus DROP Listed Traffic Inbound (emerging-drop.rules)
 2400002 - ET DROP Spamhaus DROP Listed Traffic Inbound (emerging-drop.rules)
 2400003 - ET DROP Spamhaus DROP Listed Traffic Inbound (emerging-drop.rules)
 2400004 - ET DROP Spamhaus DROP Listed Traffic Inbound (emerging-drop.rules)
 2400005 - ET DROP Spamhaus DROP Listed Traffic Inbound (emerging-drop.rules)
 2400006 - ET DROP Spamhaus DROP Listed Traffic Inbound (emerging-drop.rules)
 2400007 - ET DROP Spamhaus DROP Listed Traffic Inbound (emerging-drop.rules)
 2401000 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (emerging-drop-BLOCK.rules)
 2401001 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (emerging-drop-BLOCK.rules)
 2401002 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (emerging-drop-BLOCK.rules)
 2401003 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (emerging-drop-BLOCK.rules)
 2401004 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (emerging-drop-BLOCK.rules)
 2401005 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (emerging-drop-BLOCK.rules)
 2401006 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (emerging-drop-BLOCK.rules)
 2401007 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (emerging-drop-BLOCK.rules)
 2402000 - ET DROP Dshield Block Listed Source (emerging-dshield.rules)
 2403000 - ET DROP Dshield Block Listed Source - BLOCKING (emerging-dshield-BLOCK.rules)
 2404000 - ET DROP Known Bot C&C Server Traffic (group 1)  (emerging-botcc.rules)
 2404001 - ET DROP Known Bot C&C Server Traffic (group 2)  (emerging-botcc.rules)
 2404002 - ET DROP Known Bot C&C Server Traffic (group 3)  (emerging-botcc.rules)
 2404003 - ET DROP Known Bot C&C Server Traffic (group 4)  (emerging-botcc.rules)
 2404004 - ET DROP Known Bot C&C Server Traffic (group 5)  (emerging-botcc.rules)
 2404005 - ET DROP Known Bot C&C Server Traffic (group 6)  (emerging-botcc.rules)
 2404006 - ET DROP Known Bot C&C Server Traffic (group 7)  (emerging-botcc.rules)
 2404007 - ET DROP Known Bot C&C Server Traffic (group 8)  (emerging-botcc.rules)
 2404008 - ET DROP Known Bot C&C Server Traffic (group 9)  (emerging-botcc.rules)
 2404009 - ET DROP Known Bot C&C Server Traffic (group 10)  (emerging-botcc.rules)
 2404010 - ET DROP Known Bot C&C Server Traffic (group 11)  (emerging-botcc.rules)
 2404011 - ET DROP Known Bot C&C Server Traffic (group 12)  (emerging-botcc.rules)
 2404012 - ET DROP Known Bot C&C Server Traffic (group 13)  (emerging-botcc.rules)
 2404013 - ET DROP Known Bot C&C Server Traffic (group 14)  (emerging-botcc.rules)
 2404014 - ET DROP Known Bot C&C Server Traffic (group 15)  (emerging-botcc.rules)
 2404015 - ET DROP Known Bot C&C Server Traffic (group 16)  (emerging-botcc.rules)
 2404016 - ET DROP Known Bot C&C Server Traffic (group 17)  (emerging-botcc.rules)
 2404017 - ET DROP Known Bot C&C Server Traffic (group 18)  (emerging-botcc.rules)
 2404018 - ET DROP Known Bot C&C Server Traffic (group 19)  (emerging-botcc.rules)
 2404019 - ET DROP Known Bot C&C Server Traffic (group 20)  (emerging-botcc.rules)
 2404020 - ET DROP Known Bot C&C Server Traffic (group 21)  (emerging-botcc.rules)
 2404021 - ET DROP Known Bot C&C Server Traffic (group 22)  (emerging-botcc.rules)
 2404022 - ET DROP Known Bot C&C Server Traffic (group 23)  (emerging-botcc.rules)
 2404023 - ET DROP Known Bot C&C Server Traffic (group 24)  (emerging-botcc.rules)
 2404024 - ET DROP Known Bot C&C Server Traffic (group 25)  (emerging-botcc.rules)
 2404025 - ET DROP Known Bot C&C Server Traffic (group 26)  (emerging-botcc.rules)
 2404026 - ET DROP Known Bot C&C Server Traffic (group 27)  (emerging-botcc.rules)
 2404027 - ET DROP Known Bot C&C Server Traffic (group 28)  (emerging-botcc.rules)
 2405000 - ET DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
 2405001 - ET DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
 2405002 - ET DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
 2405003 - ET DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
 2405004 - ET DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
 2405005 - ET DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
 2405006 - ET DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
 2405007 - ET DROP Known Bot C&C Traffic (group 8) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
 2405008 - ET DROP Known Bot C&C Traffic (group 9) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
 2405009 - ET DROP Known Bot C&C Traffic (group 10) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
 2405010 - ET DROP Known Bot C&C Traffic (group 11) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
 2405011 - ET DROP Known Bot C&C Traffic (group 12) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
 2405012 - ET DROP Known Bot C&C Traffic (group 13) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
 2405013 - ET DROP Known Bot C&C Traffic (group 14) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
 2405014 - ET DROP Known Bot C&C Traffic (group 15) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
 2405015 - ET DROP Known Bot C&C Traffic (group 16) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
 2405016 - ET DROP Known Bot C&C Traffic (group 17) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
 2405017 - ET DROP Known Bot C&C Traffic (group 18) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
 2405018 - ET DROP Known Bot C&C Traffic (group 19) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
 2405019 - ET DROP Known Bot C&C Traffic (group 20) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
 2405020 - ET DROP Known Bot C&C Traffic (group 21) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
 2405021 - ET DROP Known Bot C&C Traffic (group 22) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
 2405022 - ET DROP Known Bot C&C Traffic (group 23) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
 2405023 - ET DROP Known Bot C&C Traffic (group 24) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
 2405024 - ET DROP Known Bot C&C Traffic (group 25) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
 2405025 - ET DROP Known Bot C&C Traffic (group 26) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
 2405026 - ET DROP Known Bot C&C Traffic (group 27) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)
 2405027 - ET DROP Known Bot C&C Traffic (group 28) - BLOCKING SOURCE (emerging-botcc-BLOCK.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to emerging-drop-BLOCK.rules (2):
        #  VERSION 1734
        #  Generated 2009-12-01 00:03:02 EDT

     -> Added to emerging-drop.rules (2):
        #  VERSION 1734
        #  Generated 2009-12-01 00:03:02 EDT

     -> Added to emerging-exploit.rules (37):
        # Metasploit BSD shellcode detect rules by h0f - Jennylab
        # Alberto Garcia de Dios
        # albertogdedios at andaluciajunta.es
        # http://www.jennylab.org
        #####
        # METASPLOIT SHELLCODE RULES
        #####
        # BSD METASPLOIT RULES
        #### BSD BIND SHELL #######
        # BSD Bind Shell - ENCODE: PexFnstenvSub
        # BSD Bind Shell - ENCODE: CountDown
        #BSD Bind Shell - ENCODE: Pex
        #BSD Bind Shell - ENCODE: None
        #BSD Bind Shell - ENCODE: PexAlphaNum
        #BSD Bind Shell - ENCODE: PexFstEnvMov
        #BSD Bind Shell - ENCODE: JmpCallAditive
        #BSD Bind Shell - ENCODE: Alpha2
        #### EOF BSD BIND SHELL ######
        ### BSD REVERSE SHELL #######
        #BSD Reverse Shell - ENCODE: PexFnstenvSub
        #BSD Reverse Shell - ENCODE: Countdown
        #BSD Reverse Shell - ENCODE: Pex
        #BSD Reverse Shell - ENCODE: None
        #BSD Reverse Shell - ENCODE: PexAlphaNum
        #BSD Reverse Shell - ENCODE: PexFnstenvMov
        #BSD Reverse Shell - ENCODE: JmpCallAditive
        #BSD Reverse Shell - ENCODE: Alpha2
        ##### EOF BSD Reverse Shell#####
        ##### BSD SPARC Bind Shell #########
        #BSD SPARC Bind Shell - ENCODE: SPARC
        #BSD SPARC Bind Shell - ENCODE: None
        #### EOF BSD SPARC Bind Shell #########4
        ### BSD SPARC Reverse Shell ########
        #BSD SPARC Reverse Shell - ENCODE: None
        #BSD SPARC Reverse Shell - ENCODE: SPARC
        #### EOF BSD SPARC Reverse Shell ####
        #by Kevin Ross

     -> Added to emerging-policy.rules (1):
        #by mex

     -> Added to emerging-sid-msg.map (133):
        2010373 || ET WEB_CLIENT Haihaisoft Universal Player ActiveX Control URL Property Buffer Overflow Attempt || url,www.securityfocus.com/bid/37151/info || url,www.shinnai.net/exploits/ZzLsi6TIfSuVPh1kPHmP.txt
        2010374 || ET WEB_CLIENT ACTIVEX Haihaisoft Universal Player ActiveX Control URL Property Buffer Overflow Function Call Attempt || url,www.securityfocus.com/bid/37151/info || url,www.shinnai.net/exploits/ZzLsi6TIfSuVPh1kPHmP.txt
        2010375 || ET EXPLOIT Possible Oracle Database Text Component ctxsys.drvxtabc.create_tables Remote SQL Injection Attempt || cve,2009-1991 || url,www.securityfocus.com/bid/36748
        2010376 || ET CURRENT_EVENTS WU Malicious Spam Inbound || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_DHL
        2010377 || ET POLICY JBOSS/JMX 80 access from outside || url,www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf || url,www.notsosecure.com/folder2/2009/10/27/hacking-jboss-with-jmx-console/
        2010378 || ET POLICY JBOSS/JMX 8080 access from outside || url,www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf || url,www.notsosecure.com/folder2/2009/10/27/hacking-jboss-with-jmx-console/
        2010379 || ET WEB-APPS JBOSS/JMX REMOTE WAR deployment attempt (POST) || url,www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf || url,www.notsosecure.com/folder2/2009/10/27/hacking-jboss-with-jmx-console/
        2010380 || ET WEB-APPS JBOSS/JMX REMOTE WAR deployment  attempt (GET) || url,www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf || url,www.notsosecure.com/folder2/2009/10/27/hacking-jboss-with-jmx-console/
        2010381 || ET TROJAN Bredolab Checkin || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Bredolab || url,threatexpert.com/report.aspx?md5=a5f94577d00d0306e4ef64bad30e5d37
        2010382 || ET TROJAN Fake AV GET || url,threatexpert.com/report.aspx?md5=8d1b47452307259f1e191e16ed23cd35
        2010383 || ET EXPLOIT METASPLOIT BSD Bind shell
        2010384 || ET EXPLOIT METASPLOIT BSD Bind shell (Countdown Encoded 1)
        2010385 || ET EXPLOIT METASPLOIT BSD Bind shell (Countdown Encoded 2)
        2010386 || ET EXPLOIT METASPLOIT BSD Bind shell (Countdown Encoded 3)
        2010387 || ET EXPLOIT METASPLOIT BSD Bind shell (Countdown Encoded 4)
        2010388 || ET EXPLOIT METASPLOIT BSD Bind shell (Countdown Encoded 5)
        2010389 || ET EXPLOIT METASPLOIT BSD Bind shell (Pex Encoded 1)
        2010390 || ET EXPLOIT METASPLOIT BSD Bind shell (Pex Encoded 2)
        2010391 || ET EXPLOIT METASPLOIT BSD Bind shell (Not Encoded 1)
        2010392 || ET EXPLOIT METASPLOIT BSD Bind shell (Not Encoded 2)
        2010393 || ET EXPLOIT METASPLOIT BSD Bind shell (Not Encoded 3)
        2010394 || ET EXPLOIT METASPLOIT BSD Bind shell (Not Encoded 4)
        2010395 || ET EXPLOIT METASPLOIT BSD Bind shell (Not Encoded 5)
        2010396 || ET EXPLOIT METASPLOIT BSD Bind shell (Pex Alphanumeric Encoded 1)
        2010397 || ET EXPLOIT METASPLOIT BSD Bind shell (Pex Alphanumeric Encoded 2)
        2010398 || ET EXPLOIT METASPLOIT BSD Bind shell (Pex Alphanumeric Encoded 3)
        2010399 || ET EXPLOIT METASPLOIT BSD Bind shell (Pex Alphanumeric Encoded 4)
        2010400 || ET EXPLOIT METASPLOIT BSD Bind shell (Pex Alphanumeric Encoded 5)
        2010401 || ET EXPLOIT METASPLOIT BSD Bind shell (PexFstEnvMov Encoded 1)
        2010402 || ET EXPLOIT METASPLOIT BSD Bind shell (PexFstEnvMov Encoded 2)
        2010403 || ET EXPLOIT METASPLOIT BSD Bind shell (JmpCallAdditive Encoded)
        2010404 || ET EXPLOIT METASPLOIT BSD Bind shell (Alpha2 Encoded 1)
        2010405 || ET EXPLOIT METASPLOIT BSD Bind shell (Alpha2 Encoded 2)
        2010406 || ET EXPLOIT METASPLOIT BSD Bind shell (Alpha2 Encoded 3)
        2010407 || ET EXPLOIT METASPLOIT BSD Reverse shell (PexFnstenvSub Encoded 1)
        2010408 || ET EXPLOIT METASPLOIT BSD Reverse shell (PexFnstenvSub Encoded 2)
        2010409 || ET EXPLOIT METASPLOIT BSD Reverse shell (Countdown Encoded 1)
        2010410 || ET EXPLOIT METASPLOIT BSD Reverse shell (Countdown Encoded 2)
        2010411 || ET EXPLOIT METASPLOIT BSD Reverse shell (Countdown Encoded 3)
        2010412 || ET EXPLOIT METASPLOIT BSD Reverse shell (Countdown Encoded 4)
        2010413 || ET EXPLOIT METASPLOIT BSD Reverse shell (Pex Encoded 1)
        2010414 || ET EXPLOIT METASPLOIT BSD Reverse shell (Pex Encoded 2)
        2010415 || ET EXPLOIT METASPLOIT BSD Reverse shell (Not Encoded 1)
        2010416 || ET EXPLOIT METASPLOIT BSD Reverse shell (Not Encoded 2)
        2010417 || ET EXPLOIT METASPLOIT BSD Reverse shell (Not Encoded 3)
        2010418 || ET EXPLOIT METASPLOIT BSD Reverse shell (Pex Alphanumeric Encoded 1)
        2010419 || ET EXPLOIT METASPLOIT BSD Reverse shell (Pex Alphanumeric Encoded 2)
        2010420 || ET EXPLOIT METASPLOIT BSD Reverse shell (Pex Alphanumeric Encoded 3)
        2010421 || ET EXPLOIT METASPLOIT BSD Reverse shell (PexFnstenvMov Encoded 1)
        2010422 || ET EXPLOIT METASPLOIT BSD Reverse shell (PexFnstenvMov Encoded 2)
        2010423 || ET EXPLOIT METASPLOIT BSD Reverse shell (JmpCallAdditive Encoded 1)
        2010424 || ET EXPLOIT METASPLOIT BSD Reverse shell (Alpha2 Encoded 1)
        2010425 || ET EXPLOIT METASPLOIT BSD Reverse shell (Alpha2 Encoded 2)
        2010426 || ET EXPLOIT METASPLOIT BSD Reverse shell (Alpha2 Encoded 3)
        2010427 || ET EXPLOIT METASPLOIT BSD SPARC Bind shell (SPARC Encoded 1)
        2010428 || ET EXPLOIT METASPLOIT BSD SPARC Bind shell (SPARC Encoded 2)
        2010429 || ET EXPLOIT METASPLOIT BSD SPARC Bind shell (Not Encoded 1)
        2010430 || ET EXPLOIT METASPLOIT BSD SPARC Bind shell (Not Encoded 2)
        2010431 || ET EXPLOIT METASPLOIT BSD SPARC Bind shell (Not Encoded 3)
        2010432 || ET EXPLOIT METASPLOIT BSD SPARC Bind shell (Not Encoded 4)
        2010433 || ET EXPLOIT METASPLOIT BSD SPARC Reverse shell (Not Encoded 1)
        2010434 || ET EXPLOIT METASPLOIT BSD SPARC Reverse shell (Not Encoded 2)
        2010435 || ET EXPLOIT METASPLOIT BSD SPARC Reverse shell (SPARC Encoded 1)
        2010436 || ET EXPLOIT METASPLOIT BSD SPARC Reverse shell (SPARC Encoded 2)
        2010437 || ET EXPLOIT METASPLOIT BSD SPARC Reverse shell (Not Encoded 3)
        2500506 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (254) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500507 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (254) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500508 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (255) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500509 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (255) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500510 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (256) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500511 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (256) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500512 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (257) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500513 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (257) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500514 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (258) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500515 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (258) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500516 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (259) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500517 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (259) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500518 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (260) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500519 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (260) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500520 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (261) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500521 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (261) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500522 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (262) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500523 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (262) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500524 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (263) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500525 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (263) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500526 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (264) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500527 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (264) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500528 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (265) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500529 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (265) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500530 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (266) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500531 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (266) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500532 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (267) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500533 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (267) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500534 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (268) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500535 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (268) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500536 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (269) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500537 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (269) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500538 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (270) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500539 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (270) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510506 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (254) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510507 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (254) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510508 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (255) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510509 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (255) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510510 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (256) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510511 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (256) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510512 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (257) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510513 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (257) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510514 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (258) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510515 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (258) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510516 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (259) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510517 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (259) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510518 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (260) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510519 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (260) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510520 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (261) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510521 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (261) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510522 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (262) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510523 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (262) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510524 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (263) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510525 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (263) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510526 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (264) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510527 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (264) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510528 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (265) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510529 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (265) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510530 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (266) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510531 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (266) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510532 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (267) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510533 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (267) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510534 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (268) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510535 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (268) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510536 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (269) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510537 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (269) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510538 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (270) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510539 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (270) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts

     -> Added to emerging-sid-msg.map.txt (133):
        2010373 || ET WEB_CLIENT Haihaisoft Universal Player ActiveX Control URL Property Buffer Overflow Attempt || url,www.securityfocus.com/bid/37151/info || url,www.shinnai.net/exploits/ZzLsi6TIfSuVPh1kPHmP.txt
        2010374 || ET WEB_CLIENT ACTIVEX Haihaisoft Universal Player ActiveX Control URL Property Buffer Overflow Function Call Attempt || url,www.securityfocus.com/bid/37151/info || url,www.shinnai.net/exploits/ZzLsi6TIfSuVPh1kPHmP.txt
        2010375 || ET EXPLOIT Possible Oracle Database Text Component ctxsys.drvxtabc.create_tables Remote SQL Injection Attempt || cve,2009-1991 || url,www.securityfocus.com/bid/36748
        2010376 || ET CURRENT_EVENTS WU Malicious Spam Inbound || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_DHL
        2010377 || ET POLICY JBOSS/JMX 80 access from outside || url,www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf || url,www.notsosecure.com/folder2/2009/10/27/hacking-jboss-with-jmx-console/
        2010378 || ET POLICY JBOSS/JMX 8080 access from outside || url,www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf || url,www.notsosecure.com/folder2/2009/10/27/hacking-jboss-with-jmx-console/
        2010379 || ET WEB-APPS JBOSS/JMX REMOTE WAR deployment attempt (POST) || url,www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf || url,www.notsosecure.com/folder2/2009/10/27/hacking-jboss-with-jmx-console/
        2010380 || ET WEB-APPS JBOSS/JMX REMOTE WAR deployment  attempt (GET) || url,www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf || url,www.notsosecure.com/folder2/2009/10/27/hacking-jboss-with-jmx-console/
        2010381 || ET TROJAN Bredolab Checkin || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Bredolab || url,threatexpert.com/report.aspx?md5=a5f94577d00d0306e4ef64bad30e5d37
        2010382 || ET TROJAN Fake AV GET || url,threatexpert.com/report.aspx?md5=8d1b47452307259f1e191e16ed23cd35
        2010383 || ET EXPLOIT METASPLOIT BSD Bind shell
        2010384 || ET EXPLOIT METASPLOIT BSD Bind shell (Countdown Encoded 1)
        2010385 || ET EXPLOIT METASPLOIT BSD Bind shell (Countdown Encoded 2)
        2010386 || ET EXPLOIT METASPLOIT BSD Bind shell (Countdown Encoded 3)
        2010387 || ET EXPLOIT METASPLOIT BSD Bind shell (Countdown Encoded 4)
        2010388 || ET EXPLOIT METASPLOIT BSD Bind shell (Countdown Encoded 5)
        2010389 || ET EXPLOIT METASPLOIT BSD Bind shell (Pex Encoded 1)
        2010390 || ET EXPLOIT METASPLOIT BSD Bind shell (Pex Encoded 2)
        2010391 || ET EXPLOIT METASPLOIT BSD Bind shell (Not Encoded 1)
        2010392 || ET EXPLOIT METASPLOIT BSD Bind shell (Not Encoded 2)
        2010393 || ET EXPLOIT METASPLOIT BSD Bind shell (Not Encoded 3)
        2010394 || ET EXPLOIT METASPLOIT BSD Bind shell (Not Encoded 4)
        2010395 || ET EXPLOIT METASPLOIT BSD Bind shell (Not Encoded 5)
        2010396 || ET EXPLOIT METASPLOIT BSD Bind shell (Pex Alphanumeric Encoded 1)
        2010397 || ET EXPLOIT METASPLOIT BSD Bind shell (Pex Alphanumeric Encoded 2)
        2010398 || ET EXPLOIT METASPLOIT BSD Bind shell (Pex Alphanumeric Encoded 3)
        2010399 || ET EXPLOIT METASPLOIT BSD Bind shell (Pex Alphanumeric Encoded 4)
        2010400 || ET EXPLOIT METASPLOIT BSD Bind shell (Pex Alphanumeric Encoded 5)
        2010401 || ET EXPLOIT METASPLOIT BSD Bind shell (PexFstEnvMov Encoded 1)
        2010402 || ET EXPLOIT METASPLOIT BSD Bind shell (PexFstEnvMov Encoded 2)
        2010403 || ET EXPLOIT METASPLOIT BSD Bind shell (JmpCallAdditive Encoded)
        2010404 || ET EXPLOIT METASPLOIT BSD Bind shell (Alpha2 Encoded 1)
        2010405 || ET EXPLOIT METASPLOIT BSD Bind shell (Alpha2 Encoded 2)
        2010406 || ET EXPLOIT METASPLOIT BSD Bind shell (Alpha2 Encoded 3)
        2010407 || ET EXPLOIT METASPLOIT BSD Reverse shell (PexFnstenvSub Encoded 1)
        2010408 || ET EXPLOIT METASPLOIT BSD Reverse shell (PexFnstenvSub Encoded 2)
        2010409 || ET EXPLOIT METASPLOIT BSD Reverse shell (Countdown Encoded 1)
        2010410 || ET EXPLOIT METASPLOIT BSD Reverse shell (Countdown Encoded 2)
        2010411 || ET EXPLOIT METASPLOIT BSD Reverse shell (Countdown Encoded 3)
        2010412 || ET EXPLOIT METASPLOIT BSD Reverse shell (Countdown Encoded 4)
        2010413 || ET EXPLOIT METASPLOIT BSD Reverse shell (Pex Encoded 1)
        2010414 || ET EXPLOIT METASPLOIT BSD Reverse shell (Pex Encoded 2)
        2010415 || ET EXPLOIT METASPLOIT BSD Reverse shell (Not Encoded 1)
        2010416 || ET EXPLOIT METASPLOIT BSD Reverse shell (Not Encoded 2)
        2010417 || ET EXPLOIT METASPLOIT BSD Reverse shell (Not Encoded 3)
        2010418 || ET EXPLOIT METASPLOIT BSD Reverse shell (Pex Alphanumeric Encoded 1)
        2010419 || ET EXPLOIT METASPLOIT BSD Reverse shell (Pex Alphanumeric Encoded 2)
        2010420 || ET EXPLOIT METASPLOIT BSD Reverse shell (Pex Alphanumeric Encoded 3)
        2010421 || ET EXPLOIT METASPLOIT BSD Reverse shell (PexFnstenvMov Encoded 1)
        2010422 || ET EXPLOIT METASPLOIT BSD Reverse shell (PexFnstenvMov Encoded 2)
        2010423 || ET EXPLOIT METASPLOIT BSD Reverse shell (JmpCallAdditive Encoded 1)
        2010424 || ET EXPLOIT METASPLOIT BSD Reverse shell (Alpha2 Encoded 1)
        2010425 || ET EXPLOIT METASPLOIT BSD Reverse shell (Alpha2 Encoded 2)
        2010426 || ET EXPLOIT METASPLOIT BSD Reverse shell (Alpha2 Encoded 3)
        2010427 || ET EXPLOIT METASPLOIT BSD SPARC Bind shell (SPARC Encoded 1)
        2010428 || ET EXPLOIT METASPLOIT BSD SPARC Bind shell (SPARC Encoded 2)
        2010429 || ET EXPLOIT METASPLOIT BSD SPARC Bind shell (Not Encoded 1)
        2010430 || ET EXPLOIT METASPLOIT BSD SPARC Bind shell (Not Encoded 2)
        2010431 || ET EXPLOIT METASPLOIT BSD SPARC Bind shell (Not Encoded 3)
        2010432 || ET EXPLOIT METASPLOIT BSD SPARC Bind shell (Not Encoded 4)
        2010433 || ET EXPLOIT METASPLOIT BSD SPARC Reverse shell (Not Encoded 1)
        2010434 || ET EXPLOIT METASPLOIT BSD SPARC Reverse shell (Not Encoded 2)
        2010435 || ET EXPLOIT METASPLOIT BSD SPARC Reverse shell (SPARC Encoded 1)
        2010436 || ET EXPLOIT METASPLOIT BSD SPARC Reverse shell (SPARC Encoded 2)
        2010437 || ET EXPLOIT METASPLOIT BSD SPARC Reverse shell (Not Encoded 3)
        2500506 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (254) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500507 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (254) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500508 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (255) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500509 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (255) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500510 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (256) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500511 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (256) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500512 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (257) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500513 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (257) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500514 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (258) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500515 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (258) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500516 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (259) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500517 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (259) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500518 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (260) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500519 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (260) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500520 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (261) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500521 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (261) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500522 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (262) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500523 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (262) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500524 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (263) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500525 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (263) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500526 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (264) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500527 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (264) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500528 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (265) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500529 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (265) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500530 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (266) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500531 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (266) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500532 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (267) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500533 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (267) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500534 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (268) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500535 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (268) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500536 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (269) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500537 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (269) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500538 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (270) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500539 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (270) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510506 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (254) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510507 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (254) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510508 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (255) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510509 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (255) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510510 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (256) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510511 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (256) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510512 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (257) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510513 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (257) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510514 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (258) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510515 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (258) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510516 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (259) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510517 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (259) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510518 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (260) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510519 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (260) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510520 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (261) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510521 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (261) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510522 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (262) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510523 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (262) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510524 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (263) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510525 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (263) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510526 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (264) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510527 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (264) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510528 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (265) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510529 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (265) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510530 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (266) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510531 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (266) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510532 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (267) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510533 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (267) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510534 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (268) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510535 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (268) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510536 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (269) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510537 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (269) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510538 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP - BLOCKING (270) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2510539 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP - BLOCKING (270) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts

     -> Added to emerging-web_server.rules (1):
        #by mex

[---]     Removed non-rule lines:    [---]

     -> Removed from emerging-drop-BLOCK.rules (2):
        #  VERSION 1733
        #  Generated 2009-11-30 00:03:02 EDT

     -> Removed from emerging-drop.rules (2):
        #  VERSION 1733
        #  Generated 2009-11-30 00:03:02 EDT



More information about the Emerging-updates mailing list