[Emerging-updates] Live Commit Output

emerging@emergingthreats.net emerging at emergingthreats.net
Tue Jun 15 13:17:39 EDT 2010


[***] Results from Oinkmaster started Tue Jun 15 13:17:39 2010 [***]

[///]     Modified active rules:     [///]

 2000345 - ET ATTACK_RESPONSE IRC - Nick change on non-std port (emerging-attack_response.rules)
 2000346 - ET ATTACK_RESPONSE IRC - Name response on non-std port (emerging-attack_response.rules)
 2000347 - ET ATTACK_RESPONSE IRC - Private message on non-std port (emerging-attack_response.rules)
 2000348 - ET ATTACK_RESPONSE IRC - Channel JOIN on non-std port (emerging-attack_response.rules)
 2000349 - ET ATTACK_RESPONSE IRC - DCC file transfer request on non-std port (emerging-attack_response.rules)
 2000350 - ET ATTACK_RESPONSE IRC - DCC chat request on non-std port (emerging-attack_response.rules)
 2000351 - ET ATTACK_RESPONSE IRC - channel join on non-std port (emerging-attack_response.rules)
 2000352 - ET ATTACK_RESPONSE IRC - dns request on non-std port (emerging-attack_response.rules)
 2000499 - ET ATTACK_RESPONSE FTP inaccessible directory access COM1 (emerging-attack_response.rules)
 2000500 - ET ATTACK_RESPONSE FTP inaccessible directory access COM2 (emerging-attack_response.rules)
 2000501 - ET ATTACK_RESPONSE FTP inaccessible directory access COM3 (emerging-attack_response.rules)
 2000502 - ET ATTACK_RESPONSE FTP inaccessible directory access COM4 (emerging-attack_response.rules)
 2000503 - ET ATTACK_RESPONSE FTP inaccessible directory access LPT1 (emerging-attack_response.rules)
 2000504 - ET ATTACK_RESPONSE FTP inaccessible directory access LPT2 (emerging-attack_response.rules)
 2000505 - ET ATTACK_RESPONSE FTP inaccessible directory access LPT3 (emerging-attack_response.rules)
 2000506 - ET ATTACK_RESPONSE FTP inaccessible directory access LPT4 (emerging-attack_response.rules)
 2000507 - ET ATTACK_RESPONSE FTP inaccessible directory access AUX (emerging-attack_response.rules)
 2000508 - ET ATTACK_RESPONSE FTP inaccessible directory access NULL (emerging-attack_response.rules)
 2001616 - ET ATTACK_RESPONSE Zone-H.org defacement notification (emerging-attack_response.rules)
 2001620 - ET ATTACK_RESPONSE Likely Botnet Activity (emerging-attack_response.rules)
 2001628 - ET ATTACK_RESPONSE Outbound PHP Connection (emerging-attack_response.rules)
 2002034 - ET ATTACK_RESPONSE Possible /etc/passwd via HTTP (linux style) (emerging-attack_response.rules)
 2002809 - ET ATTACK_RESPONSE Hostile FTP Server Banner (StnyFtpd) (emerging-attack_response.rules)
 2002810 - ET ATTACK_RESPONSE Hostile FTP Server Banner (Reptile) (emerging-attack_response.rules)
 2002811 - ET ATTACK_RESPONSE Hostile FTP Server Banner (Bot Server) (emerging-attack_response.rules)
 2003071 - ET ATTACK_RESPONSE Possible /etc/passwd via HTTP (BSD style) (emerging-attack_response.rules)
 2003149 - ET ATTACK_RESPONSE Possible /etc/passwd via SMTP (linux style) (emerging-attack_response.rules)
 2003150 - ET ATTACK_RESPONSE Possible /etc/passwd via SMTP (BSD style) (emerging-attack_response.rules)
 2003464 - ET ATTACK_RESPONSE Unusual FTP Server Banner (warFTPd) (emerging-attack_response.rules)
 2003465 - ET ATTACK_RESPONSE Unusual FTP Server Banner (freeFTPd) (emerging-attack_response.rules)
 2003535 - ET ATTACK_RESPONSE r57 phpshell footer detected (emerging-attack_response.rules)
 2003536 - ET ATTACK_RESPONSE r57 phpshell source being uploaded (emerging-attack_response.rules)
 2006417 - ET ATTACK_RESPONSE Weak Netbios Lanman Auth Challenge Detected (emerging-attack_response.rules)
 2007651 - ET ATTACK_RESPONSE x2300 phpshell detected (emerging-attack_response.rules)
 2007652 - ET ATTACK_RESPONSE c99shell phpshell detected (emerging-attack_response.rules)
 2007653 - ET ATTACK_RESPONSE RFI Scanner detected (emerging-attack_response.rules)
 2007654 - ET ATTACK_RESPONSE C99 Modified phpshell detected (emerging-attack_response.rules)
 2007656 - ET ATTACK_RESPONSE ALBANIA id.php detected (emerging-attack_response.rules)
 2007715 - ET ATTACK_RESPONSE Off-Port FTP Without Banners - user (emerging-attack_response.rules)
 2007717 - ET ATTACK_RESPONSE Off-Port FTP Without Banners - pass (emerging-attack_response.rules)
 2007723 - ET ATTACK_RESPONSE Off-Port FTP Without Banners - retr (emerging-attack_response.rules)
 2007725 - ET ATTACK_RESPONSE Unusual FTP Server Banner on High Port (WinFtpd) (emerging-attack_response.rules)
 2007726 - ET ATTACK_RESPONSE Unusual FTP Server Banner on High Port (StnyFtpd) (emerging-attack_response.rules)
 2008556 - ET ATTACK_RESPONSE FTP CWD to windows system32 - Suspicious (emerging-attack_response.rules)
 2008559 - ET ATTACK_RESPONSE Windows LMHosts File Download - Likely DNSChanger Infection (emerging-attack_response.rules)
 2008953 - ET ATTACK_RESPONSE Possible MS CMD Shell opened on local system (emerging-attack_response.rules)
 2009210 - ET ATTACK_RESPONSE Unusual FTP Server Banner (fuckFtpd) (emerging-attack_response.rules)
 2009211 - ET ATTACK_RESPONSE Unusual FTP Server Banner (NzmxFtpd) (emerging-attack_response.rules)


[///]    Modified inactive rules:    [///]

 2007655 - ET ATTACK_RESPONSE lila.jpg phpshell detected (emerging-attack_response.rules)
 2007657 - ET ATTACK_RESPONSE Mic22 id.php detected (emerging-attack_response.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to emerging-sid-msg.map (50):
        2000345 || ET ATTACK_RESPONSE IRC - Nick change on non-std port || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Non-Standard_IRC || url,doc.emergingthreats.net/bin/view/Main/2000345
        2000346 || ET ATTACK_RESPONSE IRC - Name response on non-std port || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Non-Standard_IRC || url,doc.emergingthreats.net/bin/view/Main/2000346
        2000347 || ET ATTACK_RESPONSE IRC - Private message on non-std port || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Non-Standard_IRC || url,doc.emergingthreats.net/bin/view/Main/2000347
        2000348 || ET ATTACK_RESPONSE IRC - Channel JOIN on non-std port || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Non-Standard_IRC || url,doc.emergingthreats.net/bin/view/Main/2000348
        2000349 || ET ATTACK_RESPONSE IRC - DCC file transfer request on non-std port || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Non-Standard_IRC || url,doc.emergingthreats.net/bin/view/Main/2000349
        2000350 || ET ATTACK_RESPONSE IRC - DCC chat request on non-std port || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Non-Standard_IRC || url,doc.emergingthreats.net/bin/view/Main/2000350
        2000351 || ET ATTACK_RESPONSE IRC - channel join on non-std port || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Non-Standard_IRC || url,doc.emergingthreats.net/bin/view/Main/2000351
        2000352 || ET ATTACK_RESPONSE IRC - dns request on non-std port || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Non-Standard_IRC || url,doc.emergingthreats.net/bin/view/Main/2000352
        2000499 || ET ATTACK_RESPONSE FTP inaccessible directory access COM1 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hidden_FTP_File_Activity || url,doc.emergingthreats.net/bin/view/Main/2000499
        2000500 || ET ATTACK_RESPONSE FTP inaccessible directory access COM2 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hidden_FTP_File_Activity || url,doc.emergingthreats.net/bin/view/Main/2000500
        2000501 || ET ATTACK_RESPONSE FTP inaccessible directory access COM3 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hidden_FTP_File_Activity || url,doc.emergingthreats.net/bin/view/Main/2000501
        2000502 || ET ATTACK_RESPONSE FTP inaccessible directory access COM4 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hidden_FTP_File_Activity || url,doc.emergingthreats.net/bin/view/Main/2000502
        2000503 || ET ATTACK_RESPONSE FTP inaccessible directory access LPT1 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hidden_FTP_File_Activity || url,doc.emergingthreats.net/bin/view/Main/2000503
        2000504 || ET ATTACK_RESPONSE FTP inaccessible directory access LPT2 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hidden_FTP_File_Activity || url,doc.emergingthreats.net/bin/view/Main/2000504
        2000505 || ET ATTACK_RESPONSE FTP inaccessible directory access LPT3 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hidden_FTP_File_Activity || url,doc.emergingthreats.net/bin/view/Main/2000505
        2000506 || ET ATTACK_RESPONSE FTP inaccessible directory access LPT4 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hidden_FTP_File_Activity || url,doc.emergingthreats.net/bin/view/Main/2000506
        2000507 || ET ATTACK_RESPONSE FTP inaccessible directory access AUX || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hidden_FTP_File_Activity || url,doc.emergingthreats.net/bin/view/Main/2000507
        2000508 || ET ATTACK_RESPONSE FTP inaccessible directory access NULL || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hidden_FTP_File_Activity || url,doc.emergingthreats.net/bin/view/Main/2000508
        2001616 || ET ATTACK_RESPONSE Zone-H.org defacement notification || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Zone-h_Defacement || url,doc.emergingthreats.net/bin/view/Main/2001616
        2001620 || ET ATTACK_RESPONSE Likely Botnet Activity || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Non-Standard_IRC || url,doc.emergingthreats.net/bin/view/Main/2001620
        2001628 || ET ATTACK_RESPONSE Outbound PHP Connection || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Outbound_PHP_Fopen || url,doc.emergingthreats.net/bin/view/Main/2001628
        2002034 || ET ATTACK_RESPONSE Possible /etc/passwd via HTTP (linux style) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_etc-passwd || url,doc.emergingthreats.net/bin/view/Main/2002034
        2002809 || ET ATTACK_RESPONSE Hostile FTP Server Banner (StnyFtpd) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Malicious_FTP || url,doc.emergingthreats.net/bin/view/Main/2002809
        2002810 || ET ATTACK_RESPONSE Hostile FTP Server Banner (Reptile) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Malicious_FTP || url,doc.emergingthreats.net/bin/view/Main/2002810
        2002811 || ET ATTACK_RESPONSE Hostile FTP Server Banner (Bot Server) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Malicious_FTP || url,doc.emergingthreats.net/bin/view/Main/2002811
        2003071 || ET ATTACK_RESPONSE Possible /etc/passwd via HTTP (BSD style) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_etc-passwd || url,doc.emergingthreats.net/bin/view/Main/2003071
        2003149 || ET ATTACK_RESPONSE Possible /etc/passwd via SMTP (linux style) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_etc-passwd || url,doc.emergingthreats.net/bin/view/Main/2003149
        2003150 || ET ATTACK_RESPONSE Possible /etc/passwd via SMTP (BSD style) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_etc-passwd || url,doc.emergingthreats.net/bin/view/Main/2003150
        2003464 || ET ATTACK_RESPONSE Unusual FTP Server Banner (warFTPd) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Malicious_FTP || url,doc.emergingthreats.net/bin/view/Main/2003464 || url,www.warftp.org
        2003465 || ET ATTACK_RESPONSE Unusual FTP Server Banner (freeFTPd) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Malicious_FTP || url,doc.emergingthreats.net/bin/view/Main/2003465 || url,www.freeftp.com
        2003535 || ET ATTACK_RESPONSE r57 phpshell footer detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_PHP_Shells || url,doc.emergingthreats.net/bin/view/Main/2003535 || url,www.pestpatrol.com/spywarecenter/pest.aspx?id=453096755
        2003536 || ET ATTACK_RESPONSE r57 phpshell source being uploaded || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_PHP_Shells || url,doc.emergingthreats.net/bin/view/Main/2003536 || url,www.pestpatrol.com/spywarecenter/pest.aspx?id=453096755
        2006417 || ET ATTACK_RESPONSE Weak Netbios Lanman Auth Challenge Detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Short_Lanman_Auth_Challenge || url,doc.emergingthreats.net/bin/view/Main/2006417
        2007651 || ET ATTACK_RESPONSE x2300 phpshell detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_PHP_Shells || url,doc.emergingthreats.net/bin/view/Main/2007651 || url,www.rfxn.com/vdb.php
        2007652 || ET ATTACK_RESPONSE c99shell phpshell detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_PHP_Shells || url,doc.emergingthreats.net/bin/view/Main/2007652 || url,www.rfxn.com/vdb.php
        2007653 || ET ATTACK_RESPONSE RFI Scanner detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_PHP_Shells || url,doc.emergingthreats.net/bin/view/Main/2007653 || url,www.rfxn.com/vdb.php
        2007654 || ET ATTACK_RESPONSE C99 Modified phpshell detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_PHP_Shells || url,doc.emergingthreats.net/bin/view/Main/2007654 || url,www.rfxn.com/vdb.php
        2007655 || ET ATTACK_RESPONSE lila.jpg phpshell detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_PHP_Shells || url,doc.emergingthreats.net/bin/view/Main/2007655 || url,www.rfxn.com/vdb.php
        2007656 || ET ATTACK_RESPONSE ALBANIA id.php detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_PHP_Shells || url,doc.emergingthreats.net/bin/view/Main/2007656 || url,www.rfxn.com/vdb.php
        2007657 || ET ATTACK_RESPONSE Mic22 id.php detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_PHP_Shells || url,doc.emergingthreats.net/bin/view/Main/2007657 || url,www.rfxn.com/vdb.php
        2007715 || ET ATTACK_RESPONSE Off-Port FTP Without Banners - user || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hostile_FTP || url,doc.emergingthreats.net/bin/view/Main/2007715
        2007717 || ET ATTACK_RESPONSE Off-Port FTP Without Banners - pass || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hostile_FTP || url,doc.emergingthreats.net/bin/view/Main/2007717
        2007723 || ET ATTACK_RESPONSE Off-Port FTP Without Banners - retr || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hostile_FTP || url,doc.emergingthreats.net/bin/view/Main/2007723
        2007725 || ET ATTACK_RESPONSE Unusual FTP Server Banner on High Port (WinFtpd) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Malicious_FTP || url,doc.emergingthreats.net/bin/view/Main/2007725
        2007726 || ET ATTACK_RESPONSE Unusual FTP Server Banner on High Port (StnyFtpd) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Malicious_FTP || url,doc.emergingthreats.net/bin/view/Main/2007726
        2008556 || ET ATTACK_RESPONSE FTP CWD to windows system32 - Suspicious || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_FTP || url,doc.emergingthreats.net/bin/view/Main/2008556
        2008559 || ET ATTACK_RESPONSE Windows LMHosts File Download - Likely DNSChanger Infection || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_LMHosts_Download || url,doc.emergingthreats.net/bin/view/Main/2008559
        2008953 || ET ATTACK_RESPONSE Possible MS CMD Shell opened on local system || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Windows_Shell || url,doc.emergingthreats.net/bin/view/Main/2008953
        2009210 || ET ATTACK_RESPONSE Unusual FTP Server Banner (fuckFtpd) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Malicious_FTP || url,doc.emergingthreats.net/2009210
        2009211 || ET ATTACK_RESPONSE Unusual FTP Server Banner (NzmxFtpd) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Malicious_FTP || url,doc.emergingthreats.net/2009211

     -> Added to emerging-sid-msg.map.txt (50):
        2000345 || ET ATTACK_RESPONSE IRC - Nick change on non-std port || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Non-Standard_IRC || url,doc.emergingthreats.net/bin/view/Main/2000345
        2000346 || ET ATTACK_RESPONSE IRC - Name response on non-std port || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Non-Standard_IRC || url,doc.emergingthreats.net/bin/view/Main/2000346
        2000347 || ET ATTACK_RESPONSE IRC - Private message on non-std port || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Non-Standard_IRC || url,doc.emergingthreats.net/bin/view/Main/2000347
        2000348 || ET ATTACK_RESPONSE IRC - Channel JOIN on non-std port || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Non-Standard_IRC || url,doc.emergingthreats.net/bin/view/Main/2000348
        2000349 || ET ATTACK_RESPONSE IRC - DCC file transfer request on non-std port || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Non-Standard_IRC || url,doc.emergingthreats.net/bin/view/Main/2000349
        2000350 || ET ATTACK_RESPONSE IRC - DCC chat request on non-std port || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Non-Standard_IRC || url,doc.emergingthreats.net/bin/view/Main/2000350
        2000351 || ET ATTACK_RESPONSE IRC - channel join on non-std port || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Non-Standard_IRC || url,doc.emergingthreats.net/bin/view/Main/2000351
        2000352 || ET ATTACK_RESPONSE IRC - dns request on non-std port || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Non-Standard_IRC || url,doc.emergingthreats.net/bin/view/Main/2000352
        2000499 || ET ATTACK_RESPONSE FTP inaccessible directory access COM1 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hidden_FTP_File_Activity || url,doc.emergingthreats.net/bin/view/Main/2000499
        2000500 || ET ATTACK_RESPONSE FTP inaccessible directory access COM2 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hidden_FTP_File_Activity || url,doc.emergingthreats.net/bin/view/Main/2000500
        2000501 || ET ATTACK_RESPONSE FTP inaccessible directory access COM3 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hidden_FTP_File_Activity || url,doc.emergingthreats.net/bin/view/Main/2000501
        2000502 || ET ATTACK_RESPONSE FTP inaccessible directory access COM4 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hidden_FTP_File_Activity || url,doc.emergingthreats.net/bin/view/Main/2000502
        2000503 || ET ATTACK_RESPONSE FTP inaccessible directory access LPT1 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hidden_FTP_File_Activity || url,doc.emergingthreats.net/bin/view/Main/2000503
        2000504 || ET ATTACK_RESPONSE FTP inaccessible directory access LPT2 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hidden_FTP_File_Activity || url,doc.emergingthreats.net/bin/view/Main/2000504
        2000505 || ET ATTACK_RESPONSE FTP inaccessible directory access LPT3 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hidden_FTP_File_Activity || url,doc.emergingthreats.net/bin/view/Main/2000505
        2000506 || ET ATTACK_RESPONSE FTP inaccessible directory access LPT4 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hidden_FTP_File_Activity || url,doc.emergingthreats.net/bin/view/Main/2000506
        2000507 || ET ATTACK_RESPONSE FTP inaccessible directory access AUX || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hidden_FTP_File_Activity || url,doc.emergingthreats.net/bin/view/Main/2000507
        2000508 || ET ATTACK_RESPONSE FTP inaccessible directory access NULL || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hidden_FTP_File_Activity || url,doc.emergingthreats.net/bin/view/Main/2000508
        2001616 || ET ATTACK_RESPONSE Zone-H.org defacement notification || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Zone-h_Defacement || url,doc.emergingthreats.net/bin/view/Main/2001616
        2001620 || ET ATTACK_RESPONSE Likely Botnet Activity || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Non-Standard_IRC || url,doc.emergingthreats.net/bin/view/Main/2001620
        2001628 || ET ATTACK_RESPONSE Outbound PHP Connection || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Outbound_PHP_Fopen || url,doc.emergingthreats.net/bin/view/Main/2001628
        2002034 || ET ATTACK_RESPONSE Possible /etc/passwd via HTTP (linux style) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_etc-passwd || url,doc.emergingthreats.net/bin/view/Main/2002034
        2002809 || ET ATTACK_RESPONSE Hostile FTP Server Banner (StnyFtpd) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Malicious_FTP || url,doc.emergingthreats.net/bin/view/Main/2002809
        2002810 || ET ATTACK_RESPONSE Hostile FTP Server Banner (Reptile) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Malicious_FTP || url,doc.emergingthreats.net/bin/view/Main/2002810
        2002811 || ET ATTACK_RESPONSE Hostile FTP Server Banner (Bot Server) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Malicious_FTP || url,doc.emergingthreats.net/bin/view/Main/2002811
        2003071 || ET ATTACK_RESPONSE Possible /etc/passwd via HTTP (BSD style) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_etc-passwd || url,doc.emergingthreats.net/bin/view/Main/2003071
        2003149 || ET ATTACK_RESPONSE Possible /etc/passwd via SMTP (linux style) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_etc-passwd || url,doc.emergingthreats.net/bin/view/Main/2003149
        2003150 || ET ATTACK_RESPONSE Possible /etc/passwd via SMTP (BSD style) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_etc-passwd || url,doc.emergingthreats.net/bin/view/Main/2003150
        2003464 || ET ATTACK_RESPONSE Unusual FTP Server Banner (warFTPd) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Malicious_FTP || url,doc.emergingthreats.net/bin/view/Main/2003464 || url,www.warftp.org
        2003465 || ET ATTACK_RESPONSE Unusual FTP Server Banner (freeFTPd) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Malicious_FTP || url,doc.emergingthreats.net/bin/view/Main/2003465 || url,www.freeftp.com
        2003535 || ET ATTACK_RESPONSE r57 phpshell footer detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_PHP_Shells || url,doc.emergingthreats.net/bin/view/Main/2003535 || url,www.pestpatrol.com/spywarecenter/pest.aspx?id=453096755
        2003536 || ET ATTACK_RESPONSE r57 phpshell source being uploaded || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_PHP_Shells || url,doc.emergingthreats.net/bin/view/Main/2003536 || url,www.pestpatrol.com/spywarecenter/pest.aspx?id=453096755
        2006417 || ET ATTACK_RESPONSE Weak Netbios Lanman Auth Challenge Detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Short_Lanman_Auth_Challenge || url,doc.emergingthreats.net/bin/view/Main/2006417
        2007651 || ET ATTACK_RESPONSE x2300 phpshell detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_PHP_Shells || url,doc.emergingthreats.net/bin/view/Main/2007651 || url,www.rfxn.com/vdb.php
        2007652 || ET ATTACK_RESPONSE c99shell phpshell detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_PHP_Shells || url,doc.emergingthreats.net/bin/view/Main/2007652 || url,www.rfxn.com/vdb.php
        2007653 || ET ATTACK_RESPONSE RFI Scanner detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_PHP_Shells || url,doc.emergingthreats.net/bin/view/Main/2007653 || url,www.rfxn.com/vdb.php
        2007654 || ET ATTACK_RESPONSE C99 Modified phpshell detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_PHP_Shells || url,doc.emergingthreats.net/bin/view/Main/2007654 || url,www.rfxn.com/vdb.php
        2007655 || ET ATTACK_RESPONSE lila.jpg phpshell detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_PHP_Shells || url,doc.emergingthreats.net/bin/view/Main/2007655 || url,www.rfxn.com/vdb.php
        2007656 || ET ATTACK_RESPONSE ALBANIA id.php detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_PHP_Shells || url,doc.emergingthreats.net/bin/view/Main/2007656 || url,www.rfxn.com/vdb.php
        2007657 || ET ATTACK_RESPONSE Mic22 id.php detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_PHP_Shells || url,doc.emergingthreats.net/bin/view/Main/2007657 || url,www.rfxn.com/vdb.php
        2007715 || ET ATTACK_RESPONSE Off-Port FTP Without Banners - user || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hostile_FTP || url,doc.emergingthreats.net/bin/view/Main/2007715
        2007717 || ET ATTACK_RESPONSE Off-Port FTP Without Banners - pass || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hostile_FTP || url,doc.emergingthreats.net/bin/view/Main/2007717
        2007723 || ET ATTACK_RESPONSE Off-Port FTP Without Banners - retr || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hostile_FTP || url,doc.emergingthreats.net/bin/view/Main/2007723
        2007725 || ET ATTACK_RESPONSE Unusual FTP Server Banner on High Port (WinFtpd) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Malicious_FTP || url,doc.emergingthreats.net/bin/view/Main/2007725
        2007726 || ET ATTACK_RESPONSE Unusual FTP Server Banner on High Port (StnyFtpd) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Malicious_FTP || url,doc.emergingthreats.net/bin/view/Main/2007726
        2008556 || ET ATTACK_RESPONSE FTP CWD to windows system32 - Suspicious || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_FTP || url,doc.emergingthreats.net/bin/view/Main/2008556
        2008559 || ET ATTACK_RESPONSE Windows LMHosts File Download - Likely DNSChanger Infection || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_LMHosts_Download || url,doc.emergingthreats.net/bin/view/Main/2008559
        2008953 || ET ATTACK_RESPONSE Possible MS CMD Shell opened on local system || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Windows_Shell || url,doc.emergingthreats.net/bin/view/Main/2008953
        2009210 || ET ATTACK_RESPONSE Unusual FTP Server Banner (fuckFtpd) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Malicious_FTP || url,doc.emergingthreats.net/2009210
        2009211 || ET ATTACK_RESPONSE Unusual FTP Server Banner (NzmxFtpd) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Malicious_FTP || url,doc.emergingthreats.net/2009211

[---]     Removed non-rule lines:    [---]

     -> Removed from emerging-sid-msg.map (50):
        2000345 || ET ATTACK RESPONSE IRC - Nick change on non-std port || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Non-Standard_IRC || url,doc.emergingthreats.net/bin/view/Main/2000345
        2000346 || ET ATTACK RESPONSE IRC - Name response on non-std port || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Non-Standard_IRC || url,doc.emergingthreats.net/bin/view/Main/2000346
        2000347 || ET ATTACK RESPONSE IRC - Private message on non-std port || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Non-Standard_IRC || url,doc.emergingthreats.net/bin/view/Main/2000347
        2000348 || ET ATTACK RESPONSE IRC - Channel JOIN on non-std port || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Non-Standard_IRC || url,doc.emergingthreats.net/bin/view/Main/2000348
        2000349 || ET ATTACK RESPONSE IRC - DCC file transfer request on non-std port || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Non-Standard_IRC || url,doc.emergingthreats.net/bin/view/Main/2000349
        2000350 || ET ATTACK RESPONSE IRC - DCC chat request on non-std port || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Non-Standard_IRC || url,doc.emergingthreats.net/bin/view/Main/2000350
        2000351 || ET ATTACK RESPONSE IRC - channel join on non-std port || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Non-Standard_IRC || url,doc.emergingthreats.net/bin/view/Main/2000351
        2000352 || ET ATTACK RESPONSE IRC - dns request on non-std port || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Non-Standard_IRC || url,doc.emergingthreats.net/bin/view/Main/2000352
        2000499 || ET ATTACK RESPONSE FTP inaccessible directory access COM1 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hidden_FTP_File_Activity || url,doc.emergingthreats.net/bin/view/Main/2000499
        2000500 || ET ATTACK RESPONSE FTP inaccessible directory access COM2 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hidden_FTP_File_Activity || url,doc.emergingthreats.net/bin/view/Main/2000500
        2000501 || ET ATTACK RESPONSE FTP inaccessible directory access COM3 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hidden_FTP_File_Activity || url,doc.emergingthreats.net/bin/view/Main/2000501
        2000502 || ET ATTACK RESPONSE FTP inaccessible directory access COM4 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hidden_FTP_File_Activity || url,doc.emergingthreats.net/bin/view/Main/2000502
        2000503 || ET ATTACK RESPONSE FTP inaccessible directory access LPT1 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hidden_FTP_File_Activity || url,doc.emergingthreats.net/bin/view/Main/2000503
        2000504 || ET ATTACK RESPONSE FTP inaccessible directory access LPT2 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hidden_FTP_File_Activity || url,doc.emergingthreats.net/bin/view/Main/2000504
        2000505 || ET ATTACK RESPONSE FTP inaccessible directory access LPT3 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hidden_FTP_File_Activity || url,doc.emergingthreats.net/bin/view/Main/2000505
        2000506 || ET ATTACK RESPONSE FTP inaccessible directory access LPT4 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hidden_FTP_File_Activity || url,doc.emergingthreats.net/bin/view/Main/2000506
        2000507 || ET ATTACK RESPONSE FTP inaccessible directory access AUX || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hidden_FTP_File_Activity || url,doc.emergingthreats.net/bin/view/Main/2000507
        2000508 || ET ATTACK RESPONSE FTP inaccessible directory access NULL || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hidden_FTP_File_Activity || url,doc.emergingthreats.net/bin/view/Main/2000508
        2001616 || ET ATTACK RESPONSE Zone-H.org defacement notification || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Zone-h_Defacement || url,doc.emergingthreats.net/bin/view/Main/2001616
        2001620 || ET ATTACK RESPONSE Likely Botnet Activity || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Non-Standard_IRC || url,doc.emergingthreats.net/bin/view/Main/2001620
        2001628 || ET ATTACK RESPONSE Outbound PHP Connection || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Outbound_PHP_Fopen || url,doc.emergingthreats.net/bin/view/Main/2001628
        2002034 || ET ATTACK RESPONSE Possible /etc/passwd via HTTP (linux style) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_etc-passwd || url,doc.emergingthreats.net/bin/view/Main/2002034
        2002809 || ET ATTACK RESPONSE Hostile FTP Server Banner (StnyFtpd) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Malicious_FTP || url,doc.emergingthreats.net/bin/view/Main/2002809
        2002810 || ET ATTACK RESPONSE Hostile FTP Server Banner (Reptile) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Malicious_FTP || url,doc.emergingthreats.net/bin/view/Main/2002810
        2002811 || ET ATTACK RESPONSE Hostile FTP Server Banner (Bot Server) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Malicious_FTP || url,doc.emergingthreats.net/bin/view/Main/2002811
        2003071 || ET ATTACK RESPONSE Possible /etc/passwd via HTTP (BSD style) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_etc-passwd || url,doc.emergingthreats.net/bin/view/Main/2003071
        2003149 || ET ATTACK RESPONSE Possible /etc/passwd via SMTP (linux style) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_etc-passwd || url,doc.emergingthreats.net/bin/view/Main/2003149
        2003150 || ET ATTACK RESPONSE Possible /etc/passwd via SMTP (BSD style) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_etc-passwd || url,doc.emergingthreats.net/bin/view/Main/2003150
        2003464 || ET ATTACK RESPONSE Unusual FTP Server Banner (warFTPd) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Malicious_FTP || url,doc.emergingthreats.net/bin/view/Main/2003464 || url,www.warftp.org
        2003465 || ET ATTACK RESPONSE Unusual FTP Server Banner (freeFTPd) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Malicious_FTP || url,doc.emergingthreats.net/bin/view/Main/2003465 || url,www.freeftp.com
        2003535 || ET ATTACK RESPONSE r57 phpshell footer detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_PHP_Shells || url,doc.emergingthreats.net/bin/view/Main/2003535 || url,www.pestpatrol.com/spywarecenter/pest.aspx?id=453096755
        2003536 || ET ATTACK RESPONSE r57 phpshell source being uploaded || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_PHP_Shells || url,doc.emergingthreats.net/bin/view/Main/2003536 || url,www.pestpatrol.com/spywarecenter/pest.aspx?id=453096755
        2006417 || ET ATTACK RESPONSE Weak Netbios Lanman Auth Challenge Detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Short_Lanman_Auth_Challenge || url,doc.emergingthreats.net/bin/view/Main/2006417
        2007651 || ET ATTACK RESPONSE x2300 phpshell detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_PHP_Shells || url,doc.emergingthreats.net/bin/view/Main/2007651 || url,www.rfxn.com/vdb.php
        2007652 || ET ATTACK RESPONSE c99shell phpshell detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_PHP_Shells || url,doc.emergingthreats.net/bin/view/Main/2007652 || url,www.rfxn.com/vdb.php
        2007653 || ET ATTACK RESPONSE RFI Scanner detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_PHP_Shells || url,doc.emergingthreats.net/bin/view/Main/2007653 || url,www.rfxn.com/vdb.php
        2007654 || ET ATTACK RESPONSE C99 Modified phpshell detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_PHP_Shells || url,doc.emergingthreats.net/bin/view/Main/2007654 || url,www.rfxn.com/vdb.php
        2007655 || ET ATTACK RESPONSE lila.jpg phpshell detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_PHP_Shells || url,doc.emergingthreats.net/bin/view/Main/2007655 || url,www.rfxn.com/vdb.php
        2007656 || ET ATTACK RESPONSE ALBANIA id.php detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_PHP_Shells || url,doc.emergingthreats.net/bin/view/Main/2007656 || url,www.rfxn.com/vdb.php
        2007657 || ET ATTACK RESPONSE Mic22 id.php detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_PHP_Shells || url,doc.emergingthreats.net/bin/view/Main/2007657 || url,www.rfxn.com/vdb.php
        2007715 || ET ATTACK RESPONSE Off-Port FTP Without Banners - user || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hostile_FTP || url,doc.emergingthreats.net/bin/view/Main/2007715
        2007717 || ET ATTACK RESPONSE Off-Port FTP Without Banners - pass || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hostile_FTP || url,doc.emergingthreats.net/bin/view/Main/2007717
        2007723 || ET ATTACK RESPONSE Off-Port FTP Without Banners - retr || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hostile_FTP || url,doc.emergingthreats.net/bin/view/Main/2007723
        2007725 || ET ATTACK RESPONSE Unusual FTP Server Banner on High Port (WinFtpd) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Malicious_FTP || url,doc.emergingthreats.net/bin/view/Main/2007725
        2007726 || ET ATTACK RESPONSE Unusual FTP Server Banner on High Port (StnyFtpd) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Malicious_FTP || url,doc.emergingthreats.net/bin/view/Main/2007726
        2008556 || ET ATTACK RESPONSE FTP CWD to windows system32 - Suspicious || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_FTP || url,doc.emergingthreats.net/bin/view/Main/2008556
        2008559 || ET ATTACK RESPONSE Windows LMHosts File Download - Likely DNSChanger Infection || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_LMHosts_Download || url,doc.emergingthreats.net/bin/view/Main/2008559
        2008953 || ET ATTACK RESPONSE Possible MS CMD Shell opened on local system || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Windows_Shell || url,doc.emergingthreats.net/bin/view/Main/2008953
        2009210 || ET ATTACK RESPONSE Unusual FTP Server Banner (fuckFtpd) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Malicious_FTP || url,doc.emergingthreats.net/2009210
        2009211 || ET ATTACK RESPONSE Unusual FTP Server Banner (NzmxFtpd) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Malicious_FTP || url,doc.emergingthreats.net/2009211

     -> Removed from emerging-sid-msg.map.txt (50):
        2000345 || ET ATTACK RESPONSE IRC - Nick change on non-std port || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Non-Standard_IRC || url,doc.emergingthreats.net/bin/view/Main/2000345
        2000346 || ET ATTACK RESPONSE IRC - Name response on non-std port || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Non-Standard_IRC || url,doc.emergingthreats.net/bin/view/Main/2000346
        2000347 || ET ATTACK RESPONSE IRC - Private message on non-std port || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Non-Standard_IRC || url,doc.emergingthreats.net/bin/view/Main/2000347
        2000348 || ET ATTACK RESPONSE IRC - Channel JOIN on non-std port || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Non-Standard_IRC || url,doc.emergingthreats.net/bin/view/Main/2000348
        2000349 || ET ATTACK RESPONSE IRC - DCC file transfer request on non-std port || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Non-Standard_IRC || url,doc.emergingthreats.net/bin/view/Main/2000349
        2000350 || ET ATTACK RESPONSE IRC - DCC chat request on non-std port || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Non-Standard_IRC || url,doc.emergingthreats.net/bin/view/Main/2000350
        2000351 || ET ATTACK RESPONSE IRC - channel join on non-std port || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Non-Standard_IRC || url,doc.emergingthreats.net/bin/view/Main/2000351
        2000352 || ET ATTACK RESPONSE IRC - dns request on non-std port || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Non-Standard_IRC || url,doc.emergingthreats.net/bin/view/Main/2000352
        2000499 || ET ATTACK RESPONSE FTP inaccessible directory access COM1 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hidden_FTP_File_Activity || url,doc.emergingthreats.net/bin/view/Main/2000499
        2000500 || ET ATTACK RESPONSE FTP inaccessible directory access COM2 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hidden_FTP_File_Activity || url,doc.emergingthreats.net/bin/view/Main/2000500
        2000501 || ET ATTACK RESPONSE FTP inaccessible directory access COM3 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hidden_FTP_File_Activity || url,doc.emergingthreats.net/bin/view/Main/2000501
        2000502 || ET ATTACK RESPONSE FTP inaccessible directory access COM4 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hidden_FTP_File_Activity || url,doc.emergingthreats.net/bin/view/Main/2000502
        2000503 || ET ATTACK RESPONSE FTP inaccessible directory access LPT1 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hidden_FTP_File_Activity || url,doc.emergingthreats.net/bin/view/Main/2000503
        2000504 || ET ATTACK RESPONSE FTP inaccessible directory access LPT2 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hidden_FTP_File_Activity || url,doc.emergingthreats.net/bin/view/Main/2000504
        2000505 || ET ATTACK RESPONSE FTP inaccessible directory access LPT3 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hidden_FTP_File_Activity || url,doc.emergingthreats.net/bin/view/Main/2000505
        2000506 || ET ATTACK RESPONSE FTP inaccessible directory access LPT4 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hidden_FTP_File_Activity || url,doc.emergingthreats.net/bin/view/Main/2000506
        2000507 || ET ATTACK RESPONSE FTP inaccessible directory access AUX || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hidden_FTP_File_Activity || url,doc.emergingthreats.net/bin/view/Main/2000507
        2000508 || ET ATTACK RESPONSE FTP inaccessible directory access NULL || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hidden_FTP_File_Activity || url,doc.emergingthreats.net/bin/view/Main/2000508
        2001616 || ET ATTACK RESPONSE Zone-H.org defacement notification || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Zone-h_Defacement || url,doc.emergingthreats.net/bin/view/Main/2001616
        2001620 || ET ATTACK RESPONSE Likely Botnet Activity || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Non-Standard_IRC || url,doc.emergingthreats.net/bin/view/Main/2001620
        2001628 || ET ATTACK RESPONSE Outbound PHP Connection || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Outbound_PHP_Fopen || url,doc.emergingthreats.net/bin/view/Main/2001628
        2002034 || ET ATTACK RESPONSE Possible /etc/passwd via HTTP (linux style) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_etc-passwd || url,doc.emergingthreats.net/bin/view/Main/2002034
        2002809 || ET ATTACK RESPONSE Hostile FTP Server Banner (StnyFtpd) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Malicious_FTP || url,doc.emergingthreats.net/bin/view/Main/2002809
        2002810 || ET ATTACK RESPONSE Hostile FTP Server Banner (Reptile) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Malicious_FTP || url,doc.emergingthreats.net/bin/view/Main/2002810
        2002811 || ET ATTACK RESPONSE Hostile FTP Server Banner (Bot Server) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Malicious_FTP || url,doc.emergingthreats.net/bin/view/Main/2002811
        2003071 || ET ATTACK RESPONSE Possible /etc/passwd via HTTP (BSD style) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_etc-passwd || url,doc.emergingthreats.net/bin/view/Main/2003071
        2003149 || ET ATTACK RESPONSE Possible /etc/passwd via SMTP (linux style) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_etc-passwd || url,doc.emergingthreats.net/bin/view/Main/2003149
        2003150 || ET ATTACK RESPONSE Possible /etc/passwd via SMTP (BSD style) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_etc-passwd || url,doc.emergingthreats.net/bin/view/Main/2003150
        2003464 || ET ATTACK RESPONSE Unusual FTP Server Banner (warFTPd) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Malicious_FTP || url,doc.emergingthreats.net/bin/view/Main/2003464 || url,www.warftp.org
        2003465 || ET ATTACK RESPONSE Unusual FTP Server Banner (freeFTPd) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Malicious_FTP || url,doc.emergingthreats.net/bin/view/Main/2003465 || url,www.freeftp.com
        2003535 || ET ATTACK RESPONSE r57 phpshell footer detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_PHP_Shells || url,doc.emergingthreats.net/bin/view/Main/2003535 || url,www.pestpatrol.com/spywarecenter/pest.aspx?id=453096755
        2003536 || ET ATTACK RESPONSE r57 phpshell source being uploaded || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_PHP_Shells || url,doc.emergingthreats.net/bin/view/Main/2003536 || url,www.pestpatrol.com/spywarecenter/pest.aspx?id=453096755
        2006417 || ET ATTACK RESPONSE Weak Netbios Lanman Auth Challenge Detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Short_Lanman_Auth_Challenge || url,doc.emergingthreats.net/bin/view/Main/2006417
        2007651 || ET ATTACK RESPONSE x2300 phpshell detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_PHP_Shells || url,doc.emergingthreats.net/bin/view/Main/2007651 || url,www.rfxn.com/vdb.php
        2007652 || ET ATTACK RESPONSE c99shell phpshell detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_PHP_Shells || url,doc.emergingthreats.net/bin/view/Main/2007652 || url,www.rfxn.com/vdb.php
        2007653 || ET ATTACK RESPONSE RFI Scanner detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_PHP_Shells || url,doc.emergingthreats.net/bin/view/Main/2007653 || url,www.rfxn.com/vdb.php
        2007654 || ET ATTACK RESPONSE C99 Modified phpshell detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_PHP_Shells || url,doc.emergingthreats.net/bin/view/Main/2007654 || url,www.rfxn.com/vdb.php
        2007655 || ET ATTACK RESPONSE lila.jpg phpshell detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_PHP_Shells || url,doc.emergingthreats.net/bin/view/Main/2007655 || url,www.rfxn.com/vdb.php
        2007656 || ET ATTACK RESPONSE ALBANIA id.php detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_PHP_Shells || url,doc.emergingthreats.net/bin/view/Main/2007656 || url,www.rfxn.com/vdb.php
        2007657 || ET ATTACK RESPONSE Mic22 id.php detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_PHP_Shells || url,doc.emergingthreats.net/bin/view/Main/2007657 || url,www.rfxn.com/vdb.php
        2007715 || ET ATTACK RESPONSE Off-Port FTP Without Banners - user || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hostile_FTP || url,doc.emergingthreats.net/bin/view/Main/2007715
        2007717 || ET ATTACK RESPONSE Off-Port FTP Without Banners - pass || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hostile_FTP || url,doc.emergingthreats.net/bin/view/Main/2007717
        2007723 || ET ATTACK RESPONSE Off-Port FTP Without Banners - retr || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Hostile_FTP || url,doc.emergingthreats.net/bin/view/Main/2007723
        2007725 || ET ATTACK RESPONSE Unusual FTP Server Banner on High Port (WinFtpd) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Malicious_FTP || url,doc.emergingthreats.net/bin/view/Main/2007725
        2007726 || ET ATTACK RESPONSE Unusual FTP Server Banner on High Port (StnyFtpd) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Malicious_FTP || url,doc.emergingthreats.net/bin/view/Main/2007726
        2008556 || ET ATTACK RESPONSE FTP CWD to windows system32 - Suspicious || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_FTP || url,doc.emergingthreats.net/bin/view/Main/2008556
        2008559 || ET ATTACK RESPONSE Windows LMHosts File Download - Likely DNSChanger Infection || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_LMHosts_Download || url,doc.emergingthreats.net/bin/view/Main/2008559
        2008953 || ET ATTACK RESPONSE Possible MS CMD Shell opened on local system || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Windows_Shell || url,doc.emergingthreats.net/bin/view/Main/2008953
        2009210 || ET ATTACK RESPONSE Unusual FTP Server Banner (fuckFtpd) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Malicious_FTP || url,doc.emergingthreats.net/2009210
        2009211 || ET ATTACK RESPONSE Unusual FTP Server Banner (NzmxFtpd) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Malicious_FTP || url,doc.emergingthreats.net/2009211



More information about the Emerging-updates mailing list