I have an interesting observation. The signature Soulseek Client Login has triggered quite often when the victims address is a Nachi infected machine.
The signature is triggered when the attackers port is 135 and the victims port is TCP port 2234 or 2240.
Has any one else on the list seen this?
Perhaps some one could try explaining why signature is triggered.
What is the regular expression looking for in the signature?