TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
281
Signature ID: 2066
SMTP Client [Novarg Worm]
Threat Level: Information
Signature Description: The Novarg worm (also known as Mydoom) infects systems through email attachments and p2p
file sharing. The targets are all win32 computers. Once infected the worm installs a backdoor, allowing an attacker
remote access to the system. It also uses its own SMTP engine to send out email messages. This rule will trigger when
the packet contains pattern 'message.zip'.
Signature ID: 2067
SMTP Client [Novarg Worm]
Threat Level: Information
Signature Description: This rule get hits when the packet contains pattern 'document.zip'. The Novarg worm (also
known as Mydoom) infects systems through email attachments and p2p file sharing. The targets are all win32
computers. Once infected the worm installs a backdoor, allowing an attacker remote access to the system. It also uses
its own SMTP engine to send out email messages.
Signature ID: 2068
SMTP Client [Novarg Worm]
Threat Level: Information
Signature Description: The Novarg worm (also known as Mydoom) infects systems through email attachments and p2p
file sharing. The targets are all win32 computers. Once infected the worm installs a backdoor, allowing an attacker
remote access to the system. It also uses its own SMTP engine to send out email messages. This rule will trigger when
the packet has pattern 'readme.zip'.
Signature ID: 2069
SMTP Client [Novarg Worm]
Threat Level: Information
Signature Description: This signature will trigger when packet has pattern 'doc.bat'. The Novarg worm (also known as
Mydoom) infects systems through email attachments and p2p file sharing. The targets are all win32 computers. Once
infected the worm installs a backdoor, allowing an attacker remote access to the system. It also uses its own SMTP
engine to send out email messages.
Signature ID: 2070
SMTP Client [Novarg Worm]
Threat Level: Information
Signature Description: The Novarg worm (also known as Mydoom) infects systems through email attachments and p2p
file sharing. The targets are all win32 computers. Once infected the worm installs a backdoor, allowing an attacker
remote access to the system. It also uses its own SMTP engine to send out email messages. This event get hits when
packet has pattern 'hello.cmd'.
Signature ID: 2071
SMTP Client [Novarg Worm]
Threat Level: Information
Signature Description: This rule get hits when packet has pattern 'data.txt.exe'. The Novarg worm (also known as
Mydoom) infects systems through email attachments and p2p file sharing. The targets are all win32 computers. Once
infected the worm installs a backdoor, allowing an attacker remote access to the system. It also uses its own SMTP
engine to send out email messages.