TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

301

302

303

304

305

306

307

308

309

310

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

302

seeing applications on the task bar. This trojan affects only Windows 3.x and Windows 9X. This signature detects use

of a hard coded password in the trojan.

Signature ID: 3068

PC Anywhere TCP

Threat Level: Information

Nessus: 10794

Signature Description: PcAnywhere is a pair of computer programs by Symantec which allows a user of the

pcAnywhere remote program on a computer to connect to a personal computer running the pcAnywhere host if both are

connected to the internet or the same LAN and the password is known. pcAnywhere runs on several platforms,

including Microsoft Windows, Linux, Mac OS X, and Pocket PC. This service could be targeted by an attacker to

partially take the control of the remote system. An attacker can obtain the credentials necessary to log in through a

brute force attack or by other means. The attacker may then use it to steal your mail password, etc. or prevent you from

working properly.

Signature ID: 3088

Backdoor AOL Admin for Windows

Threat Level: Warning

Industry ID: CVE-1999-0660

Signature Description: The AOL Admin backdoor is one of many backdoor programs that attackers can use to access

your Windows 9x and NT computer system without your knowledge or consent. With the AOL Admin backdoor, an

attacker can execute programs, delete files, send Instant Messages to an AOL user, monitor Instant Messages that you

receive and send email from your AOL account.

Signature ID: 3091

Backdoor Backdoor2.03 for Windows

Threat Level: Severe

Signature Description: Backdoor Backdoor2.03 is a poorly written trojan horse for Windows 9x/NT. This trojan horse

allows a number of remote operations to be performed on the infected hosts and poses a significant threat. By default

this backdoor runs on port 1999.

Signature ID: 3092

Biggluck Backdoor for Windows

Threat Level: Warning

Signature Description: The Biggluck backdoor infects Windows 9x, NT, XP, 2000, 2003 systems and allows attackers

to retrieve Dial-Up Networking accounts and their passwords via a remote telnet connection to the system.

Signature ID: 3093

Blazer 5 Backdoor for Windows

Threat Level: Warning

Industry ID: CVE-2001-0876 Bugtraq: 3723 Nessus: 11765

Signature Description: 'Blazer5', which is also known as 'Trojan Sockets.cli' or 'Backdoor.Kamikaze', is a Trojan that

once installed on a system, permits unauthorized users to remotely perform a variety of operations, such as changing

the registry, executing commands, starting services, listing files, and uploading or downloading files. Blazer5 operates

from the server file "C:\WINDOWS\SYSTEM\MSchv32.exe" over port 5000 via TCP. This backdoor operates on

Microsoft Windows 9X, NT, XP, 2000, 2003 server operating systems.