TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
304
Signature ID: 3099
Cow Backdoor for Windows 9x detection
Threat Level: Warning
Signature Description: 'Trojan cow' 1.0, also known as 'Backdoor.Cow' or 'Cow backdoor' is a Trojan that once
installed on a system, permits unauthorized remote users to manage files, manage programs, alter the user interface,
shutdown windows, etc. Trojan Cow typically operates from the server file "C:\WINDOWS\Syswindow.exe" over port
2001 via TCP. This trojan is known to be used on Microsoft, Windows 9x/ME/NT/2000/XP based systems.
Signature ID: 3100
Backdoor DeltaSource for Windows
Threat Level: Severe
Signature Description: Backdoor DeltaSource is a Trojan that opens up a backdoor program. It affects all Microsoft
Windows versions. once it installed on a system, it permits unauthorized users to remotely ping, manipulate programs,
snoop irc traffic, manipulate the user interface, etc. DeltaSource typically runs on port 47262 via UDP.This signature
detects UDP traffic to common Delta Source ports.
Signature ID: 3101
Doly Backdoor for Windows detection
Threat Level: Severe
Signature Description: A backdoor is a program used for bypassing normal authentication, securing remote access to a
computer while attempting to remain undetected. Doly is a backdoor for Windows 9x and NT systems that allows
remote attackers to connect to the infected computer over the Internet and log your keystrokes, start an FTP server,
capture your screen, and shut down or reboot the infected computer.
Signature ID: 3102
Fore Backdoor For Windows 9x
Threat Level: Information
Signature Description: A backdoor is a program used for bypassing normal authentication, securing remote access to a
computer while attempting to remain undetected. Fore backdoor performs standard backdoor functions that include
execution of programs, retrieval of system information, restarting the computer, retrieval of Dial-Up Networking
accounts and passwords, creation, retrieval, and manipulation of files using a built-in FTP server, opening and closing
of CD-ROM drive. Fore typically uses TCP ports 50766 and 21.
Signature ID: 3103
Backdoor Frenzy 1.0.1/2000 detection
Threat Level: Critical
Signature Description: A backdoor is a program used for bypassing normal authentication, securing remote access to a
computer while attempting to remain undetected. The Frenzy backdoor allows a remote attacker to perform actions like
opening and closing the CD-ROM tray, making the computer beep, hiding the task bar, moving the mouse pointer, and
restarting the computer.
Signature ID: 3104
HackersParadise Backdoor detection
Threat Level: Information
Signature Description: A backdoor is a program used for bypassing normal authentication, securing remote access to a
computer while attempting to remain undetected. The Hacker's Paradise backdoor can allow a user to access files on
hard drives, manipulate the appearance of the desktop, and retrieve the RAS passwords (Only on Windows NT based
systems). This backdoor is know to infect Windows 9x/NT/2000/XP/2003 based systems.