TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

301

302

303

304

305

306

307

308

309

310

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

305

Signature ID: 3105

HVL-RAT backdoor (BF Evolution) for Windows detection

Threat Level: Warning

Signature Description: The 'HVL-RAT' backdoor, which is also known as 'B.F.Evolution', allows remote attackers to

take control of a user's America Online session. It also streams audio from the microphone on the infected system to the

attacker and allows for reboot or shut down the infected machine. Most of its features are based on AOL, such as

spying in chat rooms and reading instant messages of users on affected systems. When HVL-RAT starts, it sends an e-

mail to rattest@yahoo.com giving away the IP address, and the AOL username and password on the infected system.

This backdoor is known to infect Windows 9X/NT/2000/XP/2003 based system.

Signature ID: 3106

Maverick's Matrix Backdoor detection

Threat Level: Severe

Signature Description: A backdoor is a program used for bypassing normal authentication, securing remote access to a

computer while attempting to remain undetected. Backdoor Mavericks matrix 1.0 is a Trojan that permits unauthorized

users to remotely perform a variety of operations including access files on the infected computer, retrieve passwords,

start and stop an FTP server on the infected system. Mavericks Matrix typically runs over port 1269 via TCP and is

known to infect Windows 9x based systems.

Signature ID: 3108

Netmonitor Backdoor detection

Threat Level: Warning

Signature Description: NetMonitor is a backdoor for Windows 9x/NT that allows an attacker to have remote access to

the file system, registry, and desktop of an infected system. In addition to these functions, the program also allows an

attacker to send messages to the console and shut down the infected system.

Signature ID: 3109

PhaseZero Backdoor detection

Threat Level: Warning

Signature Description: A backdoor is a program used for bypassing normal authentication, securing remote access to a

computer while attempting to remain undetected. Phase Zero is a backdoor having the ability to upload and to

download files to the host computer using FTP, execute programs, delete and move files, and read and write to the

registry. There is also a 'Trash Server' function that will delete all files from your Windows system directory. Phase

Zero runs on Windows 95, 98, and Windows NT. This signature detects traffic destined to TCP port 505.

Signature ID: 3110

PhaseZero Backdoor detection

Threat Level: Severe

Signature Description: A backdoor is a program used for bypassing normal authentication, securing remote access to a

computer while attempting to remain undetected. Phase Zero is a backdoor having the ability to upload and to

download files to the host computer using FTP, execute programs, delete and move files, and read and write to the

registry. There is also a 'Trash Server' function that will delete all files from your Windows system directory. Phase

Zero runs on Windows 95, 98, and Windows NT. This signature detects traffic destined to TCP port 555.

Signature ID: 3111

Progenic Backdoor detection

Threat Level: Severe

Signature Description: A backdoor is a program used for bypassing normal authentication, securing remote access to a