TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

311

312

313

314

315

316

317

318

319

320

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

319

Signature ID: 3184

BackDoor CONNECTION

Threat Level: Critical

Signature Description: The Connection backdoor is one of many backdoor programs that attackers can use to access

your computer system without your knowledge or consent. With the Connection backdoor, an attacker can view the

contents of the file system and display cached passwords. By default, this backdoor opens a TCP port on 60411.

Affected platforms are Microsoft Windows 95 and Windows 98.

Signature ID: 3185

BackDoor Crack Down

Threat Level: Severe

Signature Description: BackDoor Crack Down is a backdoor trojan written for Windows Operating System. Once

installed, it opens a backdoor and enables remote attackers to perform malicious actions including Capture screenshots,

Manage files, Chat, Log keystrokes, Open and close the CD-ROM tray, Send messages. By default, the Crackdown

server monitors Transmission Control Protocol (TCP) port 4444.

Signature ID: 3186

BackDoor Crazzy Net

Threat Level: Critical

Signature Description: Crazzynet is a backdoor Trojan that infects vulnerable Microsoft Windows operating systems.

Once a system is infected, the backdoor places a server on TCP port 17499, which allows a remote client to connect

and perform malicious actions including obtain passwords, modify and retrieve system settings, record keystrokes,

upload and download files, and execute files

Signature ID: 3187

BackDoor CYN

Threat Level: Critical

Signature Description: BackDoor CYN is a backdoor Trojan written in Visual Basic that affects Microsoft Windows

operating systems. The backdoor uses a client/server relationship, where the server component is installed in the

victim's system and the remote attacker has control of the client. The server attempts to open a port, typically UDP/TCP

port 113 to allow the client system to connect. Cyn could allow a remote attacker to gain unauthorized access and gain

complete control of the system. Aliases include Backdoor.Antilam.g1, Backdoor.Cyn.101, Backdoor.Cyn.102,

Backdoor.Cyn.103, Backdoor.Cyn.12.a, Backdoor.Cyn.121 and Backdoor.Cyn.20, and Cyn_Trojan

Signature ID: 3188

BackDoor DFch Grisch 0.1 beta 2

Threat Level: Critical

Signature Description: BackDoor DFCH Grisch is a backdoor Trojan that infects vulnerable Microsoft Windows

operating systems. Once the DFCH Grisch server is launched, it copies itself to the Windows directory as Iosyss.exe. It

monitors Transmission Control Protocol (TCP) port 16661 for an incoming connection from the attacker. Registry

auto-run keys are added so that the Trojan server part is executed whenever Windows restarts. Through the DFCH

Grisch client, an attacker could execute malicious actions including obtain system information, obtain passwords,

record keystrokes, and view the clipboard.

Signature ID: 3189

BackDoor Digital Root Beer

Threat Level: Critical

Signature Description: BackDoor Digital RootBeer is a backdoor Trojan affecting Microsoft Windows 95 and 98