TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
320
operating systems. The backdoor uses a client/server relationship, where the server component is installed in the
victim's system and the remote attacker has control of the client. The server attempts to open a port, typically TCP port
2600, to allow the client system to connect. Digital Rootbeer could allow a remote attacker to gain unauthorized access
to the system. Aliases include BackDoor-PR and Backdoor.Rootbeer
Signature ID: 3190
BackDoor DOLY 1.6/1.7
Threat Level: Critical
Signature Description: Doly Trojan is a backdoor RAT Trojan software that allows an attacker to control other people's
computers by the Internet and execute a number of command without the user's knowledge or consent. By default this
trojan runs over port 1016 via TCP.<br>The attacker can do any one of these log victim keystrokes, start an FTP server
on victim system, capture an image of victim screen, shut down or restart victim's system.Microsoft Windows 2000,
Windows 95, Windows 98, Windows Me, Windows NT 4.0 and Windows XP are affected by this vulnerability.
Signature ID: 3191
BackDoor Leszcz
Threat Level: Critical
Signature Description: Backdoor Leszcz is a Trojan that opens up a backdoor program that, once installed on a system,
permits unauthorized users to remotely perform a variety of operations, such as changing the registry, executing
commands, starting services, listing files, and uploading or downloading files. Leszcz typically operates from the server
file "C:\WINDOWS\VIVA.EXE" over ports 1983 and 1984 via TCP.
Signature ID: 3192
BackDoor Lithium
Threat Level: Severe
Signature Description: Backdoor Lithium is a Trojan that opens up a backdoor program that, once installed on a
system, permits unauthorized users to remotely perform a variety of operations, such as changing the registry,
executing commands, starting services, listing files, and uploading or downloading files. The backdoor uses a
client/server relationship, where the server component is installed in the victim's system and the remote attacker has
control of the client. The server attempts to open a port, typically TCP port 31415, to allow the client system to
connect.
Signature ID: 3193
Lithium BackDoor detection
Threat Level: Severe
Signature Description: A backdoor is a method of bypassing normal authentication, securing remote access to a
computer, obtaining access to plain text, etc. while attempting to remain undetected. Lithium, also known as
BackDoor-YQ, TROJ_LITH and Troj/Bdoor-YQ, is a backdoor Trojan affecting Microsoft Windows family of
operating systems. The backdoor uses a client-server relationship, where the server component is installed in the
victim's system and the remote attacker has control of the client. The server attempts to open a port, typically TCP port
31416 or UDP port 31416, to allow the client system to connect. The Lithium backdoor permits unauthorized users to
remotely perform a variety of operations such as : changing the registry, executing commands, starting services, listing
files, and uploading or downloading files.
Signature ID: 3194
BackDoor M2 Trojan
Threat Level: Critical
Signature Description: Backdoor M2 Trojan 1.25 is a backdoor program that affects Microsoft Windows Operating
System. The backdoor uses a client/server relationship, where the server component is installed in the victim's system