TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
321
and the remote attacker has control of the client. The server attempts to open a port, typically TCP port 41626 to allow
the client system to connect. Once installed on a system, permits unauthorized users to remotely perform a variety of
operations, such as changing the registry, executing commands, starting services, listing files, and uploading or
downloading files. Administrators are advised to close the port 41626 for external users.
Signature ID: 3195
Mantis BackDoor detection
Threat Level: Severe
Signature Description: Mantis is a backdoor Trojan affecting Microsoft Windows family of operating systems. Mantis
backdoor is a Trojan that permits unauthorized users to remotely perform a variety of operations. This is accomplished
through a server component which can be controlled remotely by the attacker using a client on the remote system. This
backdoor is known to be used against Microsoft windows family of operating systems. Mantis typically listens on TCP
port 30700.
Signature ID: 3196
Massaker BackDoor detection
Threat Level: Severe
Signature Description: A backdoor is a program used for bypassing normal authentication, securing remote access to a
computer while attempting to remain undetected. Massaker is a backdoor Trojan that allows complete access to the
infected computer. This Trojan attempts to terminate the processes of multiple security products. The Microsoft Visual
Basic run-time libraries must be installed on the computer for Massaker to execute as it is written in the Microsoft
Visual Basic programming language. It is compressed using the Ultimate Packer for eXecutables (UPX) format. By
default, Massaker listens on port 7119.
Signature ID: 3198
Millenium Backdoor detection
Threat Level: Critical
Signature Description: A backdoor is a program used for bypassing normal authentication, securing remote access to a
computer while attempting to remain undetected. The Millenium backdoor for Windows lets a remote attacker spy on
user activities log keystrokes, capture an image of the screen, execute programs, send messages that appear on the
victim's screen. This Trojan is known to infect Windows 9x/NT systems. Millenium typically runs over ports 20000
and 20001 via TCP.
Signature ID: 3199
Mini Oblivion BackDoor detection
Threat Level: Warning
Signature Description: Backdoor Mini oblivion 0.1 is a Trojan that opens up a backdoor program that, once installed
on a system, permits unauthorized users to remotely log keystrokes, capture an image of the host system's screen,
execute programs on the host system, send messages to the host system that appear on it's screen. Mini Oblivion
typically runs from the server file "C:\WINDOWS\msload32.exe" over port 7826 via TCP.
Signature ID: 3200
MNEAH BackDoor detection
Threat Level: Severe
Signature Description: A backdoor is a program used for bypassing normal authentication, securing remote access to a
computer while attempting to remain undetected. Mneah is a backdoor Trojan affecting Microsoft Windows family of
operating systems. The backdoor uses a client/server relationship, where the server component is installed in the
victim's system and the remote attacker has control of the client. The server attempts to open TCP port 5401, 5402 or