TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
322
4666, to allow the client system to connect and remotely extract ICQ login info, manage files, monitor processes, etc.
Mneah could allow a remote attacker to gain unauthorized access to the system.
Signature ID: 3202
Mosucker Backdoor detection
Threat Level: Severe
Signature Description: A backdoor is a program used for bypassing normal authentication, securing remote access to a
computer while attempting to remain undetected. Mosucker is a backdoor Trojan that is written in Visual Basic,
affecting Microsoft Windows 98, 95, and possibly other versions of Windows operating systems. The backdoor uses a
client-server relationship, where the server component is installed in the victim's system and the remote attacker has
control of the client. The server attempts to open TCP ports to allow the client system to connect. Mosucker contains a
key logger option that captures passwords. The backdoor can disable personal firewalls and antivirus software.
Mosucker typically runs from the server file "c:\WINDOWS\unin0686.exe" over ports 1026, 1037, 4288, and 16484
via TCP.
Signature ID: 3204
Mosucker BackDoor detection
Threat Level: Severe
Signature Description: A backdoor is a program used for bypassing normal authentication, securing remote access to a
computer while attempting to remain undetected. Mosucker 2.0/3.00 is a backdoor that is written in Visual Basic,
affecting Microsoft Windows 98, 95, and possibly other versions of Windows operating systems. The backdoor uses a
client-server relationship, where the server component is installed in the victim's system and the remote attacker has
control of the client. The server attempts to open a port, typically TCP port 20005 to allow the client system to connect.
Mosucker contains a key logger option that captures passwords. The backdoor can disable personal firewalls and
antivirus software. Administrators are advised to close the port 20005 for external users.
Signature ID: 3205
Net Administrator BackDoor detection
Threat Level: Severe
Signature Description: A backdoor is a program used for bypassing normal authentication, securing remote access to a
computer while attempting to remain undetected. Net Administrator is a backdoor that affects Microsoft Windows
family of operating systems. The backdoor uses a client-server relationship, where the server component is installed in
the victim's system and the remote attacker has control of the client. The server attempts to open a port, typically TCP
port 555, to allow the client system to connect. Net Administrator could allow a remote attacker to gain unauthorized
access to the system.
Signature ID: 3206
Net Metropolitan BackDoor detection
Threat Level: Severe
Signature Description: A backdoor is a program used for bypassing normal authentication, securing remote access to a
computer while attempting to remain undetected. Net Metropolitan, also known as NetMetro.a or NetMetro.b, is a
backdoor written in Visual Basic that affects Microsoft Windows family of operating systems. Net Metropolitan uses a
client-server relationship, where the server component is installed in the victim's system and the remote attacker has
control of the client. The server attempts to open a port, typically TCP port 5031 or 5033, to allow the client system to
connect. Net Metropolitan contains a key logger to capture passwords.