TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
323
Signature ID: 3207
Net Raider BackDoor detection
Threat Level: Severe
Signature Description: A backdoor is a program used for bypassing normal authentication, securing remote access to a
computer while attempting to remain undetected. Netraider is a backdoor Trojan affecting Microsoft Windows family
of operating systems. The backdoor uses a client-server relationship, where the server component is installed in the
victim's system and the remote attacker has control of the client. Netraider uses the default TCP port 57341 to allow the
client system to connect. Net Raider typically runs from the server file "C:\WINDOWS\Rsrcnrs.exe".
Signature ID: 3208
NetSpy BackDoor detection
Threat Level: Critical
Signature Description: A backdoor is a program used for bypassing normal authentication, securing remote access to a
computer while attempting to remain undetected. Net Spy Backdoor is a backdoor program that permits unauthorized
users to remotely execute Windows or DOS commands, view files on the host computer, retrieve system information,
send messages that appear on the host system's screen. The NetSpy backdoor disguises itself as a security program
called 'SysProtect'. This backdoor typically listens on TCP port 7306.
Signature ID: 3209
NetController BackDoor detection
Threat Level: Critical
Signature Description: A backdoor is a program used for bypassing normal authentication, securing remote access to a
computer while attempting to remain undetected. NetController, also known as Backdoor.NetController and
Backdoor.NetController.108, is a backdoor affecting Microsoft Windows family of operating systems. The backdoor
uses a client-server relationship, where the server component is installed in the victim's system and the remote attacker
has control of the client. The server attempts to open a port, typically TCP port 6969, to allow the client system to
connect. Netcontroller typically runs from the server file "C:\WINDOWS\System.exe".
Signature ID: 3210
Net Taxi BackDoor detection
Threat Level: Severe
Signature Description: A backdoor is a program used for bypassing normal authentication, securing remote access to a
computer while attempting to remain undetected. Net Taxi, also known as NetTaxi.18, is a backdoor Trojan affecting
Microsoft Windows family of operating systems. The backdoor uses a client-server relationship, where the server
component is installed in the victim's system and the remote attacker has control of the client. NetTaxi typically listens
on TCP port 142, for the client system to connect. NetTaxi typically runs from the server file
"C:\WINDOWS\System\OLEsrvName.exe".
Signature ID: 3211
Net Trash BackDoor detection
Threat Level: Severe
Signature Description: A backdoor is a program used for bypassing normal authentication, securing remote access to a
computer while attempting to remain undetected. Net Trash is a Trojan which is written in Visual Basic and executes
on all versions of Microsoft Windows Operating Systems. The backdoor uses a client-server relationship, where the
server component is installed in the victim's system and the remote attacker has control of the client. This backdoor
allows the attacker to do some malicious actions like key logging, directory operations, allocating amount of RAM etc.,
This Trojan horse also has components to spread using peer-to-peer file sharing, Microsoft Outlook, and IRC. By
default, the Trojan uses TCP ports 23005 and 23006, but this is configurable. NetTrash has multiple variations,
including NetTrash 1.0, NetTrash 1.01, NetTrash 1.0b, and NetTrash xs 1.b.