TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
326
Signature ID: 3226
Pest 1.0 BackDoor detection
Threat Level: Severe
Signature Description: A backdoor is a program used for bypassing normal authentication, securing remote access to a
computer while attempting to remain undetected. This signature detects Pest 1.0 backdoor. Pest 1.0 is a backdoor
Trojan affecting Microsoft Windows family of operating systems. Pest 1.0 uses a client-server relationship, where the
server component is installed in the victim's system and the remote attacker has control of the client. Pest 1.0 is a
Trojan backdoor that permits unauthorized users to remotely manage files, change boot parameters, alter the user
interface, steal MSN passwords, etc. Pest typically runs from the server file "C:\WINDOWS\SYSTEM\winregse.exe"
and listens on TCP ports 11831 and 29559.
Signature ID: 3227
BioNet BackDoor detection
Threat Level: Critical
Signature Description: A backdoor is a program used for bypassing normal authentication, securing remote access to a
computer while attempting to remain undetected. Backdoor Bionet 4.00.03 BE is a backdoor program for Microsoft
Windows family of Operating System that is designed to accept commands from a remote location. It uses server and
client mechanism to accept the commands. The server is installed in stealth mode in victim's machine and accepts
commands from remote client on TCP port 12349. The unauthenticated user can perform operations like record
passwords, manipulate files on your computer, change the date or time, play sounds, change screen colors and
resolution,etc. Administrators are advised to close port 12349 for external users.
Signature ID: 3228
Blade Runner BackDoor detection
Threat Level: Critical
Signature Description: A backdoor is a program used for bypassing normal authentication, securing remote access to a
computer while attempting to remain undetected. BladeRunner 0.80a is a backdoor Trojan that affects Microsoft
Windows family of operating systems. The backdoor uses a client-server relationship, where the server component is
installed in the victim's system and the remote attacker has control of the client. The server attempts to open a port,
typically TCP port 21, 5400, 5401 or 5402 to allow the client system to connect. BladeRunner could allow a remote
attacker to gain unauthorized access and gain complete control of the system. Administrators are advised to close ports
5400 to 5402 for external users.
Signature ID: 3229
Butt Man BackDoor detection
Threat Level: Severe
Signature Description: A backdoor is a program used for bypassing normal authentication, securing remote access to a
computer while attempting to remain undetected. Butt Man 0.9 is a backdoor program that affects Microsoft Windows
family of Operating System. The backdoor uses a client-server relationship, where the server component is installed in
the victim's system and the remote attacker has control of the client. The server attempts to open a port, typically TCP
port 12624 to allow the client system to connect. Once installed on a system, the backdoor permits unauthorized users
to create gateway connections, edit files/registry, etc., Administrators are advised to close port 12624 for external users.
Signature ID: 3230
Cruel Intentionz Administrator backdoor detection
Threat Level: Critical
Signature Description: A backdoor is a program used for bypassing normal authentication, securing remote access to a
computer while attempting to remain undetected. The author's intended name for this remote access trojan is Cruel