TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
328
Signature ID: 3235
Backdoor Guptachar 2.0
Threat Level: Severe
Signature Description: Guptachar is a remote administration tool which runs its own web server. It has various features
like browsing files, uploading files, executing programs, logging keys, shutting down and restarting, etc., The web
server can run on port 80 or 8081. Administrators are advised to close the port 8081 for external users.
Signature ID: 3237
Backdoor Infra Trojan
Threat Level: Severe
Industry ID: CVE-1999-0660
Signature Description: Backdoor Infra Trojan is a backdoor program that affects Microsoft Windows Operating
System. The backdoor uses a client/server relationship, where the server component is installed in the victim's system
and the remote attacker has control of the client. The server attempts to open a port, typically TCP port 9999 to allow
the client system to connect. Once installed on a system, permits unauthorized users to remotely perform a variety of
operations, such as communicate with the victim using message boxes and chat windows, execute arbitrary program
files, manipulate the current Windows session, or reboot the system. Administrators are advised to close the port 9999
for external users.
Signature ID: 3239
Backdoor Michal 5.00
Threat Level: Critical
Signature Description: Backdoor Michal 5.00 is a backdoor program that affects Microsoft Windows Operating
System. The backdoor uses a client/server relationship, where the server component is installed in the victim's system
and the remote attacker has control of the client. The server attempts to open a port, typically TCP port 12345 to allow
the client system to connect. Once installed on a system, permits unauthorized users to remotely perform a variety of
operations, such as changing the registry, executing commands, starting services, listing files, and uploading or
downloading files. Administrators are advised to close the port 12345 for external users. This rule will drop the session
when the packet have pattern 'Michal 5.00'.
Signature ID: 3240
Backdoor Network Terrorist 1.31
Threat Level: Severe
Signature Description: Backdoor Network Terrorist 1.31 is a backdoor program that affects Microsoft Windows
Operating System. The backdoor uses a client/server relationship, where the server component is installed in the
victim's system and the remote attacker has control of the client. The server attempts to open a port, typically TCP port
785 to allow the client system to connect. Once installed on a system, permits unauthorized users to remotely perform a
variety of operations, such as changing the registry, executing commands, starting services, listing files, and uploading
or downloading files. Administrators are advised to close the port 785 for external users. This rule will trigger when an
attacker can send the pattern 'USER'.
Signature ID: 3241
Backdoor PC Invader 1.0
Threat Level: Severe
Signature Description: Backdoor PC Invader 1.0 is a backdoor program that affects Microsoft Windows Operating
System. The backdoor uses a client/server relationship, where the server component is installed in the victim's system
and the remote attacker has control of the client. The server attempts to open a port, typically TCP port 54321 to allow
the client system to connect. Once installed on a system, permits unauthorized users to remotely perform a variety of