TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
329
operations, such as changing the registry, executing commands, starting services, listing files, and uploading or
downloading files. Administrators are advised to close the port 54321 for external users.
Signature ID: 3242
Backdoor SubSeven 2.1
Threat Level: Critical
Nessus: 10409
Signature Description: Backdoor Subseven 2.1 is a backdoor program that affects Microsoft Windows Operating
System. The backdoor uses a client/server relationship, where the server component is installed in the victim's system
and the remote attacker has control of the client. The server attempts to open a port, typically TCP port 27374 to allow
the client system to connect. Once installed on a system, permits unauthorized users to remotely perform a variety of
operations, such as changing the registry, executing commands, starting services, listing files, and uploading or
downloading files. Administrators are advised to close the port 27374 for external users.
Signature ID: 3243
Backdoor Trojan Spirit 2001 1.2
Threat Level: Severe
Signature Description: Backdoor Trojan Spirit 2001 1.2 is a backdoor program that affects Microsoft Windows
Operating System. The backdoor uses a client/server relationship, where the server component is installed in the
victim's system and the remote attacker has control of the client. The server attempts to open a port, typically TCP port
29980 to allow the client system to connect. Once installed on a system, permits unauthorized users to remotely
perform a variety of operations, such as changing the registry, executing commands, starting services, listing files, and
uploading or downloading files. Administrators are advised to close the port 29980 for external users.
Signature ID: 3244
Backdoor X-zt00 1.0
Threat Level: Severe
Signature Description: Backdoor X-zt00 1.0 is a backdoor program that affects Microsoft Windows Operating System.
The backdoor uses a client/server relationship, where the server component is installed in the victim's system and the
remote attacker has control of the client. The server attempts to open a port, typically TCP port 5600 to allow the client
system to connect. Once installed on a system, permits unauthorized users to remotely perform a variety of operations,
such as changing the registry, executing commands, starting services, listing files, and uploading or downloading files.
Administrators are advised to close the port 5600 for external users.
Signature ID: 3245
Backdoor The Thing 1.1
Threat Level: Severe
Signature Description: Backdoor The Thing 1.1 is a backdoor program that affects Microsoft Windows Operating
System. The backdoor uses a client/server relationship, where the server component is installed in the victim's system
and the remote attacker has control of the client. The server attempts to open a port, typically TCP port 6400 to allow
the client system to connect. Once installed on a system, permits unauthorized users to remotely perform a variety of
operations, such as Upload files, execute programs, move/copy/delete files, and restart the computer. Administrators
are advised to close the port 6400 for external users.
Signature ID: 3246
Backdoor AcidDrop 1.0
Threat Level: Severe
Signature Description: Backdoor AcidDrop 1.0 is a backdoor program that affects Microsoft Windows Operating
System. The backdoor uses a client/server relationship, where the server component is installed in the victim's system