TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
331
infected PC. This signature detects when an attacker responses to a client system. The successful exploitation of this
issue can allow an attacker to remotely change passwords, transfer files. Drat runs on TCP port 48.
Signature ID: 3252
Backdoor DTr 1.4
Threat Level: Severe
Signature Description: DTr is backdoor Trojan that affects Microsoft Windows Operating Systems. It copies itself to
the windows and System directories. The DTr backdoor listens on TCP port 10001 to allow the client system to
connect. This signature detects when an attacker send the pattern 'DTr'. The successful exploitation of this issue will
allow an attacker to execute malicious actions, such as obtain system information, modify the system configuration,
restart the system, and copy/Delete/Rename files.
Signature ID: 3253
Backdoor Duddie 2.0 Vulnerability
Threat Level: Severe
Signature Description: Duddie Trojan is a dangerous and destructive backdoor Trojan. It sneaks into the system
through various suspicious internet resources or simply as an attachment from suspicious e-mail letters. This signature
detects when an attacker sent commands from the Duddie 2.0 client. The successful exploitation of this issue will allow
an attacker to stealing user's passwords, uploading other malware, changing system settings. This signature detects on
TCP port 2002.
Signature ID: 3254
Backdoor Duddie 3.1 Vulnerability
Threat Level: Severe
Signature Description: Duddie Trojan is a dangerous and destructive backdoor Trojan. It sneaks into the system
through various suspicious internet resources or simply as an attachment from suspicious e-mail letters. This signature
detects when an attacker sent commands from the Duddie 2.0 client. The successful exploitation of this issue will allow
an attacker to stealing user's passwords, uploading other malware, changing system settings. This signature detects on
TCP port 2001.
Signature ID: 3255
Backdoor Duddie Vulnerability
Threat Level: Severe
Signature Description: Duddie Trojan is a dangerous and destructive backdoor Trojan. It sneaks into the system
through various suspicious internet resources or simply as an attachment from suspicious e-mail letters. Duddie uses
TCP ports 1026 and 1560 to allow the client system to connect. This signature detects when an attacker sent commands
from the Duddie 2.0 client. The successful exploitation of this issue will allow an attacker to stealing user's passwords,
uploading other malware, changing system settings.
Signature ID: 3256
Backdoor EventHorizon
Threat Level: Critical
Signature Description: EventHorizon is a backdoor program that affects Microsoft Windows Operating Systems. Once
the EventHorizon server is launched, it copies itself to the windows directory as Explorer.exe. The EventHorizon
backdoor listens on TCP port 4488 for a remote client to connect. Once connected, an attacker can begin sending
commands to the host system. The successful exploitation of this issue will allow an attacker to execute arbitrary
programs, hijack passwords and manipulate the current user's Windows session.