TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

331

332

333

334

335

336

337

338

339

340

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

332

Signature ID: 3257

Backdoor Executor Vulnerability

Threat Level: Critical

Signature Description: Executor is also known as BackDoor-LM, Backdoor.Excecutor.a, Backdoor.Excecutor.b,

Backdoor.Executor.a, Executor and Executor Controller, is a backdoor Trojan affecting Microsoft Windows operating

systems. The backdoor uses a client/server relationship, where the server component is installed in the victim's system

and the remote attacker has control of the client. The server attempts to open a port, typically TCP port 80, to allow the

client system to connect. Executor could allow a remote attacker to gain unauthorized access to the system.

Signature ID: 3259

Backdoor File Nail Vulnerability

Threat Level: Severe

Industry ID: CVE-1999-0660

Signature Description: File Nail is also known as Nail, Backdoor.Nail or RAT. This is a software application which

provides an attacker with the capability to control computer system remotely whenever in online. This signature detects

when an attacker sent request by the File Nail backdoor client. This successful exploitation can allow an attacker to

adding or deleting files, transfer files, capturing screenshot. File Nail runs over port 4567 via TCP.

Signature ID: 3260

Backdoor Frenzy 2000 v3/v4

Threat Level: Critical

Signature Description: Frenzy backdoor is one of many backdoor program that affects Microsoft Windows Operating

System. And the attackers can access computer system without knowledge or consent. This signature detects when an

attacker send the 'icg' pattern. The successful exploitation of this issue can allow an attacker to hide the taskbar and

restart the system via TCP port 12043.

Signature ID: 3261

Backdoor G-Spot tight 1.5 Vulnerability

Threat Level: Critical

Industry ID: CVE-1999-0660

Signature Description: G-Spot Tight is a backdoor Trojan that infects vulnerable Microsoft Windows operating

systems. It downloads software from the internet. It may automatically install software without asking for permission.

This signature detects when an attacker sent commands from a G-spot Tight client to G-Spot Tight server via TCP port

52978. The successful exploitation can allow an attacker to gain unauthorized access to the system or execute arbitrary

commands.

Signature ID: 3262

Backdoor Ghost 2.2/2.3 Vulnerability

Threat Level: Critical

Signature Description: Ghost is a software product from Symantec that can copy the entire contents of a hard disk to

another computer's hard disk or to storage media, automatically formatting and partitioning the target disk. Backdoor

Ghost 2.2 is a Trojan that opens up a backdoor program that, once installed on a system, permits unauthorized users to

remotely log keystrokes, alter the user interfaces and gain complete control of the system via TCP port 9696 or 9697.

Signature ID: 3263

Backdoor Gift 2.5

Threat Level: Severe

Signature Description: Backdoor Gift, is a Visual Basic backdoor Trojan. It requires imgedit.ocx and the VB6 runtime