TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

331

332

333

334

335

336

337

338

339

340

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

333

files to operate on a target system. Gift installs the server on victim system and when Gift is activated, it sends a

notification to the attacker and starts to listen on TCP port 10100 for specific commands coming from the Gift client.

Backdoor.Gift provides the attacker with the ability to perform malicious actions like Download files, Fake a destroyed

hard drive, Get cached passwords etc.

Signature ID: 3264

Backdoor Glacier 2.2/3.0

Threat Level: Severe

Signature Description: Backdoor Glacier is a Trojan that opens up a backdoor program that, once installed on a system,

permits unauthorized users to remotely perform a variety of operations, such as changing the registry, executing

commands, starting services, listing files, and uploading or downloading files. Glacier typically runs from the server

files "C:\WINDOWS\SYSTEM\KERNEL32.EXE" and "C:\WINDOWS\SYSTEM\SYSEXPLR.EXE" over port 7626

via TCP.

Signature ID: 3266

Hack-a'tack Backdoor detection

Threat Level: Severe

Signature Description: A backdoor is a method of bypassing normal authentication, securing remote access to a

computer, obtaining access to plain text, etc. while attempting to remain undetected. Hack-a'tack is a backdoor program

infecting Microsoft windows family of operating systems. With the Hack'a'Tack backdoor, an attacker can move and

close windows on the host system's desktop, start an FTP server on the infected computer, log the keystrokes, shut

down the infected computer, execute programs on the host system. Hack-a-Tack typically runs over ports 31785 and

31787 via TCP, as well as ports 31789 and 31791 via UDP. This signature detects traffic on UDP port 31791.

Signature ID: 3267

Backdoor Hackers world 2.0.3

Threat Level: Severe

Signature Description: Backdoor Hackers world 2.0.3 is a Trojan that opens up a backdoor program that, once installed

on a system, permits unauthorized users to remotely perform a variety of operations, such as changing the registry,

executing commands, starting services, listing files, and uploading or downloading files. This backdoor typically runs

on port 1243 via TCP.

Signature ID: 3268

Backdoor Hellz addiction 1.20e

Threat Level: Critical

Signature Description: Backdoor Hellz addiction 1.20e is a Trojan that opens up a backdoor program.The backdoor

uses a client/server relationship, where the server component is installed in the victim's system and the remote attacker

has control of the client. once installed on a system it permits unauthorized users to remotely perform a variety of

operations, such as changing the registry, executing commands, starting services, listing files, and uploading or

downloading files. Hellz Addiction typically operates over port 12122 via TCP.

Signature ID: 3269

Backdoor Host control 2.5

Threat Level: Information

Signature Description: Backdoor Host control 2.5 is a Trojan that opens up a backdoor program that, once installed on

a system, permits unauthorized users to remotely manage processes, log keystrokes, alter the user interface, etc. Host

Control typically runs over ports 10528, 11051, and 15092 via TCP.