TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

331

332

333

334

335

336

337

338

339

340

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

334

Signature ID: 3272

Backdoor Hydroleak

Threat Level: Critical

Signature Description: Backdoor Hydroleak is a Trojan that opens up a backdoor program that, once installed on a

system, permits unauthorized users to remotely perform a variety of operations, such as changing the registry,

executing commands, starting services, listing files, and uploading or downloading files. Hydroleak typically runs from

the server file "C:\WINDOWS\msmachine.exe" over port 954 via TCP.

Signature ID: 3273

Backdoor InCommand 1.0/1.1/1.2/1.3/1.4

Threat Level: Severe

Signature Description: Trojan/Backdoor/RAT/Incommand.10 is trojan. A Trojans or Trojan Horse is any programs that

installs itself secretly, quite often with sinister intent. Once installed, the trojan author (hacker) can gain complete

control of the infected PC. Trojans are usually designed to steal sensitive information and/or destroy the system.

Trojans can be distributed as unsolicited email attachments, or bundled with freeware and shareware programs.

InCommand typically runs over ports 9400, 9401, and 9402 via TCP.

Signature ID: 3275

Backdoor Intruzzo

Threat Level: Severe

Signature Description: The Intruzzo backdoor is one of many backdoor programs that attackers can use to access your

computer system without your knowledge or consent. The Intruzzo backdoor program allows a remote attacker to take

control of an infected Windows computer and includes the ability to notify an attacker of successful infection over the

ICQ instant messaging network. Once notified, the attacker can then use a special client that operates over TCP ports

22784, 1984 or 2418 to connect to the system and perform a number of functions such as communicate with the victim

via message boxes and chat windows, browse the file system, manipulate system tasks and programs, retrieve stored

passwords

Signature ID: 3276

Backdoor Konik 0.6b

Threat Level: Severe

Signature Description: Konik, also known as Backdoor.Konik.06b and Backdoor.Konik.07b, is a backdoor Trojan

written in Visual Basic affecting Microsoft Windows operating systems. The backdoor uses a client/server relationship,

where the server component is installed in the victim's system and the remote attacker has control of the client. The

server attempts to open a port, typically TCP port 23321, to allow the client system to connect. Konik could allow a

remote attacker to gain unauthorized access to the system.

Signature ID: 3278

Backdoor Last2000

Threat Level: Severe

Signature Description: Backdoor Last2000 is a Trojan that opens up a backdoor program that, once installed on a

system, permits unauthorized users to remotely perform a variety of operations, such as changing the registry,

executing commands, starting services, listing files, and uploading or downloading files. It also known as BackDoor-

KG and Backdoor.Last2000, which is derived from Singularity written in C++ affecting Microsoft Windows operating

systems. The backdoor uses a client/server relationship, where the server component is installed in the victim's system

and the remote attacker has control of the client. It runs from the server file

C:\WINDOWS\SYSTEM\RUNVXD32.EXE" over ports 1122, 7788, 1415, and 2000 via TCP, as well as 1122 and

7788 via UDP.