TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

331

332

333

334

335

336

337

338

339

340

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

336

the victim's system and the remote attacker has control of the client. Latinus typically runs from the server file

"c:\WINDOWS\msHtml.exe" over ports 11831, 21957 and 29559 via TCP.

Signature ID: 3284

Backdoor Le guardien

Threat Level: Critical

Signature Description: Backdoor Le guardien is a Trojan that opens up a backdoor program. It is written in Visual

Basic 6 affecting Microsoft Windows operating systems.once installed on a system, permits unauthorized users to

remotely perform a variety of operations, such as changing the registry, executing commands, starting services, listing

files, and uploading or downloading files. Le Guardien typically operates over port 1001 via TCP.

Signature ID: 3285

Backdoor Phoenix 1.28/2.0

Threat Level: Critical

Signature Description: This rule tries to detect Backdoor Phoenix 1.28/2.0. Backdoor Phoenix is a Trojan that opens up

a backdoor program.It affects Microsoft Windows operating systems. The backdoor uses a client/server relationship,

where the server component is installed in the victim's system and the remote attacker has control of the client. when

once it is installed on a system, it permits unauthorized users to remotely perform a variety of operations, such as

changing the registry, executing commands, starting services, listing files, and uploading or downloading files. Phoenix

typically runs over port 7410 via TCP.

Signature ID: 3286

Backdoor Pitfall

Threat Level: Critical

Signature Description: This rule tries to detect backdoor Pitfall. Backdoor Pitfall is a Trojan that opens up a backdoor

program that, once installed on a system, permits unauthorized users to remotely perform a variety of operations, such

as changing the registry, executing commands, starting services, listing files, and uploading or downloading files. It

affects Microsoft Windows operating systems. By default this backdoor runs over port 1991 via TCP. Pitfall has

multiple variations, Pitfall 1.0, Pitfall 2.0, Pitfall 2.1, Pitfall Armlock, and Pitfall Surprise.

Signature ID: 3287

Backdoor Prayer 1.2/1.3

Threat Level: Severe

Signature Description: This rule tries to detect Backdoor Prayer 1.2/1.3. Backdoor Prayer is a Trojan that opens up a

backdoor program. It affects Microsoft Windows operating systems. It uses a client/server relationship, where the

server component is installed in the victim's system and the remote attacker has control of the client. once it installed on

a system, permits unauthorized users to remotely manage files, log keystrokes, control modem, control processes, etc.

Prayer typically runs from the server file "c:\dlls32.exe" over ports 23, 2716, 2754, and 9999 via TCP.

Signature ID: 3288

Backdoor Priority

Threat Level: Critical

Signature Description: This rule tries to detect Backdoor Priority. Backdoor Priority is a Trojan that opens up a

backdoor program. It affects Microsoft Windows operating systems. The backdoor uses a client/server relationship,

where the server component is installed in the victim's system and the remote attacker has control of the client. Once

installed on a system, it permits unauthorized users to remotely initiate ping floods, disconnect internet services, alter

the user interface, etc. Priority typically runs over ports 6969 and 16969 via TCP.