TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

331

332

333

334

335

336

337

338

339

340

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

337

Signature ID: 3289

Backdoor Private port 1.0

Threat Level: Critical

Signature Description: This rule tries to detect Backdoor Private port 1.0. Backdoor Private port 1.0 is a Trojan that

opens up a backdoor program that, once installed on a system, permits unauthorized users to remotely perform a variety

of operations, such as changing the registry, executing commands, starting services, listing files, and uploading or

downloading files. Private port typically runs over port 7778 via TCP.

Signature ID: 3290

Backdoor Project next 0.5.3

Threat Level: Critical

Signature Description: Project Next, also known as BackDoor-QL, is a backdoor Trojan. It affects multiple operating

systems. It uses a client/server relationship, where the server component is installed in the victim's system and the

remote attacker has control of the client. It permits unauthorized users to remotely perform a variety of operations, such

as changing the registry, executing commands, starting services, listing files, and uploading or downloading files.

Project Next typically runs over port 32100 via TCP.

Signature ID: 3291

Backdoor Prosiak 0.65/0.70

Threat Level: Critical

Signature Description: Backdoor Prosiak 0.65/0.70 is a Trojan that opens up a backdoor program. It compromises

system integrity by making changes to the system that allow it to be used by the attacker for malicious purposes

unknown to the user. once installed on a system, it permits unauthorized users to remotely perform a variety of

operations, such as changing the registry, executing commands, starting services, listing files, and uploading or

downloading files. Prosiak typically runs from the server file "C:\WINDOWS\SYSTEM\MSJET32.EXE" over ports

800, 23, 1101, 44444, and 230 via TCP.

Signature ID: 3292

Backdoor Psychward 1.0

Threat Level: Critical

Signature Description: Backdoor Psychward 1.0 is a Trojan that opens up a backdoor program. It affects Microsoft

Windows operating systems. It uses a client/server relationship, where the server component is installed in the victim's

system and the remote attacker has control of the clientonce installed on a system, it permits unauthorized users to

remotely perform a variety of operations, such as changing the registry, executing commands, starting services, listing

files, and uploading or downloading files. Psychward typically runs over ports 3777, 13013, and 13014 via TCP.

Signature ID: 3293

Backdoor Qwertos RAT 0.2

Threat Level: Critical

Signature Description: This rule tries to detect Backdoor Qwertos RAT 0.2. This is a Trojan that opens up a backdoor

program. Qwertos, also known as Latinus, and it is affecting Microsoft Windows operating systems. It uses a

client/server relationship, where the server component is installed in the victim's system and the remote attacker has

control of the client. once installed on a system, it permits unauthorized users to remotely perform a variety of

operations, such as changing the registry, executing commands, starting services, listing files, and uploading or

downloading files. Qwertos typically runs from the server file "C:\WINDOWS\msHtml.exe" over ports 11831 via TCP.