TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
339
Signature ID: 3299
Backdoor Remote hack 1.3
Threat Level: Critical
Signature Description: This rule tries to detect Backdoor Remote Hack 1.2. This is a Trojan that opens up a backdoor
program that, once installed on a system, permits unauthorized users to remotely shutdown windows, alter the user
interface, control FTP access, etc. It affects Microsoft Windows operating systems. Remote Hack uses a client/server
relationship, where the server component is installed in the victim's system and the remote attacker has control of the
client. It typically runs from the server file "C:\WINDOWS\norton.exe" over port 1588 via TCP.
Signature ID: 3300
Backdoor Remote hack 1.3
Threat Level: Critical
Signature Description: This rule tries to detect Backdoor Remote Hack 1.2. This is a Trojan that opens up a backdoor
program that, once installed on a system, permits unauthorized users to remotely shutdown windows, alter the user
interface, control FTP access, etc. It affects Microsoft Windows operating systems. Remote Hack uses a client/server
relationship, where the server component is installed in the victim's system and the remote attacker has control of the
client. It typically runs from the server file "C:\WINDOWS\norton.exe" over port 1480 via TCP.
Signature ID: 3301
Backdoor Remote process monitor 1.0
Threat Level: Critical
Signature Description: Backdoor Remote process monitor 1.0 is a Trojan that opens up a backdoor program that, once
installed on a system, permits unauthorized users to remotely view and terminate processes. Remote Process Monitor
typically runs over port 7307 via TCP. Remote Process Explorer allows monitoring all local and remote processes
through a single user interface, accessing vital information about processes such as Process ID, Parent PID, Priority,
Handles, Threads, and much more, in real-time. The product displays complete information about every local and
remote process, including owner information, CPU time and memory consumption, path to executable file, and much
more.
Signature ID: 3302
Backdoor Remote revise 1.0/1.15
Threat Level: Severe
Signature Description: Remote Revise is a Polish backdoor Trojan affecting Microsoft Windows operating systems.
Remote Revise uses a client/server relationship, where the server component is installed in the victim's system and the
remote attacker has control of the client. The server attempts to open a port, typically TCP port 4545, to allow the client
system to connect. Remote Revise could allow a remote attacker to gain unauthorized access to the system, and also
performs variety of operations, such as changing the registry, executing commands, starting services, listing files, and
uploading or downloading files. It typically runs from the server file "c:\WINDOWS\SYSTEM\systray32c.exe".
Signature ID: 3303
Revenger Backdoor detection
Threat Level: Critical
Signature Description: A backdoor is a method of bypassing normal authentication, securing remote access to a
computer, obtaining access to plain text, etc. while attempting to remain undetected. This signature detects Backdoor
Revenger 1.0. Revenger is a backdoor affecting Microsoft Windows family of operating systems. Revenger uses a
client-server relationship, where the server component is installed in the victim's system and the remote attacker has
control of the client. This backdoor program permits unauthorized users to remotely alter the user interface, corrupt
system files, manage files, etc. Revenger typically operates on TCP port 58850.