TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

331

332

333

334

335

336

337

338

339

340

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

340

Signature ID: 3304

Backdoor Ripperz controller 1.1

Threat Level: Severe

Signature Description: Ripperz is a backdoor Trojan that infects Windows operating systems. It has a client-server

architecture. The client is used by the attacker to exploit a system and the server is installed on a victim machine. This

rule tries to detect Backdoor Ripperz Controller 1.1. This is a Trojan that opens up a backdoor program that, once

installed on a system, permits unauthorized users to remotely perform a variety of operations, such as changing the

registry, executing commands, starting services, listing files, and uploading or downloading files. By default, this

backdoor runs over port 666 via TCP.

Signature ID: 3305

Backdoor Ruler 1.41

Threat Level: Critical

Signature Description: This rule tries to detect Backdoor Ruler 1.41. This is a Trojan that opens up a backdoor program

that, once installed on a system, permits unauthorized users to remotely perform a variety of operations, such as

changing the registry, executing commands, starting services, listing files, and uploading or downloading files. Ruler

typically runs from the server file "C:\WINDOWS\Windll.exe" over port 22222 via TCP.

Signature ID: 3307

Backdoor Scarab 1.2

Threat Level: Severe

Signature Description: Scarab is a German backdoor Trojan affecting Microsoft Windows operating systems. The

backdoor uses a client/server relationship, where the server component is installed in the victim's system and the remote

attacker has control of the client. This rule tries to detect Backdoor Ruler 1.41. This is a Trojan that opens up a

backdoor program that, once installed on a system, permits unauthorized users to remotely perform a variety of

operations, such as changing the registry, executing commands, starting services, listing files, and uploading or

downloading files. Ruler typically runs from the server file "C:\WINDOWS\Windll.exe" over port 22222 via TCP.

Signature ID: 3308

Backdoor SchneckenKorn

Threat Level: Critical

Signature Description: This rule tries to detect Backdoor SchneckenKorn. This is a Trojan that opens up a backdoor

program that, once installed on a system, permits unauthorized users to remotely disable firewalls, crash the system,

manage files, manage processes, deactivate the keyboard, etc. SchneckenKorn typically runs from the server file

"C:\WINDOWS\WINSYS32.EXE" over ports 1218 and 1219 via TCP.

Signature ID: 3309

Backdoor School bus 1.60

Threat Level: Severe

Signature Description: This rule tries to detect Backdoor School bus 1.60. This is a Trojan that opens up a backdoor

program that, once installed on a system, permits unauthorized users to remotely perform a variety of operations, such

as changing the registry, executing commands, starting services, listing files, and uploading or downloading files.

School Bus typically runs over port 54321 via TCP.

Signature ID: 3310

Backdoor Tcc trojan 0.90

Threat Level: Severe

Signature Description: This rule tries to detect Backdoor Tcc trojan 0.90. This is a Trojan that opens up a backdoor