TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
341
program that, once installed on a system, permits unauthorized users to remotely perform a variety of operations, such
as changing the registry, executing commands, starting services, listing files, and uploading or downloading files. Tcc
Trojan typically runs over ports 1833, 1834, 1835, 1836, and 1837 via TCP.
Signature ID: 3312
The unexplained Backdoor detection
Threat Level: Critical
Signature Description: A backdoor is a method of bypassing normal authentication, securing remote access to a
computer, obtaining access to plain text, etc. while attempting to remain undetected. The Unexplained backdoor is one
of many backdoor programs that attackers can use to access your computer system without your knowledge or consent.
With the Unexplained backdoor, an attacker can remotely ping, upload and download files, execute programs, delete
files, restart your computer. The Unexplained backdoor operates over UDP port 29891.
Signature ID: 3313
Backdoor Tron
Threat Level: Severe
Signature Description: Backdoor Tron is a backdoor program that affects Microsoft Windows Operating System. The
backdoor uses a client/server relationship, where the server component is installed in the victim's system and the remote
attacker has control of the client. The server attempts to open a port, typically TCP port 58008 to allow the client
system to connect. Once installed on a system, permits unauthorized users to remotely perform a variety of operations,
such as changing the registry, executing commands, starting services, listing files, and uploading or downloading files.
Administrators are advised to close the port 58008 for external users.
Signature ID: 3314
Backdoor Ullysse
Threat Level: Critical
Signature Description: This rule tries to detect Backdoor Ullysse. This is a Trojan that opens up a backdoor program
that, once installed on a system, permits unauthorized users to remotely perform a variety of operations, such as
changing the registry, executing commands, starting services, listing files, and uploading or downloading files. Ullysse
typically runs from the server file "C:\Windows\System\Kernel.exe". By default Ullysse runs over port 1981 via TCP.
Signature ID: 3315
Backdoor Undetected 2.3/3.1/3.2/3.3
Threat Level: Critical
Signature Description: This rule tries to detect Backdoor Undetected. Backdoor Undetected is a Trojan that opens up a
backdoor program that, once installed on a system, permits unauthorized users to remotely perform a variety of
operations, such as changing the registry, executing commands, starting services, listing files, and uploading or
downloading files. Undetected typically runs over port 777 via TCP
Signature ID: 3316
Backdoor Uploader
Threat Level: Critical
Signature Description: This rule tries to detect Backdoor Uploader. Backdoor Uploader is a Trojan that opens up a
backdoor program that, once installed on a system, permits unauthorized users to remotely perform a variety of
operations, such as changing the registry, executing commands, starting services, listing files, and uploading or
downloading files. Uploader typically runs from the server file "C:\WINDOWS\myfile.exe" over port 2040 via TCP