TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
345
Signature ID: 3333
Backdoor Helios 3.1
Threat Level: Critical
Signature Description: Backdoor Helios 3.1 is a backdoor program that affects Microsoft Windows Operating System.
The backdoor uses a client/server relationship, where the server component is installed in the victim's system and the
remote attacker has control of the client. The server attempts to open a port, typically TCP port 3737 to allow the client
system to connect. Once installed on a system, permits unauthorized users to remotely perform a variety of operations,
such as changing the registry, executing commands, starting services, listing files, and uploading or downloading files.
Administrators are advised to close the port 3737 for external users.
Signature ID: 3351
Backdoor Acid battery
Threat Level: Critical
Signature Description: Backdoor Acid Battery also known as Backdoor.AcidBattery, Backdoor/Acid.Server,
BackDoor-DE, Bck/Acid.1_0, Win32.AcidBattery.10 and Win32/AcidBattery trojan is a trojan that opens up a
backdoor program that, once installed on a system, permits unauthorized users to remotely alter the user interface,
manage files, take screen shots, etc. Acid Battery typically runs over port 32418 via TCP. This attack could pose a
serious security threat. Administrators are advised to take immediate action to stop any damage or prevent further
damage from happening.
Signature ID: 3352
Alvgus Backdoor detection
Threat Level: Critical
Signature Description: A backdoor is a method of bypassing normal authentication, securing remote access to a
computer, obtaining access to plain text, etc. while attempting to remain undetected. Alvgus, also known as
Backdoor.Alvgus.a or Trojan.PSW.TFC, is a backdoor affecting Microsoft Windows family of operating systems.
Alvgus uses a client-server relationship, where the server component is installed in the victim's system and the remote
attacker has control of the client. The server attempts to open a port, typically TCP/UDP port 27184, to allow the client
system to connect. Alvgus could allow a remote attacker to gain unauthorized control of the system.
Signature ID: 3353
Backdoor AOL Admin
Threat Level: Critical
Signature Description: Backdoor AOL Admin is a backdoor Trojan affecting Microsoft Windows operating systems. It
spreads by manual installation. When executed, AOL Admin copies its backdoor server to the Windows System
directory as "dat92003.exe". It modifies the system registry so that the backdoor server runs when Windows starts up.
The backdoor server opens TCP port 30029 on the victim machine by default. AOL Admin includes features that
specifically exploit AOL Instant Messenger (AIM) and AOL Mail. A remote attacker can use the AOL Admin client to
gain control of the victim system. They can then remotely monitor and control AIM traffic, hijack AOL accounts, send
mail, chat, and edit files, among other operations.
Signature ID: 3354
Backdoor Asylum 1.0/1.3
Threat Level: Critical
Signature Description: Backdoor Asylum helps an attacker to upload and execute files on the host and restart the
computer. Asylum is distributed with an "edit server" program that allows the attacker to customize the backdoor server
to run on arbitrary ports, TCP 23432 by default and use combinations of startup methods, making it difficult to identify
and remove from an infected host. To remove a default installation of Asylum from your computer open