TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
347
Backdoor.BasicHell.10, MultiDropper-CO, and TrojanDropper.Win32.Multibinder.141, is a trojan written in Visual
Basic affecting Microsoft Windows operating systems. The backdoor uses a client/server relationship, where the server
component is installed in the victim's system and the remote attacker has control of the client. The server attempts to
open a port, typically TCP port 60666, to allow the client system to connect. This trojan once installed on a system,
permits unauthorized users to remotely run applications, extract passwords, and reboot the system. Basic Hell runs
from the server file C:\WINDOWS\SYSTEM\BHS.EXE over port 60666 via TCP. This attack could pose a serious
security threat. You should take immediate action to stop any damage or prevent further damage from happening.
Signature ID: 3360
Backdoor BDDT
Threat Level: Severe
Signature Description: Backdoor BDDT is a backdoor Trojan written in Delphi affecting Microsoft Windows operating
systems. The backdoor uses a client/server relationship, where the server component is installed in the victim's system
and the remote attacker has control of the client. The server attempts to open a port, typically TCP port 31887 to allow
the client system to connect. Once installed on a system, it permits unauthorized users to remotely perform a variety of
operations, such as changing the registry, executing commands, starting services, listing files, and uploading or
downloading files. The BDDT Client operates over ports 32000 and 1025. The server runs from files
"C:\WINDOWS\SYSTEM\JOJO.EXE" and "C:\WINDOWS\SYSTEM\MSRUN.EXE". This attack could pose a
serious security threat. You should take immediate action to stop any damage or prevent further damage from
happening.
Signature ID: 3361
Backdoor Bigorna
Threat Level: Severe
Signature Description: Backdoor Bigorna also known as BackDoor-VF and Backdoor.Bigorna.10, is a backdoor trojan
affecting Microsoft Windows operating systems. The backdoor uses a client/server relationship, where the server
component is installed in the victim's system and the remote attacker has control of the client. The server attempts to
open a TCP port (by default 6969) to allow the client system to connect. This backdoor once installed on a system,
permits unauthorized users to remotely perform a variety of operations, such as changing the registry, executing
commands, starting services, listing files, and uploading or downloading files. Bigorna operates from the server file
"C:\WINDOWS\WINBIOS.EXE". This attack could pose a serious security threat. You should take immediate action
to stop any damage or prevent further damage from happening.
Signature ID: 3363
Backdoor Bla 4.0
Threat Level: Severe
Signature Description: Backdoor Bla is a trojan that captures passwords affecting Microsoft Windows operating
systems. The backdoor uses a client/server relationship, where the server component is installed in the victim's system
and the remote attacker has control of the client. The server attempts to open a port, typically TCP port 666 or TCP
ports 22456 or 22457 (BLA 4.0), to allow the client system to connect. It may install with variable names in variable
locations and difficult to detect after installation. BLA will allow a remote attacker to gain unauthorized access to the
system. Backdoor.Bla is also called with different names like Backdoor.BLA.51, Backdoor.BLA.51.b,
Backdoor.BLA.53 and Trojan.PSW.Blaver.a. Use an up-to-date antivirus program to determine if the target computer is
host to a backdoor program. It may install with variable names in variable locations.
Signature ID: 3364
Backdoor Black angel
Threat Level: Severe
Signature Description: Backdoor Black angel is a backdoor Trojan affecting Microsoft Windows operating systems.
Black Angel uses a client/server relationship, where the server component is installed in the victim's system and the