TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

341

342

343

344

345

346

347

348

349

350

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

349

4523, to allow the client system to connect. Celine could allow a remote attacker to gain unauthorized access to the

system.

Signature ID: 3372

Backdoor Cero b1

Threat Level: Severe

Signature Description: Backdoor Cero, is a backdoor Trojan written in Visual Basic, affecting Microsoft Windows 95,

98, and Me. Cero uses a client/server relationship, where the server component is installed in the victim's system and

the remote attacker has control of the client. Cero is normally stored in the Windows registry under

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. The server attempts to open a

port, TCP 4653, allowing the client system to connect. Cero contains an edit server that allows the server to send

notification to an instant messenger when an infected computer comes online. Cero could allow a remote attacker to

gain unauthorized access to the system.

Signature ID: 3373

Backdoor B.F. evolution

Threat Level: Critical

Signature Description: Backdoor B.F Evolution is a Trojan written in Visual Basic that opens up a backdoor program

that, once installed on a system, permits unauthorized users to remotely monitor desktop activity, monitor/corrupt

network traffic, edit files, etc. B.F. Evolution runs over ports 1066, 1095, 1097, 1098, or 1099(default) via TCP. B.F.

Evolution, also known as B.F.Evolution 5.3.12, Backdoor.HVL-Rat.5312, Backdoor.HVL-Rat.5312.b, and Blood Fest

Evolution

Signature ID: 3400

DeepThroat Backdoor detection

Threat Level: Severe

Signature Description: A backdoor is a method of bypassing normal authentication, securing remote access to a

computer, obtaining access to plain text, etc. while attempting to remain undetected. DeepThroat 2.1 is a backdoor for

Windows family of Operating Systems. On an infected system, an attacker can access files and the system registry,

execute programs, open a Web browser to a URL, open and close CD-ROM drive, start and stop an FTP server, send

messages that appear on the screen and retrieve cached passwords.

Signature ID: 3401

BackDoor Danton 2.1

Threat Level: Severe

Signature Description: Danton is a backdoor Trojan that infects vulnerable Microsoft Windows operating systems.

Once the Danton server is launched, it copies itself to the Windows System directory as server.exe. It monitors TCP

port 6969 for an incoming connection from the attacker. Registry auto-run keys are added so that the Trojan server part

is executed whenever Windows restarts. Through the Danton client, an attacker can perform malicious actions

including Open or close the CD-ROM tray, Obtain system information, Capture the screen, Record keystrokes, Access

the registry, Upload and execute files.

Signature ID: 3403

BackDoor DFch Grisch 0.1 beta 1

Threat Level: Critical

Signature Description: BackDoor DFch Grisch 0.1 is a backdoor Trojan that infects vulnerable Microsoft Windows

operating systems. Once the DFCH Grisch server is launched, it copies itself to the Windows directory as Iosyss.exe. It

monitors Transmission Control Protocol (TCP) port 16661 for an incoming connection from the attacker. Registry

auto-run keys are added so that the Trojan server part is executed whenever Windows restarts. Through the DFCH