TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
350
Grisch client, an attacker could execute malicious actions including obtain system information, obtain passwords,
record keystrokes, and view the clipboard.
Signature ID: 3404
Backdoor Duddie
Threat Level: Severe
Signature Description: Duddie Trojan is a really dangerous and destructive backdoor trojan, which usually sneaks into
the system through various suspicious internet resources or simply as an attachment from suspicious email letters. Once
install on PC, this pest tries to provide the hacker with a remote access to the machine and, in case of success, gives the
attacker the ability of stealing user's password, uploading other malware, changing system setting etc. Duddie typically
runs from the server file "C:\WINDOWS\WDBYLG.EXE" over port 2001 via TCP.
Signature ID: 3405
Backdoor Maverick's Matrix
Threat Level: Warning
Signature Description: Matrix(Maverick) is RAT and backdoor Mavericks matrix 1.0 is a Trojan. Remote
Administration Tool(RAT) is a software application which provides an attacker with capability to control your
computer system remotely whenever you are online. The attacker can perform operations such as file adding/deleting,
files transfers, Capturing screenshot, etc. Attacker may use captured computer for different personal needs such as to
send malicious attacks.Mavericks Matrix typically runs over port 1269 via TCP.
Signature ID: 3406
Backdoor Meet The Lamer 1.0
Threat Level: Critical
Signature Description: This rule tries to detect the Backdoor Meet The Lamer. Meet the Lamer is a backdoor program
created by Viz0r that consists of two parts, a server and a client. The server component of Meet the Lamer is installed
on a computer that is going to be accessed by an attacker. During the installation, Meet the Lamer copies the files,
mtl.exe and winpatch.exe, to the Windows System folder and creates a Registry key to ensure it is run on startup, once
installed on a system, permits unauthorized users to remotely perform a variety of operations, such as changing the
registry, executing commands, starting services, listing files, and uploading or downloading files. This backdoor
typically runs over port 1025 via TCP.
Signature ID: 3407
Backdoor Net Devil
Threat Level: Severe
Signature Description: This rule tries to detect the Backdoor Net Devil . Net-Devil is a backdoor Trojan written in
Delphi affecting Microsoft Windows operating systems. The backdoor uses a client/server relationship, where the
server component is installed in the victim's system and the remote attacker has control of the client. The server
attempts to open a port, typically TCP ports 901, 902, 903, and 6667, to allow the client system to connect. Net-Devil
could allow a remote attacker to gain unauthorized access to the system.
Signature ID: 3408
Backdoor One 0.1
Threat Level: Severe
Signature Description: This rule tries to detect Backdoor One 0.1. Backdoor One is a trojan written in Delphi that
affects Microsoft Windows operating systems. The backdoor uses a client/server relationship, where the server
component is installed in the victim's system and the remote attacker has control of the client. The server attempts to
open a port, typically TCP ports 402, 202, 212, 299, 401, 201, 211, and 1001 to allow the client system to connect.
Backdoor One 0.1 could allow a remote attacker to gain unauthorized access to the system.