TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
354
Signature ID: 3427
Backdoor NOK NOK 5.0
Threat Level: Severe
Signature Description: This rule tries to detect Backdoor NokNok 5.0. Backdoor NokNok 5.0 is a Trojan that opens up
a backdoor program that, once installed on a system, permits unauthorized users to remotely perform a variety of
operations, such as changing the registry, executing commands, starting services, listing files, and uploading or
downloading files. NokNok typically runs over port 5400 via TCP.
Signature ID: 3428
BackDoor Satanz 1.0-2.0
Threat Level: Severe
Signature Description: Satans Backdoor 1.0-2.0, also known as Satanz Backdoor, is one of many backdoor programs
that attackers can use to access your computer system without your knowledge or consent. With the Satans Backdoor,
an attacker can retrieve your dialup username and password information.This is a Trojan that opens up a backdoor
program that, once installed on a system, permits unauthorized users to remotely perform a variety of operations, such
as changing the registry, executing commands, starting services, listing files, and uploading or downloading files.
Satanz Backdoor typically runs over port 666 via TCP.
Signature ID: 3429
Bla 2.0/4.0 BackDoor detection
Threat Level: Severe
Signature Description: A backdoor is a method of bypassing normal authentication, securing remote access to a
computer, obtaining access to plain text, etc. while attempting to remain undetected. Backdoor Bla is a Trojan that
captures passwords affecting Microsoft Windows family operating systems. The backdoor uses a client-server
relationship, where the server component is installed in the victim's system and the remote attacker has control of the
client. The server attempts to open a port, typically TCP ports 666, 22456 (BLA 4.0) or 22457 (BLA 4.0), to allow the
client system to connect. BLA could allow a remote attacker to gain unauthorized access to the system. BLA is also
known as Backdoor.BLA, Backdoor.BLA.51, Backdoor.BLA.51.b, Backdoor.BLA.53 and Trojan.PSW.Blaver.a.
Signature ID: 3430
Backdoor KidTerror
Threat Level: Severe
Signature Description: Kid Terror is a backdoor Trojan affecting Microsoft Windows operating systems. Kid Terror
uses a client/server relationship, where the server component is installed on the victim's system and the remote attacker
has control of the client. Kid Terror typically runs from the server file "C:\WINDOWS\WINDLL.EXE" over port 6969
via TCP. once installed on a system, it permits unauthorized users to remotely perform a variety of operations, such as
changing the registry, executing commands, starting services, listing files, and uploading or downloading files.
Signature ID: 3431
Backdoor Exploiter 1.0
Threat Level: Severe
Signature Description: Backdoor Exploiter 1.0 is a backdoor Trojan affecting Microsoft Windows Me, Windows 98,
and 95 operating systems. Exploiter uses a client/server relationship, where the server component is installed on the
victim's system and the remote attacker has control of the client. The server attempts to open a port to allow the client
system to connect. This could allow a remote attacker to gain unauthorized access to the victim's system. Exploiter
typically runs from the server file "C:\WINDOWS\Windll.exe" over port 21554 via TCP.