TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
598
Signature ID: 28014
Spyware Huntbar to download wintools Vulnerability
Threat Level: Information
Signature Description: Spyware is a program or software that resides on an infected computer and collects various
information about the users without their informed consent. HuntBar is an advertising supported executable program
that is installed without user knowledge. It may display advertisements in various forms including Pop-up Ads, pop-
Under Ads, Button Links, Taskbar Bubbles, and/or other forms. This signature detects when the packet has a pattern
'WTools'. WinTools appears to be a variant of Huntbar. It creates its own folder in Program Files/Common Files
directory called WinTools. All of its files are contained within this folder such as WSUP.exe, WToolsA.exe files.
Signature ID: 28015
Spyware ak-networks.com site Access Vulnerability
Threat Level: Information
Signature Description: The adware application is usually installed as an ActiveX object by a malicious Web page.
Current samples of this adware exist as application DLLs. This adware installs itself as a Layered Service Provider to
give it the ability to intercept and log network traffic before redirecting the user to the originally desired Internet site.
This enables the adware to steal user data intended for another site. This adware connects to "vlogic.ak-networks.com"
and "app.desktop.ak-networks.com" domains for notification and downloading an updated copy of itself.
Signature ID: 28016
Spyware ak-networks.com site Access Vulnerability(1)
Threat Level: Information
Signature Description: Spyware is a program or software that resides on an infected computer and collects various
information about the users without their informed consent. This rule will trigger when the attacker send a request to
the SyncAkSoft.da_. The successful exploitation of this issue will allow an attacker to infected computer and collects
various information.
Signature ID: 28017
Spyware ak-networks.com site Access Vulnerability
Threat Level: Information
Signature Description: Spyware is a program or software that resides on an infected computer and collects various
information about the users without their informed consent. This rule will trigger when the attacker send a request to
the akcore.dl_. The successful exploitation of this issue will allow an attacker to infected computer and collects various
information.
Signature ID: 28018
Spyware Bargain Buddy site Access vulnerability
Threat Level: Information
Signature Description: Spyware is a program or software that resides on an infected computer and collects various
information about the users without their informed consent. BargainBuddy is a Browser Helper Object(BHO) that
watches the pages user browser requests and the terms user enter into a search engine web form. If a form matches a
preset list of sites or keywords, BargainBuddy will displays undesirable commercial advertisements.
Signature ID: 28019
Access to spyware Hotbar Install site vulnerability(1)
Threat Level: Information
Signature Description: The systems are directed to a site that is capable of installing malwares in the systems.
Malwares are the softwares that pass user's activities to external sites. HotBar is a spyware and as such, presents a