TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
601
Signature ID: 28029
MALWARE Casino on Net Install Vulnerability
Threat Level: Information
Signature Description: Malware is software designed to damage a computer system without the owner's knowledge or
consent. It includes computer viruses, worms, Trojan horses, and also spyware programming. CasinoOnNet is a piece
of malware which functions both as adware and spyware. When it was installed in the system, it will try to steal the
personal information such as name, address, telephone number, e-mail address, debit/credit card data, and other
information. This rule will trigger when the packet has a pattern 'newdownload/newsetup'.
Signature ID: 28030
MALWARE Casino on Net data download Vulnerability
Threat Level: Information
Signature Description: Malware is software designed to damage a computer system without the owner's knowledge or
consent. It includes computer viruses, worms, Trojan horses, and also spyware programming. CasinoOnNet is a piece
of malware which functions both as adware and spyware. When it was installed in the system, it will try to steal the
personal information such as name, address, telephone number, e-mail address, debit/credit card data, and other
information. This rule will trigger when the packet has a pattern 'sdl/casinov'.
Signature ID: 28031
MALWARE Gator Cookie download Vulnerability
Threat Level: Information
Signature Description: Malwares are the softwares that pass user's activities to external sites. Gator is an application
that automatically files in passwords and other forms on Web pages. It is an adware bundle that displays
advertisements. It can download and execute arbitrary code from its controlling server.
Signature ID: 28032
MALWARE Gator code download Vulnerability
Threat Level: Information
Signature Description: Malwares are the softwares that pass user's activities to external sites. Gator is an application
that automatically files in passwords and other forms on Web pages. It is an adware bundle that displays
advertisements. It can download and execute arbitrary code from its controlling server. This rule will triggered when
the packet has pattern 'gatorcme'.
Signature ID: 28033
Access to MALWARE 404Search Spyware Vulnerability
Threat Level: Warning
Signature Description: The systems are directed to a site that is capable of installing malwares in the systems.
Malwares are the softwares that pass user's activities to external sites. 404Search is pop-up-opening adware targeted at
404search.com/browservillage.com, (sites controlled by the Kanoodle search engine), implemented by an Internet
Explorer Browser Helper Object named 404search.dll.
Signature ID: 28034
Access to MALWARE AdultBox
Threat Level: Information
Signature Description: The systems are directed to a site that is capable of installing malwares in the systems.
Malwares are the softwares that pass user's activities to external sites. AdultBox is a system tray icon offering porn
links. It comprises two processes run at Windows startup, ABox.exe (which provides the icon) and logon.exe (which