TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
603
Signature ID: 28039
Access to likely MALWARE site for installer Vulnerability(1)
Threat Level: Information
Signature Description: Malware is software designed to damage a computer system without the owner's knowledge or
consent. It includes computer viruses, worms, Trojan horses, and also spyware programming. This rule will trigger
when the attacker can send a request to the 'carto/mensagem/voxcards.scr' files. The successful exploitation of this
issue will allow an attacker to crash the system and gain unauthorized information.
Signature ID: 28040
Access to likely MALWARE site for installer Vulnerability(3)
Threat Level: Information
Signature Description: Malware is software designed to damage a computer system without the owner's knowledge or
consent. It includes computer viruses, worms, Trojan horses, and also spyware programming. This rule will trigger
when the attacker can send a request to the 'discador|ocartao|msgav|extrato|correcao|extrato_tim|visualizar' executable
files. The successful exploitation of this issue will allow an attacker to crash the system and gain unauthorized
information.
Signature ID: 28041
Access to MALWARE CoolWebSearch (feat2) site Vulnerability
Threat Level: Information
Signature Description: The systems are directed to a site that is capable of installing malwares in the systems.
Malwares are the softwares that pass user's activities to external sites. CoolWebSearch is an umbrella term for a wide
range of disparate browser hijackers not otherwise sorted into separate parasite families. The actual code of the
different variants is generally differs wildly. CoolWebSearch hijackers are invariably installed by exploitation of a wide
variety of web browser security holes, the vast majority (but not all) of which target Internet Explorer and its MS Java
virtual machine. This signature will trigger when the packet contains pattern 'Feat2'.
Signature ID: 28042
Access to MALWARE CoolWebSearch (SCAgent) site Vulnerability
Threat Level: Warning
Signature Description: This rule get hits when packet contains pattern 'SCAgent'. The systems are directed to a site that
is capable of installing malwares in the systems. Malwares are the softwares that pass user's activities to external sites.
CoolWebSearch is an umbrella term for a wide range of disparate browser hijackers not otherwise sorted into separate
parasite families. The actual code of the different variants is generally differs wildly. CoolWebSearch hijackers are
invariably installed by exploitation of a wide variety of web browser security holes, the vast majority (but not all) of
which target Internet Explorer and its MS Java virtual machine.
Signature ID: 28043
Access to MALWARE MediaLoads config/download Vulnerability
Threat Level: Warning
Signature Description: The systems are directed to a site that is capable of installing malwares in the systems.
Malwares are the softwares that pass user's activities to external sites. This is actually an application loaded by
DownloadWare which shows any videos or pictures DW has downloaded. DownloadWare is a process that runs on
Windows startup. If a network connection is available it will connect to its servers, which can direct it to download and
install software from advertisers. It may be installed through an ActiveX control called ActiveInstall, which decodes
and runs a built-in executable and then (tries to) remove itself. This executable can include DownloadWare and often a
'MediaCharger' dialler from Movie Networks, Movie Place, SwimSuitNetworks, Popcorn.net, MVPNetworks or Real-
Tens. This signature will generate log when the attacker send a request to download.cgi script.