TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
604
Signature ID: 28044
Access to MALWARE MediaLoads Reporting (register.cgi) Vulnerability
Threat Level: Warning
Signature Description: The systems are directed to a site that is capable of installing malwares in the systems.
Malwares are the softwares that pass user's activities to external sites. This is actually an application loaded by
DownloadWare which shows any videos or pictures DW has downloaded. DownloadWare is a process that runs on
Windows startup. If a network connection is available it will connect to its servers, which can direct it to download and
install software from advertisers. It may be installed through an ActiveX control called ActiveInstall, which decodes
and runs a built-in executable and then (tries to) remove itself. This executable can include DownloadWare and often a
'MediaCharger' dialler from Movie Networks, Movie Place, SwimSuitNetworks, Popcorn.net, MVPNetworks or Real-
Tens. This signature will generate log when the attacker send a request to register.cgi script.
Signature ID: 28045
Access to MALWARE MediaLoads Reporting (country.cgi) Vulnerability
Threat Level: Warning
Signature Description: The systems are directed to a site that is capable of installing malwares in the systems.
Malwares are the softwares that pass user's activities to external sites. This is actually an application loaded by
DownloadWare which shows any videos or pictures DW has downloaded. DownloadWare is a process that runs on
Windows startup. If a network connection is available it will connect to its servers, which can direct it to download and
install software from advertisers. It may be installed through an ActiveX control called ActiveInstall, which decodes
and runs a built-in executable and then (tries to) remove itself. This executable can include DownloadWare and often a
'MediaCharger' dialler from Movie Networks, Movie Place, SwimSuitNetworks, Popcorn.net, MVPNetworks or Real-
Tens. This signature will generate log when the attacker send a request to country.cgi script.
Signature ID: 28046
MALWARE EasySearchBar user agent site Vulnerability
Threat Level: Information
Signature Description: Malware is software designed to damage a computer system without the owner's knowledge or
consent. It includes computer viruses, worms, Trojan horses, and also spyware program mining. EasySearchBar is a
Internet Explorer toolbar. It displays popups on user system, and change user default homepage, or default search
engine to a fraudulent website.
Signature ID: 28047
MALWARE FlashPoint site Vulnerability
Threat Level: Information
Signature Description: This rule tries to detect website which runs the Flash Track malware. The systems are directed
to a site that is capable of installing malwares in the systems. Malwares are the software's that pass user's activities to
external sites. FlashTrack is an adware from Flashpoint Media implemented as an Internet Explorer Browser Helper
Object (BHO), monitoring web page URLs viewed and terms entered into forms on search engines.
Signature ID: 28048
Access to MALWARE FlashTrack site Vulnerability
Threat Level: Warning
Signature Description: FlashTrack is advertising-oriented spyware(adware) that downloads and displays new
advertisements in a popup window while we are browsing the Web. This rule tries to detect the website which runs the
Flash Track malware. The systems are directed to a site that is capable of installing malwares in the systems. Malwares
are the softwares that pass user's activities to external sites. FlashTrack is an adware from Flashpoint Media
implemented as an Internet Explorer Browser Helper Object (BHO), monitoring web page URLs viewed and terms