TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
606
Signature ID: 28060
Access to likely MALWARE site for installer Vulnerability(6)
Threat Level: Information
Signature Description: Malware is software designed to damage a computer system without the owner's knowledge or
consent. It includes computer viruses, worms, Trojan horses, and also spyware programming. This rule will trigger
when the attacker can send a request to the 'boletocobranca|saudades|wwwuolcartoescombr|cartaoanimado' executable
files. The successful exploitation of this issue will allow an attacker to crash the system and gain unauthorized
information.
Signature ID: 28061
Spyware SearchSquire Vulnerability
Threat Level: Warning
Signature Description: Spyware is malicious software running on a host that may intercept or take information from
the host system without a users consent or knowledge. SearchSquire is an Internet Explorer sidebar containing paid
links that opens when you use search engines. When using a search engine known to the software, the search terms are
forwarded to SearchSquire's own search feature, returning advertisers' links in a sidebar.
Signature ID: 28062
Access to spyware Alexa site Vulnerability
Threat Level: Information
Signature Description: Alexa web search is a new kind of search engine, with traffic rankings, user reviews and other
information about sites. It is a web site discovery tool. Features an Amazon shopping button on the product and
anonymously aggregates surfing information. If you use Internet Explorer's Related Links feature, It collects the full
URL of the current Web page, your IP address, which may include a domain name, the date and time of your request,
and computer and connection information such as browser type and version, operating system, and platform. This
information is stored in the same logs as the usage paths.
Signature ID: 28063
Spyware Look2me site Vulnerability(1)
Threat Level: Information
Signature Description: Spyware is a program or software that resides on an infected computer and collects various
information about the users without their informed consent. Look2Me is an advertising and information network that
uses a shell extension to attach itself to windows and display pop up advertising for its clients. Some of the
advertisements push the user to install ErrorGuard or WinFixer. It monitors visited web sites and submits this
information to a server. This rule will triggered when the packet has a patten 'Look2Me'.
Signature ID: 28064
Spyware Look2me site Vulnerability(2)
Threat Level: Information
Signature Description: Spyware is a program or software that resides on an infected computer and collects various
information about the users without their informed consent. Look2Me is an advertising and information network that
uses a shell extension to attach itself to windows and display pop up advertising for its clients. Some of the
advertisements push the user to install ErrorGuard or WinFixer. This signature detects the executable file BW.exe, it is
a spyware program that installs automatically without user consent.