TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
609
being used. SurfSideKick is a malicious executable program that is usually installed without user consent or
knowledge. It may have the ability to secretly monitor, record, and transmit computer activity. This rule will trigger
when the packet has a pattern 'ipixel.htm?cid='.
Signature ID: 28077
Adware Surfsidekick site Vulnerability(4)
Threat Level: Information
Signature Description: Adware or advertising-supported software is any software package which automatically plays,
displays, or downloads advertisements to a computer after the software is installed <br>on it or while the application is
being used. SurfSideKick is a malicious executable program that is usually installed without user consent or
knowledge. It may have the ability to secretly monitor, record, and transmit computer activity. This rule will trigger
when the packet has a pattern 'rinfo.htm'.
Signature ID: 28078
Adware Virtumonde site Vulnerability(1)
Threat Level: Information
Signature Description: Adware or advertising-supported software is any software package which automatically plays,
displays, or downloads advertisements to a computer after the software is installed on it or while the application is
being used. Virtumonde is adware that displays pop-up advertisements for rogue antispyware applications. The
program runs in the background when the system starts up. It attaches to the system using bogus Browser Helper
Objects(BHO) and system executable files like winlogon.exe. This rule will trigger when the packet has a pattern
siae3123.exe executable file.
Signature ID: 28079
Access to adware Virtumonde site (2)
Threat Level: Information
Signature Description: Win32/Adware.Virtumonde is an imaginary Trojan name used to threaten and trick users into
buying the rogue anti-spyware application XP-Guard. The user gets infected after downloading the video codec that
infects the computer with a nasty Trojan. In most cases, the trojan that infects the PC is called Zlob. Zlob then displays
false warning messages stating "Your browser was hijacked by Win32/Adware.Virtumonde" and recommends to
download a rogue anti-spyware program. This is an adware that pops up ads. It monitors browser usage and
accordingly delivers targeted advertisements. The Virtumonde DLL is registered as a COM object and Browser Helper
Object (BHO) for Microsoft Internet Explorer.
Signature ID: 28080
Access to adware Virtumonde site Vulnerability
Threat Level: Warning
Signature Description: Adware or advertising-supported software is any software package which automatically plays,
displays, or downloads advertisements to a computer after the software is installed on it or while the application is
being used. Virtumonde is adware that displays pop-up advertisements for rogue antispyware applications. The
program runs in the background when the system starts up. It attaches to the system using bogus Browser Helper
Objects(BHO) and system executable files like winlogon.exe. This rule will trigger when the packet has a patterns
e_g_StatisticsUploadDelay then g_AffiliateID then virtumonde.com in POST request.
Signature ID: 28081
Adware Virtumonde site Vulnerability(4)
Threat Level: Information
Signature Description: Adware or advertising-supported software is any software package which automatically plays,
displays, or downloads advertisements to a computer after the software is installed on it or while the application is