TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

601

602

603

604

605

606

607

608

609

610

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

610

being used. Virtumonde is adware that displays pop-up advertisements for rogue antispyware applications. The

program runs in the background when the system starts up. It attaches to the system using bogus Browser Helper

Objects(BHO) and system executable files like winlogon.exe. This rule will trigger when the packet has a pattern

'mmdom.exe' executable file.

Signature ID: 28082

Adware Virtumonde site Vulnerability(5)

Threat Level: Information

Signature Description: Adware or advertising-supported software is any software package which automatically plays,

displays, or downloads advertisements to a computer after the software is installed on it or while the application is

being used. Virtumonde is adware that displays pop-up advertisements for rogue antispyware applications. The

program runs in the background when the system starts up. It attaches to the system using bogus Browser Helper

Objects(BHO) and system executable files like winlogon.exe. This rule will trigger when the packet has a pattern

'bkinst.exe' executable file and virtumonde.com patterns.

Signature ID: 28083

Access to spyware OfferOptimizer site

Threat Level: Information

Signature Description: This is an adware that pops up ads. It monitors browser usage and accordingly delivers targeted

advertisements. OfferOptimizer is a browser cookie that is shared among two or more webpages/websites and is used to

track the target user's browsing history.

Signature ID: 28084

Access to spyware YourSiteBar site Vulnerability

Threat Level: Warning

Signature Description: YourSiteBar is an Internet Explorer toolbar published by Integrated Search Technologies. It is

usually distributed with Adware.SideFind and Trojan.ISTsvc. This is a spyware that is defined as IEHijacker,

distributed through undisclosed installations. It monitors browser usage and accordingly delivers targeted

advertisements.

Signature ID: 28085

Access to spyware YourSiteBar site Vulnerability

Threat Level: Warning

Signature Description: This is a spyware that is defined as IEHiacker, distributed through undisclosed installations. It

monitors browser usage and accordingly delivers targeted advertisements. This signature detects the runtime behavior

of the spyware YourSiteBar, an Internet Explorer browser hijacker.

Signature ID: 28086

Access to spyware BraveSentry FakeAlert site Vulnerability

Threat Level: Warning

Signature Description: This comes under adwares that pops up ads. It monitors browser usage and accordingly delivers

targeted advertisements. Basically, this is an anti-spyware product which has been seen bundled with other adware

products.

Signature ID: 28087

Access to spyware CometSystem (Cursor) site Vulnerability

Threat Level: Warning

Signature Description: Comet Cursor secretly installs itself on a computer, and tracks visits to web sites that use its