TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
614
Signature ID: 28105
Spyaxe malware activity detection
Threat Level: Warning
Signature Description: Spyaxe is an anti-spyware application sometimes installed without a user's knowledge or
consent. Once Spyaxe is installed, the systems are directed to Spyaxe site which is capable of installing malwares in the
systems. The software may falsely alarm about infections, even prior to conducting a scan. A trojan already installed on
a user's computer may show a fraudulent warning that the user may be infected. When the user clicks the message, the
trojan will download and silently install SpyAxe. After installation, SpyAxe will detect the trojan that installed it, but
without any details. The user will not be allowed to attempt cleaning of the trojan until paying for SpyAxe. This rule
will trigger when an infected PC request to the 'dbver.php' file.
Signature ID: 28106
Spyaxe malware activity detection
Threat Level: Warning
Signature Description: Spyaxe is an anti-spyware application sometimes installed without a user's knowledge or
consent. Once Spyaxe is installed, the systems are directed to Spyaxe site which is capable of installing malwares in the
systems. The software may falsely alarm about infections, even prior to conducting a scan. A trojan already installed on
a user's computer may show a fraudulent warning that the user may be infected. When the user clicks the message, the
trojan will download and silently install SpyAxe. After installation, SpyAxe will detect the trojan that installed it, but
without any details. The user will not be allowed to attempt cleaning of the trojan until paying for SpyAxe. Spyaxe
hijacks the user's desktop and advertises too much. This signature detects when packet contains pattern
'download.php?sid=' and 'spyaxe'.
Signature ID: 28107
Spyaxe backdoor activity detection
Threat Level: Information
Signature Description: SpyAxe is an anti-spyware application sometimes installed without a user's knowledge or
consent. A trojan already installed on a user's computer may show a fraudulent warning that the user may be infected.
When the user clicks the message, the trojan will download and silently install SpyAxe. After installation, SpyAxe will
detect the trojan that installed it, but without any details. The user will not be allowed to attempt cleaning of the trojan
until paying for SpyAxe.The installed application functions up to the point when a user wants to remove a found
infection, at which point the software requires purchase. The software may falsely alarm about infections, even prior to
conducting a scan. The mime header "User-Agent" contains spyaxe in the get request means that user is spyaxe and
connected server will try to do what Spyaxe is requested. The following signature should detect when Spyaxe is try to
connect to the any site(Spyaxe site or any vulnerable site) to install malwares.
Signature ID: 28108
Activity Related to Spyware Site SpySheriff.com Vulnerability
Threat Level: Warning
Signature Description: SpySheriff is a Trojan disguised as an anti-spyware application. The systems are directed to this
site that is capable of installing malwares in the systems. Malwares are the softwares that pass user's activities to
external sites. SpySheriff hijacks the user's desktop and advertises too much.<br>
Signature ID: 28109
Activity Related to Spyware Site spywarestormer.com Vulnerability
Threat Level: Warning
Signature Description: Spywarestormer is a Trojan disguised as an anti-spyware application. The systems are directed