TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

611

612

613

614

615

616

617

618

619

620

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

616

Signature ID: 29001

Virus Generic Downloader - Inbound

Threat Level: Information

Signature Description: Standalone program that attempts to hiddenly download and run other files from remote web

and ftp sites. Usually trojan downloaders download different trojans and backdoors and activate them on an affected

system without user's approval. Trojan downloader, when run, usually installs itself to system and waits until Internet

connection becomes available. After that it attempts to connect to a web or ftp site, download specific file or files and

run them. Most famous trojan downloaders: Aphex, Dlder, Small, WebDL. This signature triggers for INbound request

malformed SMTP packets

Signature ID: 29002

Virus Generic Downloader - Outbound

Threat Level: Information

Signature Description: Standalone program that attempts to hiddenly download and run other files from remote web

and ftp sites. Usually trojan downloaders download different trojans and backdoors and activate them on an affected

system without user's approval. Trojan downloader, when run, usually installs itself to system and waits until Internet

connection becomes available. After that it attempts to connect to a web or ftp site, download specific file or files and

run them. Most famous trojan downloaders: Aphex, Dlder, Small, WebDL. This signature triggers for Outbound

request malformed SMTP packets.

Signature ID: 29003

Virus Generic Downloader Vulnerability

Threat Level: Information

Signature Description: Standalone program that attempts to hiddenly download and run other files from remote

websites. Usually trojan downloaders download different trojans and backdoors and activate them on an affected

system without user's approval. Trojan downloader, when run, usually installs itself to system and waits until Internet

connection becomes available. After that it attempts to connect to a web or ftp site, download specific file or files and

run them. Most famous trojan downloaders are Aphex, Dlder, Small, WebDL.

Signature ID: 29004

Trojan Bankem Vulnerability

Threat Level: Information

Signature Description: Trojan.Bankem.B is a Trojan horse that steals sensitive information relating to German banking

Web sites. It searches for certain strings in IE windows related to online banking Web sites to steal sensitive

information such as credit card details and online banking passwords. It captures all the information entered on that

page and refers to the remote attacker via HTTP or FTP.

Signature ID: 29005

Worm Bugbear@mm

Threat Level: Information

Signature Description: Bugbear@mm is a mass-mailing worm. It can also spread through network shares. It has

keystroke-logging and backdoor capabilities. The worm also attempts to terminate the processes of various antivirus

and firewall programs. Because the worm does not properly handle the network resource types, it may flood shared

printer resources, which causes them to print garbage or disrupt their normal functionality