TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
624
Signature ID: 29050
Hotword Trojan Possible FTP File Request pspv.exe
Threat Level: Information
Signature Description: This rule hits when packet contains "SIZE pspv.exe". Trojan Hotword is a keylogger that logs
keystrokes entered into Internet Explorer and saves the information for later retrieval or sends notification and the
information to the author using SMTP mail or other methods over the Internet. Trojan.Hotword could allow a remote
attacker to gain unauthorized access to the system. It is also a backdoor Trojan that uses a client/server relationship,
where the server component is installed in the victim's system and the remote attacker has control of the client.
Signature ID: 29051
Hotword Trojan Possible FTP File Request .tea
Threat Level: Information
Signature Description: This rule hits when FTP Traffic contains the FTP Command "LIST" and its argument ".tea".
Trojan Hotword is a keylogger that logs keystrokes entered into Internet Explorer and saves the information for later
retrieval or sends notification and the information to the author using SMTP mail or other methods over the Internet.
Trojan.Hotword could allow a remote attacker to gain unauthorized access to the system. It is also a backdoor Trojan
that uses a client/server relationship, where the server component is installed in the victim's system and the remote
attacker has control of the client.
Signature ID: 29052
Hotword Trojan Possible FTP File Status Upload
Threat Level: Information
Signature Description: This rule hits when FTP Traffic contains "Upload_".Trojan Hotword is a keylogger that logs
keystrokes entered into Internet Explorer and saves the information for later retrieval or sends notification and the
information to the author using SMTP mail or other methods over the Internet. Trojan.Hotword could allow a remote
attacker to gain unauthorized access to the system. It is also a backdoor Trojan that uses a client/server relationship,
where the server component is installed in the victim's system and the remote attacker has control of the client.
Signature ID: 29053
Hotword Trojan Possible FTP File Status Check
Threat Level: Information
Signature Description: This rule hits when FTP Traffic contains "Check_".Trojan Hotword is a keylogger that logs
keystrokes entered into Internet Explorer and saves the information for later retrieval or sends notification and the
information to the author using SMTP mail or other methods over the Internet. Trojan.Hotword could allow a remote
attacker to gain unauthorized access to the system. It is also a backdoor Trojan that uses a client/server relationship,
where the server component is installed in the victim's system and the remote attacker has control of the client.
Signature ID: 29055
Worm Bagle Vulnerability
Threat Level: Information
Signature Description: Bagle is a mass-mailing worm. It copies itself to the Windows system directory and opens a
backdoor on TCP port. Bagle recursively searches all drives on the infected computer to locate Windows Address Book
(WAB) files, text and HTML. It parses these files and collects all email addresses it can find. Using its own SMTP
engine Bagle sends messages with infected attachments to the collected addresses.