TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

621

622

623

624

625

626

627

628

629

630

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

630

Signature ID: 29091

Worm Bagle.ES/Bagle.ET

Threat Level: Information

Signature Description: Worm Bagle.ES/Bagle.ET comes through spammed e-mails as a zip file attachment. When the

file is run, it copies itself as ANTI_TROJ.EXE file to Windows System folder and creates a startup key for this file in

the Registry. Then the downloader tries to download a file from several different sites and to activate it

Signature ID: 29092

Trojan.Lodear.D Vulnerability

Threat Level: Information

Signature Description: Trojan.Lodear.D is a Trojan horse Program that attempt to download Malicious files from

Internet. It copies itself as %System%\anti_troj.exe and created registry entry to run at startup. Then it contacts some

malicious websites through TCP port 80, downloads a remote file, and saves it to a folder which is created by the

trojan.

Signature ID: 29093

Trojan Bobax Vulnerability

Threat Level: Information

Signature Description: Bobax is a Sasser-like trojan proxy that uses the LSASS.EXE (MS04-011) vulnerability to

propagate. When instructed to do so it scans random IP addresses for vulnerable computers. Bobax sends mails using a

template and a list of email addresses. This has the benefit of offloading almost all the bandwidth requirements of

spamming onto the trojaned machines, allowing the spammer to operate with minimal cost.

Signature ID: 29094

IE ILookup Trojan Vulnerability

Threat Level: Information

Industry ID: CVE-2004-0549

Signature Description: This trojan uses vulnerability in IE 6 browsers. ILookup installs as a toolbar and browser helper

object. Once installed, It hijacks the home page and search settings to point to its own site or to adult-related sites.

Signature ID: 29095

Mitglieder Proxy Bot Vulnerability

Threat Level: Information

Signature Description: Mitglieder Proxy Bot used to relay spam. It is also used advertising click-thru fraud, fraudulent

email and IM registration/creation, http based web attacks, and all manner of authentication brute force attack.

Mitglieder uses one of Microsoft Internet Explorer vulnerabilities to install and launch a proxy server on the victim

machine without the user's knowledge

Signature ID: 29096

VBS.Postcard

Threat Level: Information

Signature Description: This virus is a polymorphic Visual Basic Script (VBS), which is stored in HTML files or as a

separate VBS file. It is both an email worm and a Trojan horse. When executed, the worm emails itself to everyone in

your Microsoft Outlook address book. It infects files in the \Windows, \Windows\System, and \Temp folders that have

.html, .htm, .shtml, or .asp extensions. It also replicates itself to \Temp folders of mapped network drives. The virus

changes Internet Explorer security settings, and changes the default start page to the infected HTML page. It opens

WordPad and enters text in the opened document. The script is also designed to block the keyboard and the mouse