TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

631

632

633

634

635

636

637

638

639

640

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

631

Signature ID: 29097

VBS.Postcard

Threat Level: Information

Signature Description: This virus is a polymorphic Visual Basic Script (VBS), which is stored in HTML files or as a

separate VBS file. It is both an email worm and a Trojan horse. When executed, the worm emails itself to everyone in

Microsoft Outlook address book. Then infects files in the \Windows, \Windows\System, and \Temp folders that have

.html, .htm, .shtml, or .asp extensions. It also replicates itself to \Temp folders of mapped network drives. The virus

changes Internet Explorer security settings, and changes the default start page to the infected HTML page. It opens

WordPad and enters text in the opened document. The script is also designed to block the keyboard and the mouse

Signature ID: 29098

VBS.Postcard Vulnerability

Threat Level: Severe

Signature Description: This virus is a polymorphic Visual Basic Script (VBS), which is stored in HTML files or as a

separate VBS file. It is both an email worm and a Trojan horse. When executed, the worm emails itself to everyone in

the Microsoft Outlook address book. It infects files in the \Windows, \Windows\System, and \Temp folders that have

.html, .htm, .shtml, or .asp extensions. It also replicates itself to \Temp folders of mapped network drives. The virus

changes Internet Explorer security settings, and changes the default start page to the infected HTML page. It opens

WordPad and enters text in the opened document. The script is also designed to block the keyboard and the mouse.

Signature ID: 29100

Srv.SSA-KeyLogger Vulnerability

Threat Level: Information

Signature Description: The spyware keylogger, named Srv.SSA-KeyLogger, is a backdoor program that, among other

things, secretly steals data from users’s internet sessions, including logins and passwords from online banking

sessions, eBay, PayPal, and other programs that use html forms to collect personal information.It is a new variant of a

family of existing trojans generally known as Dumaru or Nibu.

Signature ID: 29101

Backdoor AIM Bot attempt

Threat Level: Information

Signature Description: AimBot runs continuously in the background, and provides a backdoor facility for remote

attackers. Bot software has become a major threat. Microsoft labeled bot nets and backdoor Trojan horses as the most

serious threat its users face. Bots generally are programmed to allow for easily adding new ways of compromising

machines, such as the recent flaw in the Windows Server service.Through this backdoor facility, remote intruders can

gain access and control over the computer via IRC channels.

Signature ID: 29102

Atak Worm

Threat Level: Information

Signature Description: Atak is an intended worm, which attempts to spread via e-mail using its own SMTP engine.

Due to a bug in the code, however, it will probably not propagate in any practical situation. It will continually try to

send itself to the invalid e-mail address "f". When executed, Atak copies itself to %System%\hint.exe. It then modifies

WIN.INI to ensure that this file is executed at each Windows start