TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

631

632

633

634

635

636

637

638

639

640

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

637

Signature ID: 29139

Worm MyFip

Threat Level: Warning

Signature Description: A Worm is a malicious program that spreads itself without any user intervention. Worms are

self-replicating. Worms spread without attaching to or infecting other programs and files. A Worm can spread across

computer networks via security holes on vulnerable machines connected to the network. Myfip is a network-aware

worm that steals information from a compromised computer and lowers security settings. The worm spreads through

the network by exploiting the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (MS04-

011) and the Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability (MS03-026).

Signature ID: 29140

Worm MyFip

Threat Level: Information

Signature Description: Myfip is a network-aware worm that steals information from a compromised computer and

lowers security settings. The worm spreads through the network by exploiting the Microsoft Windows Local Security

Authority Service Remote Buffer Overflow (MS04-011) and the Microsoft Windows DCOM RPC Interface Buffer

Overrun Vulnerability (MS03-026). This signature detects attacks using max|00| characters.

Signature ID: 29141

Worm MyFip

Threat Level: Information

Signature Description: Myfip is a network-aware worm that steals information from a compromised computer and

lowers security settings. The worm spreads through the network by exploiting the Microsoft Windows Local Security

Authority Service Remote Buffer Overflow (MS04-011) and the Microsoft Windows DCOM RPC Interface Buffer

Overrun Vulnerability (MS03-026). This signature detects attacks using mdb|00| characters.

Signature ID: 29143

Worm MyTob.ED

Threat Level: Information

Signature Description: This rule will trigger when the packet contains pattern 'GkAWRzRP5MBFtOlRwqi8v'. Worm

Mytob.ED is a mass-mailing worm and backdoor Trojan that can be controlled through the Internet Relay Chat (IRC)

network. Mytob.ED includes functionality to change browser settings and is capable of spreading through email

Signature ID: 29145

Worm MyTob.ED

Threat Level: Information

Signature Description: Worm Mytob.ED is a mass-mailing worm and backdoor Trojan that can be controlled through

the Internet Relay Chat (IRC) network. Mytob.ED includes functionality to change browser settings and is capable of

spreading through email. This rule will trigger when the packet contains pattern 'PVSxbff1mWcbvMEyP7KLn'.

Signature ID: 29147

Worm MyTob.ED

Threat Level: Information

Signature Description: Worm Mytob.ED is a mass-mailing worm and backdoor Trojan that can be controlled through

the Internet Relay Chat (IRC) network. Mytob.ED includes functionality to change browser settings and is capable of

spreading through email. This signature will trigger when the packet contains pattern 'FxCBYvYtUx1889u4JeD9'.