TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

631

632

633

634

635

636

637

638

639

640

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

638

Signature ID: 29149

Worm MyTob.DI

Threat Level: Information

Signature Description: Worm MyTob.DI is a mass-mailing worm and IRC backdoor Trojan for the Windows platform.

It runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and

control over the computer via IRC channels and also includes functionality to silently download, install and run new

software. Mytob.DI modifies the HOSTS file, changing the URL-to-IP mappings for selected websites, therefore

preventing normal access to these sites and also capable of spreading through email. This signature triggers for

Outbound malformed packets.

Signature ID: 29150

Worm MyTob.DI

Threat Level: Information

Signature Description: Worm MyTob.DI is a mass-mailing worm and IRC backdoor Trojan for the Windows platform.

It runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and

control over the computer via IRC channels and also includes functionality to silently download, install and run new

software. Mytob.DI modifies the HOSTS file, changing the URL-to-IP mappings for selected websites, therefore

preventing normal access to these sites and also capable of spreading through email. This signature triggers for

INbound malformed packets.

Signature ID: 29151

Worm MyTob.GC

Threat Level: Information

Signature Description: Worm MyTob.GC is a mass-mailing worm and IRC backdoor Trojan. This worm runs

continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control

over the computer via IRC channels, including the ability to download and execute files on the infected computer. It

processes the emails it has harvested by splitting them into name and domain, avoiding sending emails to addresses

containing certain strings in them. Once it has sent itself to the emails it has harvested, it uses a predefined list of names

with the harvested domains. Mytob.GC spoofs the sender, sending emails as if from the name "security" at the same

domain as the recipient

Signature ID: 29152

Worm MyTob.GC

Threat Level: Information

Signature Description: Worm Mytob.GC is a mass-mailing worm and IRC backdoor Trojan. This worm runs

continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control

over the computer via IRC channels, including the ability to download and execute files on the infected computer. It

processes the emails it has harvested by splitting them into name and domain, avoiding sending emails to addresses

containing certain strings in them. Once it has sent itself to the emails it has harvested, it uses a predefined list of names

with the harvested domains. Mytob.GC spoofs the sender, sending emails as if from the name "security" at the same

domain as the recipient

Signature ID: 29153

Worm MyTob.HF

Threat Level: Information

Signature Description: MyTob.HF propagates by sending a copy of itself as an attachment to an email message, which

it sends to target recipients using its own Simple Mail Transfer Protocol (SMTP) engine. This worm has backdoor

capabilities, which allow a remote user to perform malicious commands on the affected system. Using random ports, it