TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

631

632

633

634

635

636

637

638

639

640

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

640

Signature ID: 29160

Worm Netsky.P

Threat Level: Information

Industry ID: CVE-2001-0154 Bugtraq: 2524

Signature Description: Worm NetSky.P is a mass-mailing worm that uses its own SMTP engine to send itself to the

email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through

various file-sharing programs by copying itself into various shared folders. The From line of the email is spoofed, and

its Subject line and message body of the email vary. The attachment name varies with the .exe, .pif, .scr, or .zip file

extension. This worm also uses the Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability

to cause unpatched systems to auto-execute the worm when reading or previewing an infected message. This signature

triggers for Outbound request malformed SMTP packets.

Signature ID: 29161

Worm NetSky.P

Threat Level: Information

Signature Description: Worm NetSky.P is a mass-mailing worm that uses its own SMTP engine to send itself to the

email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through

various file-sharing programs by copying itself into various shared folders. The From line of the email is spoofed, and

its Subject line and message body of the email vary. The attachment name varies with the .exe, .pif, .scr, or .zip file

extension. This worm also uses the Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability

to cause unpatched systems to auto-execute the worm when reading or previewing an infected message. This signature

triggers for INbound request malformed packets.

Signature ID: 29162

Worm Netsky.P

Threat Level: Information

Signature Description: Worm NetSky.P is a mass-mailing worm that uses its own SMTP engine to send itself to the

email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through

various file-sharing programs by copying itself into various shared folders. The From line of the email is spoofed, and

its Subject line and message body of the email vary. The attachment name varies with the .exe, .pif, .scr, or .zip file

extension. This worm also uses the Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability

to cause unpatched systems to auto-execute the worm when reading or previewing an infected message. This signature

triggers for Outbound request malformed packets.

Signature ID: 29163

Worm Netsky.Z

Threat Level: Information

Signature Description: Worm NetSky.Z is a Netsky variant that scans for the email addresses on all non-CD-ROM

drives on an infected computer. Then, the worm uses its own SMTP engine to send itself to the email addresses that it

finds. The From line of the email is spoofed, and its Subject, Message, and Attachment vary. The attachment has a .zip

extension. This signature triggers for INbound malformed packets.

Signature ID: 29164

Worm Netsky.Z

Threat Level: Information

Signature Description: Worm NetSky.Z is a Netsky variant that scans for the email addresses on all non-CD-ROM

drives on an infected computer. Then, the worm uses its own SMTP engine to send itself to the email addresses that it