TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
641
finds. The From line of the email is spoofed, and its Subject, Message, and Attachment vary. The attachment has a .zip
extension. This signature triggers for Outbound malformed packets.
Signature ID: 29165
Worm NetSky.P
Threat Level: Information
Industry ID: CVE-2001-0154 Bugtraq: 2524
Signature Description: Worm NetSky.P is a mass-mailing worm that uses its own SMTP engine to send itself to the
email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through
various file-sharing programs by copying itself into various shared folders. The From line of the email is spoofed, and
its Subject line and message body of the email vary. The attachment name varies with the .exe, .pif, .scr, or .zip file
extension. This worm also uses the Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability
to cause unpatched systems to auto-execute the worm when reading or previewing an infected message. This signature
triggers on using the TCP port 139.
Signature ID: 29166
Worm NetSky.P
Threat Level: Information
Industry ID: CVE-2001-0154 Bugtraq: 2524
Signature Description: Worm NetSky.P is a mass-mailing worm that uses its own SMTP engine to send itself to the
email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through
various file-sharing programs by copying itself into various shared folders. The From line of the email is spoofed, and
its Subject line and message body of the email vary. The attachment name varies with the .exe, .pif, .scr, or .zip file
extension. This worm also uses the Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability
to cause unpatched systems to auto-execute the worm when reading or previewing an infected message. This signature
triggers on using the TCP port 445.
Signature ID: 29167
Worm NetSky.P
Threat Level: Information
Industry ID: CVE-2001-0154 Bugtraq: 2524
Signature Description: Worm NetSky.P is a mass-mailing worm that uses its own SMTP engine to send itself to the
email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through
various file-sharing programs by copying itself into various shared folders. The From line of the email is spoofed, and
its Subject line and message body of the email vary. The attachment name varies with the .exe, .pif, .scr, or .zip file
extension. This worm also uses the Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability
to cause unpatched systems to auto-execute the worm when reading or previewing an infected message. This signature
triggers on using the TCP port 1352.
Signature ID: 29168
Worm NetSky.P
Threat Level: Information
Industry ID: CVE-2001-0154
Bugtraq: 2524
Signature Description: Worm NetSky.P is a mass-mailing worm that uses its own SMTP engine to send itself to the
email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through
various file-sharing programs by copying itself into various shared folders. The From line of the email is spoofed, and
its Subject line and message body of the email vary. The attachment name varies with the .exe, .pif, .scr, or .zip file
extension. This worm also uses the Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability
to cause unpatched systems to auto-execute the worm when reading or previewing an infected message. This signature
triggers for Outbound malformed packets.