TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

641

642

643

644

645

646

647

648

649

650

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

646

related and filesharing software as well as destroying files of certain types. When executed, it copies itself to the files

rundll16.exe, scanregw.exe, Update.exe, and Winzip.exe.

Signature ID: 29190

Akak Trojan

Threat Level: Warning

Industry ID: CVE-2005-0053

Bugtraq: 11466

Signature Description: Akak Trojan utilizes the IE Drag-n-drop vulnerability. By visiting a page and simply clicking or

dragging and dropping an image on the page can exploit the vulnerability. When the vulnerability is exploited the

server can download an executable to the machine and place it in the start up directory to execute on next login. The

Trojan will then install itself on the machine as testexe.exe or rb.exe and connect back to the master control server on

port 4321. The Trojan listens for commands from the master control server. The Trojan will also turn off XP's firewall

feature.

Signature ID: 29191

Trojan Banker.Delf

Threat Level: Warning

Signature Description: Trojan Banker.Delf is written in Delphi and usually arrives as an e-mail attachment. When it is

executed, it installs registry entries to become active at windows startup. Then it tries to steal sensitive information

from the machine. This rule is written based on the content in the mail with which this trojan arrives.

Signature ID: 29193

Trojan Banker.Delf

Threat Level: Warning

Signature Description: Trojan Banker.Delf is written in Delphi and usually arrives as an e-mail attachment. It was first

detected by Prevx on Feb 23 2007. When it is executed, it installs registry entries to become active at windows startup.

Then it tries to steal sensitive information from the machine. This rule is written based on the content in the mail with

which this trojan arrives.

Signature ID: 29194

Trojan Banker.Delf

Threat Level: Warning

Signature Description: Trojan Banker.Delf is written in Delphi and usually arrives as an e-mail attachment. It was first

detected by Prevx on Feb 23 2007. When it is executed, it installs registry entries to become active at windows startup.

Then it tries to steal sensitive information from the machine. This rule is written based on the content in the mail with

which this trojan arrives. It uses victim PC to send mass mail using SMTP protocol.

Signature ID: 29195

Trojan Banload.Downloader

Threat Level: Warning

Signature Description: Trojan Banload.Downloader is a downloader Trojan for the Windows platform. It includes

functionality to download file, access the internet and communicate with a remote server via HTTP. It arrives via e-

mail as an attachment and upon execution tries to steal sensitive information from the host.

Signature ID: 29196

Trojan Dumador.IK

Threat Level: Warning

Signature Description: Dumador.IK is a multi-component backdoor/keylogger, packed using UPX to a filesize of