TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

641

642

643

644

645

646

647

648

649

650

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

650

Signature ID: 29213

Trojan W32Agent.dsi Vulnerability

Threat Level: Warning

Signature Description: Trojan W32.Agent.dsi is a downloader trojan horse. This may be installed when visiting

malicious websites posing as a plug-in for Internet Explorer to enhance it's features. Upon execution it registers itself at

an Apache webserver and downloads data from this server. Then creates files containing domain names and connects to

whois servers of several registries to query the domain names from the file and downloads new data from these sites.

This rule detects "/getgewinnspiel.php", and uid parameter may occur immediately or it may be present after one or

more postfields. This rule detects the vulnerable page and in addition to this detects "uid=" whereever it is present in

the Request line.

Signature ID: 29214

Trojan W32Agent.dsi Vulnerability

Threat Level: Warning

Signature Description: Trojan W32.Agent.dsi is a downloader trojan horse. This may be installed when visiting

malicious websites posing as a plug-in for Internet Explorer to enhance it's features. Upon execution it registers itself at

an Apache webserver and downloads data from this server. Then creates files containing domain names and connects to

whois servers of several registries to query the domain names from the file and downloads new data from these sites.

Signature ID: 29215

Trojan XP keylogger

Threat Level: Warning

Signature Description: XP keylogger is a keylogger that can be installed in stealth mode without user's notice and logs

keystrokes entered and saves the information for later retrieval. Combining screenshots and keylogging, XP Keylogger

delivers textual and graphic evidence about the use of your PC. This signature triggers for INbound request malformed

SMTP packets.

Signature ID: 29216

Trojan XP Keylogger

Threat Level: Warning

Signature Description: XP keylogger is a keylogger that can be installed in stealth mode without user's notice and logs

keystrokes entered and saves the information for later retrieval. Combining screenshots and keylogging, XP Keylogger

delivers textual and graphic evidence about the use of your PC. This signature triggers for Outbound request malformed

SMTP packets.

Signature ID: 29217

Worm MyTob.X

Threat Level: Warning

Signature Description: A Worm is a malicious program that spreads itself without any user intervention. Worms are

self-replicating. Worms spread without attaching to or infecting other programs and files. A Worm can spread across

computer networks via security holes on vulnerable machines connected to the network. Mytob.X is a worm that

spreads via e-mail, poorly protected network shares, and MSN Messenger. The worm also acts as an IRC bot, allowing

a controller unauthorized access to the infected machine, and further spreading by exploiting vulnerabilities in the

Windows operating system.