TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
653
will start performing the same search on the internet starting at a randomly generated IP address. As a result anyone
connected to the internet who has file sharing enabled and who enables NETBIOS over TCP/IP is potentially
vulnerable to this worm. This worm also attempts to download updates from a website that is already shut down.
Signature ID: 29228
Virus Virut.A Vulnerability
Threat Level: Warning
Signature Description: Virut.A is a virus and IRC backdoor for the Windows platform. When a file infected with
Virut.A is run, the virus will become resident in memory, and will attempt to infect any executable that is accessed by
any process running on the system and will thus spread very quickly throughout the filesystem. It will also attempt to
connect to an IRC channel by opening a backdoor on TCP port 65520 and thus serves as a backdoor with which a
remote attacker may compromise the system.
Signature ID: 29501
Myspaceworm(JS.Qspace) aribtrary user profile send message Vulnerability
Threat Level: Warning
Signature Description: MySpace provides with a profile page that allows to add a profile picture and other photos.
MySpace users are victim of adware attack. JS.Qspace, the Javascript worm exploits a cross-site scripting (XSS)
vulnerability embedded in a malicious Quicktime .MOV file. Viewing the profile of an affected user results in a
redirection to a phishing site, which instructs the visitor to login to view the movie. Once the visitor has supplied their
MySpace credentials, their profile is then modified to dish up the same movie and everyone on their contact list is then
automatically the worm redirects the user to a phishing page made to look like MySpace's login page.
Signature ID: 30000
Microsoft IIS Source Code Disclosure Vulnerability
Threat Level: Warning
Industry ID: CVE-2005-2678
Signature Description: Microsoft Internet Information Services (IIS) custom error page 500-100.asp may return
sensitive information back to a browser. By sending a specially crafted request, the attacker can bypass a verification
step in the custom error page 500-100.asp. This page is only executed if an Active Server Pages (ASP) page that is
present on the server that is running IIS contains a script error. The verification step makes sure that a detailed error
message about this script error is only returned to the browser if the request is made from the Web server computer
itself. In certain scenarios, this detailed error message may contain sensitive information about the configuration of the
server that is running IIS. The vulnerable versions are Microsoft Internet Information Services 5.0 and Microsoft
Internet Information Services 5.1.
Signature ID: 30001
Microsoft Internet Explorer JavaScript window() Memory Corruption
Threat Level: Severe
Industry ID: CVE-2005-1790
Bugtraq: 13799
Signature Description: Microsoft Internet Explorer is affected by a remote code execution vulnerability.This
vulnerability presents itself when the browser handles a JavaScript 'onLoad' handler in conjunction with an improperly
initialized 'window()' JavaScript function.This issue may be exploited to execute arbitrary remote code in the context of
the user running the affected application. Failed exploitation attempts likely result in the application crashing.
Signature ID: 30003
Microsoft Internet Explorer Image Download Filename Extension Spoofing
Threat Level: Severe
Bugtraq: 11768