TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

721

722

723

724

725

726

727

728

729

730

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

727

Signature ID: 31550

TROJAN Possible Bobax trojan infection

Threat Level: Warning

Signature Description: Bobax is a new, trojan proxy that uses the MS04-011 (LSASS.EXE) vulnerability to propagate.

When instructed to do so it scans random IP addresses for vulnerable computers. This event indicates trojan horse

activity.Internal machine may be infected by trojan. Trojan horse may be installed when visiting malicious websites

posing as a plug-in for Internet Explorer to enhance it's features. Upon execution it creates files in system directory and

open ports on the victim machine. After execution it modifies system32 files, drops few files and registers itself as a

service to become active at startup. It takes the total control of the victim machine.

Signature ID: 31580

WORM Bofra Victim Accessing Reactor Page

Threat Level: Warning

Signature Description: Bofra worm poses as photos from an adult webcam in an attempt to fool users into clicking on a

link. Clicking on the link causes the targeted PC to run malicious script hosted on a previously infected computer. This

signature indicates a possible exploit of bofra victim Accessing reactor page, Upon finding a vulnerable system, the

exploit is triggered, and the newly infected system downloads its own copy of the worm from the originally infected

system. The worm is then executed and starts scanning for new targets.

Signature ID: 31692

Apple Quicktime RTSP Content-Type overflow attempt

Threat Level: Severe

Industry ID: CVE-2007-6166 Bugtraq: 26549

Signature Description: Real Time Streaming Protocol(RTSP) is a protocol that is used by streaming media systems.

The Apple QuickTime Streaming server support RTSP. Apple QuickTime RTSP versions 4.0 through 7.3 is vulnerable

to a stack-based buffer overflow, caused by improper bounds checking of the Real Time Streaming Protocol (RTSP)

Content-Type header. By persuading a victim to connect to a specially-crafted RTSP stream, a remote attacker could

overflow a buffer and execute arbitrary code on the system or cause the application to crash.

Signature ID: 31916

Download Windows Help File CHM 2

Threat Level: Information

Signature Description: The event is generated when network traffic indicating the use of an application or service that

may violate a corporate security policy.WE should ensure that such behavior is in alignment with Corporate Policies

and guidelines. malicious servers may send crafted CHM file to crash the users application.

Signature ID: 32238

IBM Lotus Domino 7.0.2FP1 IMAP4 Server LSUB Command vulnerability

Threat Level: Severe

Industry ID: CVE-2007-3510

Bugtraq: 26176

Signature Description: IBM Lotus Domino is vulnerable to a buffer overflow. If the Domino server is configured for

IMAP, a remote authenticated attacker could establish a connection between the IMAP server and TCP port

143,passing long argument to LSUB to overflow a buffer and execute arbitrary code on the system or cause the server

to crash.