sos5.0.0,
sos5.1.0
critical
This signature detects the AutoProxy trojan attempting to
contact a master server and register the IP address and open
ports of the infected host. AutoProxy is a trojan that installs
a proxy server on Microsoft Windows hosts. Attackers may
use an infected host to attack other targets while masking
their actual IP address.
TROJAN:AUTOPROXY:INFECTED-HOST
sos5.1.0
high
This signature detects a banner from the FTP server
embedded in the MoonPie backdoor version 3.0 (other
versions may also be detected).
TROJAN:MISC:MOONPIE3-FTP-RESP
sos5.1.0
medium
This signature detects access to the WanRemote
administration interface using the HTTP protocol.
TROJAN:MISC:WANREMOTE-ADMIN
sos5.1.0
critical
This signature detects login attempts from a client infected
with a trojan installed as part of the Microsoft GDI+ Library
JPEG overflow exploit.
TROJAN:MS-04-028:BACKDOOR-LOGIN
sos5.1.0
high
This signature detects attempts by a specific trojan to
download files. The trojan, installed as part of the Microsoft
GDI+ Library JPEG Overflow exploit, is attempting to
download updated files from a remote host.
TROJAN:MS-04-028:TOOL-DOWNLOAD
sos5.1.0
high
This signature detects Phatbot FTP connections. Phatbot,
a trojan similar to Agobot but with more functionality, sends
spam from an infected host machine.
TROJAN:PHATBOT:FTP-CONNECT
sos5.0.0,
sos5.1.0
high
This signature detects the string 'nongmin_cn' within an
SMTP header-from field sent from a remote system to local
server port 25. This may indicate an attacker is attempting
to access the Trojan/Worm QAZ. The QAZ Trojan/Worm,
famous for infecting the Microsoft network October 2000,
allows attackers to access data and gain control over some
functions on remote Microsoft Windows systems.
TROJAN:QAZ:TCP25-CALLING-HOME
sos5.1.0
high
This signature detects e-mail attachments with the file name
"x-mas.exe' sent via POP3. This may indicate the Babylonia
e-mail virus is attempting to enter the system. The executed
virus infects all files greater than 8kb, installs automatic virus
updaters, and allows attackers to further compromise the
system by uploading trojans, creating backdoors, etc.
VIRUS:POP3:BABYLONIA
sos5.1.0
high
This signature detects e-mail attachments with the file name
'badass.exe' sent via POP3. This may indicate the BadAss
e-mail virus is attempting to enter the system. The executed
virus displays a message box with specified text, opens the
Microsoft Outlook database, and sends infected messages
containing a Dutch phrase to all addresses found.
VIRUS:POP3:BADASS
sos5.1.0
info
This signature detects the EICAR antivirus test file sent as
an e-mail attachment.
VIRUS:POP3:EICAR-ATTACHMENT
Copyright © 2010, Juniper Networks, Inc.
938
Network and Security Manager Administration Guide
Summary of Contents for NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
Page 6: ...Copyright 2010 Juniper Networks Inc vi...
Page 36: ...Copyright 2010 Juniper Networks Inc xxxvi Network and Security Manager Administration Guide...
Page 52: ...Copyright 2010 Juniper Networks Inc 2 Network and Security Manager Administration Guide...
Page 90: ...Copyright 2010 Juniper Networks Inc 40 Network and Security Manager Administration Guide...
Page 146: ...Copyright 2010 Juniper Networks Inc 96 Network and Security Manager Administration Guide...
Page 236: ...Copyright 2010 Juniper Networks Inc 186 Network and Security Manager Administration Guide...
Page 292: ...Copyright 2010 Juniper Networks Inc 242 Network and Security Manager Administration Guide...
Page 314: ...Copyright 2010 Juniper Networks Inc 264 Network and Security Manager Administration Guide...
Page 368: ...Copyright 2010 Juniper Networks Inc 318 Network and Security Manager Administration Guide...
Page 370: ...Copyright 2010 Juniper Networks Inc 320 Network and Security Manager Administration Guide...
Page 484: ...Copyright 2010 Juniper Networks Inc 434 Network and Security Manager Administration Guide...
Page 584: ...Copyright 2010 Juniper Networks Inc 534 Network and Security Manager Administration Guide...
Page 588: ...Copyright 2010 Juniper Networks Inc 538 Network and Security Manager Administration Guide...
Page 600: ...Copyright 2010 Juniper Networks Inc 550 Network and Security Manager Administration Guide...
Page 678: ...Copyright 2010 Juniper Networks Inc 628 Network and Security Manager Administration Guide...
Page 694: ...Copyright 2010 Juniper Networks Inc 644 Network and Security Manager Administration Guide...
Page 700: ...Copyright 2010 Juniper Networks Inc 650 Network and Security Manager Administration Guide...
Page 706: ...Copyright 2010 Juniper Networks Inc 656 Network and Security Manager Administration Guide...
Page 708: ...Copyright 2010 Juniper Networks Inc 658 Network and Security Manager Administration Guide...
Page 758: ...Copyright 2010 Juniper Networks Inc 708 Network and Security Manager Administration Guide...
Page 788: ...Copyright 2010 Juniper Networks Inc 738 Network and Security Manager Administration Guide...
Page 882: ...Copyright 2010 Juniper Networks Inc 832 Network and Security Manager Administration Guide...
Page 908: ...Copyright 2010 Juniper Networks Inc 858 Network and Security Manager Administration Guide...
Page 918: ...Copyright 2010 Juniper Networks Inc 868 Network and Security Manager Administration Guide...
Page 920: ...Copyright 2010 Juniper Networks Inc 870 Network and Security Manager Administration Guide...
Page 1005: ...PART 6 Index Index on page 957 955 Copyright 2010 Juniper Networks Inc...
Page 1006: ...Copyright 2010 Juniper Networks Inc 956 Network and Security Manager Administration Guide...