ProRat backdoor trojan horse (Trojan_Prorat)

About this signature or vulnerability

Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware, IBM Security Host Protection for Servers (Unix), IBM Security Network Protection, Proventia-G 1.1 and earlier, IBM Security Host Protection for Desktops, Proventia Network IDS, Proventia Network IPS, RealSecure Server Sensor, IBM Security Host Protection for Servers (Windows), Proventia Network MFS:

This signature detects a response message sent by the Prorat backdoor.


Default risk level

High risk vulnerability  High

Sensors that have this signature

Proventia Server IPS for Linux technology: 29.090, Virtual Server Protection for Vmware: 1.0, IBM Security Host Protection for Servers (Unix): 2.2.2, IBM Security Network Protection: 5.1, Proventia-G 1.1 and earlier: XPU 29.090, IBM Security Host Protection for Desktops: 2430, Proventia Network IDS: XPU 29.090, Proventia Network IPS: XPU 29.090, RealSecure Server Sensor: XPU 29.090, IBM Security Host Protection for Servers (Windows): 2.1.14.2430, IBM Security Host Protection for Servers (Windows): 1.0.914.2430, IBM Security Host Protection for Servers (Windows): 2.0.300.2430, Proventia Network MFS: XPU 29.090

Systems affected

Microsoft Windows

Type

Unauthorized Access Attempt

Vulnerability description

ProRat is a Microsoft Windows based backdoor trojan horse, more commonly known as a RAT (Remote Administration Tool).

How to remove this vulnerability

All users and system administrators should regularly update antivirus software and initiate a virus scan.

References

ISS X-Force
ProRat backdoor trojan horse
http://www.iss.net/security_center/static/52278.php