ProRat backdoor trojan horse (Trojan_Prorat)

About this signature or vulnerability

IBM Security Host Protection for Servers (Unix), Virtual Server Protection for Vmware, IBM Security Network Protection, Proventia Server IPS for Linux technology, Proventia Network IPS, Proventia-G 1.1 and earlier, Proventia Network IDS, IBM Security Host Protection for Desktops, RealSecure Server Sensor, Proventia Network MFS, IBM Security Host Protection for Servers (Windows):

This signature detects a response message sent by the Prorat backdoor.


Default risk level

High risk vulnerability  High

Sensors that have this signature

IBM Security Host Protection for Servers (Unix): 2.2.2, Virtual Server Protection for Vmware: 1.0, IBM Security Network Protection: 5.1, Proventia Server IPS for Linux technology: 29.090, Proventia Network IPS: XPU 29.090, Proventia-G 1.1 and earlier: XPU 29.090, Proventia Network IDS: XPU 29.090, IBM Security Host Protection for Desktops: 2430, RealSecure Server Sensor: XPU 29.090, Proventia Network MFS: XPU 29.090, IBM Security Host Protection for Servers (Windows): 2.1.14.2430, IBM Security Host Protection for Servers (Windows): 2.0.300.2430, IBM Security Host Protection for Servers (Windows): 1.0.914.2430

Systems affected

Microsoft Windows

Type

Unauthorized Access Attempt

Vulnerability description

ProRat is a Microsoft Windows based backdoor trojan horse, more commonly known as a RAT (Remote Administration Tool).

How to remove this vulnerability

All users and system administrators should regularly update antivirus software and initiate a virus scan.

References

ISS X-Force
ProRat backdoor trojan horse
http://www.iss.net/security_center/static/52278.php