ProRat backdoor trojan horse (Trojan_Prorat)

About this signature or vulnerability

Virtual Server Protection for Vmware, Proventia Network IDS, IBM Security Host Protection for Desktops, Proventia Network IPS, Proventia Network MFS, Proventia-G 1.1 and earlier, IBM Security Network Protection, Proventia Server IPS for Linux technology, IBM Security Host Protection for Servers (Unix), RealSecure Server Sensor, IBM Security Host Protection for Servers (Windows):

This signature detects a response message sent by the Prorat backdoor.


Default risk level

High risk vulnerability  High

Sensors that have this signature

Virtual Server Protection for Vmware: 1.0, Proventia Network IDS: XPU 29.090, IBM Security Host Protection for Desktops: 2430, Proventia Network IPS: XPU 29.090, Proventia Network MFS: XPU 29.090, Proventia-G 1.1 and earlier: XPU 29.090, IBM Security Network Protection: 5.1, Proventia Server IPS for Linux technology: 29.090, IBM Security Host Protection for Servers (Unix): 2.2.2, RealSecure Server Sensor: XPU 29.090, IBM Security Host Protection for Servers (Windows): 1.0.914.2430, IBM Security Host Protection for Servers (Windows): 2.0.300.2430, IBM Security Host Protection for Servers (Windows): 2.1.14.2430

Systems affected

Microsoft Windows

Type

Unauthorized Access Attempt

Vulnerability description

ProRat is a Microsoft Windows based backdoor trojan horse, more commonly known as a RAT (Remote Administration Tool).

How to remove this vulnerability

All users and system administrators should regularly update antivirus software and initiate a virus scan.

References

ISS X-Force
ProRat backdoor trojan horse
http://www.iss.net/security_center/static/52278.php