IBM Security Host Protection for Servers (Windows), RealSecure Server Sensor, IBM Security Host Protection for Servers (Unix), Proventia Network IPS, Proventia Network IDS, Proventia Network MFS, Proventia-G 1.1 and earlier, IBM Security Host Protection for Desktops, Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology:
This signature detects a Windows Mite backdoor running on your network. This backdoor is typically seen on port 65530/TCP.
IBM Security Host Protection for Servers (Windows): 18.104.22.1680, IBM Security Host Protection for Servers (Windows): 1.0.914.0, RealSecure Server Sensor: XPU 22.37, IBM Security Host Protection for Servers (Unix): 2.2.2, Proventia Network IPS: XPU 1.42, Proventia Network IDS: XPU 22.37, Proventia Network MFS: XPU 1.37, Proventia-G 1.1 and earlier: XPU 22.37, IBM Security Host Protection for Desktops: 8.0.614.1, Virtual Server Protection for Vmware: 1.0, Proventia Server IPS for Linux technology: 1.0
Unauthorized Access Attempt
Windows Mite, also known asBackdoor.WindowsMite.10, Backdoor.WindowsMite.10 Backdoor.WinMite and BackDoor-EB, is a backdoor Trojan affecting Microsoft Windows operating systems. The backdoor uses a client/server relationship, where the server component is installed in the victim's system and the remote attacker has control of the client. The server attempts to open a port, typically TCP port 65530, to allow the client system to connect. Windows Mite backdoor could allow a remote attacker to gain unauthorized access to the system.
Use an up-to-date antivirus program to determine if the target computer is host to a backdoor program. If the program detects a backdoor, follow its instructions to disinfect and repair the computer.
PestPatrol Web site
Windows Mite 1.0
Windows Mite backdoor