'; echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "www.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "www.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "www.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "www.hp-telecom.com") { echo ''; echo 'hp-telecom'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

HTTP Attack (Attack ID:301784)

Release Date:2009-09-27

Attack Name:Trojan agent.aarm runtime detection - spread via spam

OS Type:Window

Application Type:Others

Severity:Info

BUG ID

CVE ID

 

Description


Trojan horse programs can be used by an attacker to steal data from the infected machine, they can also be used to control the infected host. This event indicates that activity relating to the trojan horse program trojan-spy.win32.delf.uv has been detected in network traffic.
In particular this event indicates that the software detected is a Remote Access Trojan. RAT programs allow full control of the target system using a client on the attackers machine that connects to the server on the client host.
Impact:

Possible theft of data and control of the targeted machine leading to a compromise of all resources the machine is connected to.
Affected Systems:

Microsoft Windows systems
Additional References:
http://research.sunbelt-software.com/threatdisplay.aspx?name=Trojan-Downloader.Win32.Agent.bls&threatid=135991
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.AARM&VSect=T

 

Solution

Ensure the system is using an up to date version of the software and has had all vendor supplied patches applied.