Signature Detail
Short Name |
SCAN:CANVAS:HELIUM-AGENT |
|---|---|
Severity |
Critical |
Recommended |
No |
Recommended Action |
Drop |
Category |
SCAN |
Keywords |
Canvas Helium |
Release Date |
2005/05/17 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
SCAN: Canvas Helium Agent
This signature detects Helium, a python-based Trojan installed after a system is exploited by the Canvas Framework from Immunitysec. By default, Canvas uses port 31337, but an attacker can configure Canvas to use any port. Remote attackers can use the Helium Trojan to gain full access to the infected host, including loading programs such as port scanners, exploits, and distributed computing modules.
Extended Description
The Helium trojan allows an attacker to gain full access to an infected server, and to load programs.
References