SCAN: Canvas Helium Agent

This signature detects Helium, a python-based Trojan installed after a system is exploited by the Canvas Framework from Immunitysec. By default, Canvas uses port 31337, but an attacker can configure Canvas to use any port. Remote attackers can use the Helium Trojan to gain full access to the infected host, including loading programs such as port scanners, exploits, and distributed computing modules.

Extended Description

The Helium trojan allows an attacker to gain full access to an infected server, and to load programs.

Short Name
SCAN:CANVAS:HELIUM-AGENT
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
SCAN
Keywords
Agent Canvas Helium
Release Date
05/17/2005
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3538
Port
TCP/1024-3127,3129-7999,8001-8079,8081-65535
False Positive
Unknown

Found a potential security threat?