[Dshield] Port 901, being used by trojan/virus
Philip S. Hempel
pshempel at linuxhardcore.com
Sat Oct 4 11:50:00 GMT 2003
Hello all, I have not subscribed to the list yet (I am on way to many at
I wanted to point out that if anyone cares to know, port 901 is being
used by some form of trojan/virus and is not being shown as one in the
I can tell you that the trojan/virus itself scans for open ports of
other machines on port 901, it is a telnet interface and requires
password only to login.
The trojan has been around since early last year and seems to have
become more and more prevalent in the pass few months.
I have forgotten the login prompt that is being used but it is somewhat
of a "c00l" type of prompt.
I do remember port 901 having a report on some other website, I will
have to look it up and post it later.
More information about the list