[Dshield] Port 901, being used by trojan/virus

Rick Klinge rick at jaray.net
Sat Oct 4 16:00:40 GMT 2003


hmm.. the strom center shows it currently low:

http://isc.incidents.org/port_details.html?port=901

~Rick

-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org]On
Behalf Of Philip S. Hempel
Sent: Saturday, October 04, 2003 6:50 AM
To: list at dshield.org
Subject: [Dshield] Port 901, being used by trojan/virus


Hello all, I have not subscribed to the list yet (I am on way to many at
the moment).

I wanted to point out that if anyone cares to know, port 901 is being
used by some form of trojan/virus and is not being shown as one in the
dshield reports.

I can tell you that the trojan/virus itself scans for open ports of
other machines on port 901, it is a telnet interface and requires
password only to login.

The trojan has been around since early last year and seems to have
become more and more prevalent in the pass few months.

I have forgotten the login prompt that is being used but it is somewhat
of a "c00l" type of prompt.

I do remember port 901 having a report on some other website, I will
have to look it up and post it later.

/psh

___________________________________________________________________
Virus Scanned and Filtered by http://www.FamHost.com E-Mail System.




More information about the list mailing list