[Dshield] Port 901, being used by trojan/virus
rick at jaray.net
Sat Oct 4 16:00:40 GMT 2003
hmm.. the strom center shows it currently low:
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org]On
Behalf Of Philip S. Hempel
Sent: Saturday, October 04, 2003 6:50 AM
To: list at dshield.org
Subject: [Dshield] Port 901, being used by trojan/virus
Hello all, I have not subscribed to the list yet (I am on way to many at
I wanted to point out that if anyone cares to know, port 901 is being
used by some form of trojan/virus and is not being shown as one in the
I can tell you that the trojan/virus itself scans for open ports of
other machines on port 901, it is a telnet interface and requires
password only to login.
The trojan has been around since early last year and seems to have
become more and more prevalent in the pass few months.
I have forgotten the login prompt that is being used but it is somewhat
of a "c00l" type of prompt.
I do remember port 901 having a report on some other website, I will
have to look it up and post it later.
Virus Scanned and Filtered by http://www.FamHost.com E-Mail System.
More information about the list