[unisog] Mysterious appearance of Backdoor.RA on Win2Kmachines
flynngn at jmu.edu
Fri Dec 7 21:19:42 GMT 2001
Jeff Bollinger wrote:
> Yes, we have seen this as well. Note that the Trojan installs s32.exe and the
> servuFTP. No idea though as to how it got in yet.
Do you know if the slave.exe process was listening on the default
port of 4000?
Security Engineer - Technical Services
James Madison University
More information about the unisog