[unisog] Mysterious appearance of Backdoor.RA on Win2Kmachines

Gary Flynn flynngn at jmu.edu
Fri Dec 7 21:19:42 GMT 2001

Jeff Bollinger wrote:
> Yes, we have seen this as well.  Note that the Trojan installs s32.exe and the
> servuFTP.  No idea though as to how it got in yet.


Do you know if the slave.exe process was listening on the default
port of 4000?

Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.

More information about the unisog mailing list