[unisog] Mysterious appearance of Backdoor.RA on Win2Kmachines

Gary Flynn flynngn at jmu.edu
Fri Dec 7 21:19:42 GMT 2001


Jeff Bollinger wrote:
> 
> Yes, we have seen this as well.  Note that the Trojan installs s32.exe and the
> servuFTP.  No idea though as to how it got in yet.

Jeff,

Do you know if the slave.exe process was listening on the default
port of 4000?

thanks,
-- 
Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/runsafe



More information about the unisog mailing list