[unisog] Mysterious appearance of Backdoor.RA on Win2Kmachines
jeff01 at email.unc.edu
Fri Dec 7 21:22:43 GMT 2001
I don't think so, though there was a trojaned FTP server running on port 6820.
Gary Flynn wrote:
> Jeff Bollinger wrote:
> > Yes, we have seen this as well. Note that the Trojan installs s32.exe and the
> > servuFTP. No idea though as to how it got in yet.
> Do you know if the slave.exe process was listening on the default
> port of 4000?
> Gary Flynn
> Security Engineer - Technical Services
> James Madison University
> Please R.U.N.S.A.F.E.
University of North Carolina
IT Security Analyst
105 Abernethy Hall
mailto: jeff_bollinger at unc.edu
More information about the unisog