[unisog] Trojan Backdoor
harnold at binghamton.edu
Mon Feb 3 19:46:17 GMT 2003
WSFTP 3.6.6 is a pretty commonly used FTP server for the warez crowd.
From: Jason Alexander [mailto:jason-alexander at uiowa.edu]
Sent: Monday, February 03, 2003 12:37 PM
To: unisog at sans.org
Subject: [unisog] Trojan Backdoor
We have several machine that have been comprised with a backdoor. The
Trojan exists on different ports
but always responds to a telnet with the banner 3.6.6 G and then starts
spitting out binary information.
I did some googling but didn't find anything.
Can anyone tell me what type of Trojan this is. It would make scanning for
it and cleaning it up easier.
More information about the unisog