[unisog] Trojan Backdoor

Arnold, Jamie harnold at binghamton.edu
Mon Feb 3 19:46:17 GMT 2003


WSFTP 3.6.6 is a pretty commonly used FTP server for the warez crowd.

-----Original Message-----
From: Jason Alexander [mailto:jason-alexander at uiowa.edu] 
Sent: Monday, February 03, 2003 12:37 PM
To: unisog at sans.org
Subject: [unisog] Trojan Backdoor


We have several machine that have been comprised with a backdoor.  The 
Trojan exists on different ports
but always responds to a telnet with the banner 3.6.6 G and then starts 
spitting out binary information.
I did some googling but didn't find anything.

Can anyone tell me what type of Trojan this is.  It would make scanning for 
it and cleaning it up easier.

Thanks
Jason Alexander



More information about the unisog mailing list