[unisog] Trojan Backdoor

Arnold, Jamie harnold at binghamton.edu
Mon Feb 3 19:46:17 GMT 2003

WSFTP 3.6.6 is a pretty commonly used FTP server for the warez crowd.

-----Original Message-----
From: Jason Alexander [mailto:jason-alexander at uiowa.edu] 
Sent: Monday, February 03, 2003 12:37 PM
To: unisog at sans.org
Subject: [unisog] Trojan Backdoor

We have several machine that have been comprised with a backdoor.  The 
Trojan exists on different ports
but always responds to a telnet with the banner 3.6.6 G and then starts 
spitting out binary information.
I did some googling but didn't find anything.

Can anyone tell me what type of Trojan this is.  It would make scanning for 
it and cleaning it up easier.

Jason Alexander

More information about the unisog mailing list