Security Incidents mailing list archives
DS trojan opens ports fport does not detect?
From: <junk () zounds net>
Date: Thu, 11 Dec 2003 22:12:50 -0600 (CST)
Recently, when attempting to play Dungeon Siege with a friend, I installed a crack he found on the internet. (we each purchased the game) His machine began responding to port scans on tcp 25 and 110. I could telnet to these ports, and the response was to clear my screen, and on any keypress, to drop the connection. He said he could not telnet to port 25 on his machine via localhost. After installing the crack on my machine, i found i could telnet to port 25 and get the connection with no banner. Neither Norton anti virus nor adaware found anything. I erased the dll, and port 25 closed for a while, but it is open again (sigh). But using tools like netstat, fport, or tcpview did not show any activity on 25 or 110. Zone alarm isnt detecting is making outgoing connections. Isnt the point of a tool like fport to detect and find the application that opens ports? Is it common for these tools to be evaded? I will email the trojan if anyone that wants to analyze it. Contact me at marc at (nospam) zounds net --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- DS trojan opens ports fport does not detect? junk (Dec 12)
- <Possible follow-ups>
- Re: DS trojan opens ports fport does not detect? H Carvey (Dec 16)
- RE: DS trojan opens ports fport does not detect? Lachniet, Mark (Dec 16)