Security Incidents mailing list archives
Re: Trojan of somesort
From: Harlan Carvey <keydet89 () yahoo com>
Date: Wed, 26 May 2004 04:28:58 -0700 (PDT)
Bob, Did you happen to collect any volatile data from the system before you pulled the plug? Things like running processes, installed services/device drivers, network connections?
I am currently doing an investigation into a compromised system. Before pulling the plug I netcatted to a suspicous open port and received the following banner: 220 SiGN - FR33-FXP3rs - On Da FUcKiNG C@S£!!! I am presuming this to be the welcome banner for a trojan horse of some sort. Has anybody seen this before or does anybody know anything about it or what Trojan this might be?
Current thread:
- Trojan of somesort Bob the Builder (May 25)
- Re: Trojan of somesort Greg Bolshaw (May 25)
- Re: Trojan of somesort Brian Eckman (May 25)
- Re: Trojan of somesort Anonymous (May 27)
- RE: Trojan of somesort Rob Shein (May 25)
- Re: Trojan of somesort Andrew Smith (May 26)
- Re: Trojan of somesort Harlan Carvey (May 26)
- Re: Trojan of somesort Paul Schmehl (May 26)
- <Possible follow-ups>
- Re: Trojan of somesort MATT GIBSON (May 26)
- Re: Trojan of somesort Harlan Carvey (May 26)
- Re: Trojan of somesort caldcv (May 26)