Security Incidents mailing list archives

Re: Trojan of somesort

From: Harlan Carvey <keydet89 () yahoo com>
Date: Wed, 26 May 2004 04:28:58 -0700 (PDT)

Bob,

Did you happen to collect any volatile data from the
system before you pulled the plug?  Things like
running processes, installed services/device drivers,
network connections?

I am currently doing an investigation into a
compromised system. Before 
pulling the plug I netcatted to a suspicous open
port and received the 
following banner:
          220 SiGN - FR33-FXP3rs - On Da FUcKiNG
C@S£!!!
I am presuming this to be the welcome banner for a
trojan horse of some 
sort. Has anybody seen this before or does anybody
know anything about it or 
what Trojan this might be?

Current thread:

Trojan of somesort Bob the Builder (May 25)
- Re: Trojan of somesort Greg Bolshaw (May 25)
- Re: Trojan of somesort Brian Eckman (May 25)
  - Re: Trojan of somesort Anonymous (May 27)
- RE: Trojan of somesort Rob Shein (May 25)
- Re: Trojan of somesort Andrew Smith (May 26)
- Re: Trojan of somesort Harlan Carvey (May 26)
- Re: Trojan of somesort Paul Schmehl (May 26)
- <Possible follow-ups>
- Re: Trojan of somesort MATT GIBSON (May 26)
  - Re: Trojan of somesort Harlan Carvey (May 26)
- Re: Trojan of somesort caldcv (May 26)