Penetration Testing mailing list archives
Re: tcp port 999
From: "Mansoor Ahmed" <mansoor.ahmed () hct ac ae>
Date: Thu, 26 Aug 2004 12:38:09 +0400
Hi, I found the following description at ISS: Deep Throat Trojan which runs a keylogger at port 999 and "Puts the file C:\Windows\systray.exe on your disk. The idea is to masquerade as the real systray.exe program located in C:\Windows\system. It changes the existing "Run" registry setting for SystemTray to the new program. Simply removing the "Run" entries or removing the systray.exe program will remove the Trojan. Ports The trojan will listen on: 6670/tcp, 3150/tcp, 2140/tcp, 2140/udp, 3150/udp. " More Info here: http://www.iss.net/security_center/advice/Phauna/RATs/programs/Deep_Throat/default.htm Good day. maNSOor -----Original Message----- From: "Gargac. Jeff" <jgargac () maryville edu> To: <pen-test () securityfocus com> Date: Wed, 25 Aug 2004 08:54:14 -0500 Subject: tcp port 999 Hi all, I ran nmap across one of my Windows XP SP1 workstations and it report tcp port 999 open with the description of garcon. Does anyone have an idea as to what this is? I've searched google and am unable to find a description. Thanks, Jeff ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
Current thread:
- tcp port 999 Gargac. Jeff (Aug 25)
- Re: tcp port 999 markzero (Aug 26)
- Re: tcp port 999 Gary H. Jones II (Aug 26)
- Re: tcp port 999 Tomas Sedlak (Aug 28)
- <Possible follow-ups>
- RE: tcp port 999 Ferino Mardo (Aug 26)
- Re: tcp port 999 Erik Birkholz (Aug 26)
- Re: tcp port 999 Mansoor Ahmed (Aug 26)
- Re: tcp port 999 J. Oquendo (Aug 26)