Re: Troyan in port 25 ???

[Matt Rose <mattrose () FOLKWOLF NET>]

        Hmm, I get a whole bunch of wingdings (smiley faces, arrows, a
heart)  when I look at that output with a browser.  It looks like
something is using that port, but if it's a hacker, it's an awfully dumb
port to put your backdoor on.  Does this look like a familiar backdoor to
anyone?

--------------------------------------------------------------------------
Matt Rose        mattrose () folkwolf net          http://www.folkwolf.net
"I've seen scarier secret police agencies than his completely destroyed 
by a Czech hippie playwright with a manual typewriter"  Bruce Sterling

On Wed, 13 Dec 2000 peter () FRIENDS COM wrote:

> Does anyone known about a Troyan listening at port 25?
>
> The Operating System is a WIN NT 4 w/SP6a.
> We installed a WINNT 4.0. After that we installed service pack 6a and a
> software for chat-server called "digichat".
>
> Yesterday I tried to start a SMTP SERVER but the software gave me an error,
> because the port 25 was begging used by other application.
>
> Then i connect to that port and I receive this
> "♥?ⁿ↓?ⁿ↓?ⁿ↓☺☻♥@☻`☺☺?ⁿ↓?ⁿ↓?ⁿ↓☺☺"
> chain of data and the connection was not closed. Because I din't recongnise
> any inet service using this code, I suppossed that may be a troyan.
>
> I was thinking that may be the "Digichat" software the one using that port,
> but after I stopped all services (including IIS note that SMTP service was
> not installed), i realize that the port still was open.
>
> Anyone have any information about this.
>
> Thank you in advance ! :)
>
>
> _________________________________________________________
> This message was sent with Sendpad.com.
> The sender indicated his or her e-mail address as "peter () friends com"
> Send anonymous e-mail right now at http://www.sendpad.com