Re: Troyan in port 25 ???

[Jackal <-jackal- () LIBERO IT>]

Trojan Deafult port list...

Port 25
Ajan, Antigen, Email Password Sender, Gip, Haebu Coceda (=Naebi), Happy 99,
I Love You, Kaung2, Pro Mail Trojan, Shtrilitz, Stealth, Tapiras,
Terminator, WinPC, WinSpy ù

It should be one of this...
Kindly Regards

The Jackal


----- Original Message -----
From: <peter () FRIENDS COM>
To: <INCIDENTS () SECURITYFOCUS COM>
Sent: Wednesday, December 13, 2000 12:03 PM
Subject: Troyan in port 25 ???


> Does anyone known about a Troyan listening at port 25?
>
> The Operating System is a WIN NT 4 w/SP6a.
> We installed a WINNT 4.0. After that we installed service pack 6a and a
> software for chat-server called "digichat".
>
> Yesterday I tried to start a SMTP SERVER but the software gave me an
error,
> because the port 25 was begging used by other application.
>
> Then i connect to that port and I receive this
> "&#9829; &#8319;&#8595; &#8319;&#8595;
&#8319;&#8595;&#9786;&#9787;&#9829;@&#9787;`&#9786;&#9786; &#8319;&#8595;
&#8319;&#8595; &#8319;&#8595;&#9786;&#9786;"
> chain of data and the connection was not closed. Because I din't
recongnise
> any inet service using this code, I suppossed that may be a troyan.
>
> I was thinking that may be the "Digichat" software the one using that
port,
> but after I stopped all services (including IIS note that SMTP service was
> not installed), i realize that the port still was open.
>
> Anyone have any information about this.
>
> Thank you in advance ! :)
>
>
> _________________________________________________________
> This message was sent with Sendpad.com.
> The sender indicated his or her e-mail address as "peter () friends com"
> Send anonymous e-mail right now at http://www.sendpad.com