Security Incidents mailing list archives

RE: Mystery web server trojan(?) on Windows ME

From: "Vachon, Scott" <Scott.Vachon () Paymentech com>
Date: Fri, 22 Jun 2001 12:44:36 -0500

Hi folks,

One of my users is running WinME at home.  He reported that he thought his
home machine had been hacked.

Running a portscan on the machine turned up the following:

10.0.0.23           unknown            135/tcp unassigned
10.0.0.23           netbios-ssn        139/tcp # NETBIOS session server
10.0.0.23         unknown            4343/tcp unassigned

Attempting to telnet to port 4343 on this machine, I found what appeared
to be a small webserver.<snip>


Got this from http://www.con.wesleyan.edu/~triemer/network/regports.html :


unicall 4343/tcp UNICALL 
unicall 4343/udp UNICALL 

~S~

Disclaimer: My own two cents

Current thread:

Mystery web server trojan(?) on Windows ME Jeremy Anderson (Jun 21)
- Re: Mystery web server trojan(?) on Windows ME Chip McClure (Jun 22)
- <Possible follow-ups>
- RE: Mystery web server trojan(?) on Windows ME Vachon, Scott (Jun 24)