RE: tcp/1274 scans

["Bojan Zdrnja" <Bojan.Zdrnja () LSS hr>]

> -----Original Message-----
> From: Aaron Cheek [mailto:aaron_cheek () yahoo com] 
> Sent: Friday, 16 May 2003 11:44 a.m.
> To: incidents () securityfocus com
> Subject: tcp/1274 scans 
>
>
> Hi again.
>
> Thanks for your hints about port tcp/554 and the Real
> Server vulnerability.
>
> Now I'm trying to find some info about tcp/1274, which
> according to IANA is t1distproc. Unfortunately I have
> not been able to find any info about t1distproc or the
> reason for those scans. 


TCP port 1274 should be used by Pulpit backdoor. It's a simple trojan which
installs listener on TCP ports 1272, 1274 and 1276. After that an remote
intruder has simple controls over infected system.
This could be related to your scans.

I didn't find info about this trojan on usual anti-virus sites, but you can
see something at the following URL:

http://www.ultrasoftware.net/viruslist/descr.asp?id=101

Best regards,

Bojan Zdrnja


----------------------------------------------------------------------------
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies 
that are enforced to protect WLANs from known vulnerabilities and threats. 
Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.

To get your FREE white paper visit us at:    
http://www.securityfocus.com/AirDefense-incidents
----------------------------------------------------------------------------