Re: Trojan of somesort

["Anonymous" <spam2mymail () web de>]

sorry my english is very bad, but i hope you can understand me.

so

FR33-FXP3rs sound like the slogan of a fxp group.
They hack server, get root axx and install an ftp engine on your server,
mostly its Serv-U.
Then they send Games, Movies, Applikation on your Server ( Now their ftp
server) and spread this server on Boards of other FXP Crews.

They install a ftp engine and mostly 1 or 2 trojans ( backdoors ) , so they
can recover the server if the admin found ftp engine.

So try to find the ftp engine and scan for backdoors / trojans ! Also find
their Stuff ( Movies , Games .... ) ! They love the Windows Trash Directory
for the Stuff and the %systemroot%/Font ( Directory where your Fonts are)
for the ftp engine.

Mostly they use for hack the NTPass (NTPW) Bug oder SQL, but Printer, IIS,
Webdav are also very public in this scene !

i hope i could help you, pls send me a answer i want to know im right or
wrong.

bye

philipp


<fullquote>


> Bob the Builder wrote:
> > Hi,
> > I am currently doing an investigation into a compromised system. Before
> > pulling the plug I netcatted to a suspicous open port and received the
> > following banner:
> >          220 SiGN - FR33-FXP3rs - On Da FUcKiNG C@S£!!!
> > I am presuming this to be the welcome banner for a trojan horse of some
> > sort. Has anybody seen this before or does anybody know anything about
> > it or what Trojan this might be?
>
> I haven't seen that exact banner before. My first guess would be its an
> FTP server.
>
> Brian
> --
> Brian Eckman
> Security Analyst
> OIT Security and Assurance
> University of Minnesota